Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3JuiAjWwdxpAHota3MsAAHOEnNI.roa
File: 3JuiAjWwdxpAHota3MsAAHOEnNI.roa (raw, json)
Hash identifier: G0QnW59YmAYXNvW3zmwMoeVpNlv1v2xNkpGRoo8FWrI=
Subject key identifier: DC:9B:A2:02:35:B0:77:1A:40:1E:8B:5A:DC:CB:00:00:73:84:9C:D2
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C232A18304F19334A9D5F0F5F972C24BE
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3JuiAjWwdxpAHota3MsAAHOEnNI.roa
Signing time: Fri 01 Dec 2023 02:16:50 +0000
ROA not before: Fri 01 Dec 2023 02:16:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:23:2a:18:30:4f:19:33:4a:9d:5f:0f:5f:97:2c:24:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 1 02:16:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dc9ba20235b0771a401e8b5adccb000073849cd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:e9:13:3a:cd:7c:e5:67:4f:4e:09:03:b9:d6:
fa:06:fb:9e:d9:94:af:b3:14:81:cc:53:f9:30:3a:
a1:d4:df:f0:9e:a8:b6:b5:27:e7:9a:81:86:db:82:
99:41:c4:7b:6f:65:5f:cb:92:7a:f3:9b:9b:aa:64:
91:50:a8:80:12:93:91:bf:c1:79:97:b8:3b:a2:d0:
0c:91:54:bd:12:1d:be:53:c4:aa:30:eb:fd:60:6a:
11:61:7b:c9:85:8b:93:93:7c:43:8b:44:25:d2:2c:
0c:3a:ad:f1:30:28:ca:47:a7:e6:c6:c8:75:76:cb:
fc:3a:3f:3c:2d:ec:8c:46:86:2e:6b:8b:52:ea:20:
9a:7a:ab:65:9b:04:0b:d3:8d:66:17:ce:76:c9:70:
4f:0e:91:db:71:67:a5:44:16:c8:a0:0b:4d:71:2d:
77:a3:8c:d3:02:32:db:a7:9f:fb:13:b6:26:e8:b4:
57:ae:03:69:04:57:0a:d4:eb:b1:01:85:87:28:2b:
91:9e:c1:fd:40:6c:8b:fe:16:53:59:1f:5f:e5:62:
1a:32:64:3f:e6:c5:72:26:f5:e2:5a:b1:d8:04:7e:
d1:4b:b2:43:8b:2c:32:b8:bc:bf:12:d7:4e:b5:d6:
f9:59:4f:18:af:5d:76:57:80:dd:c2:75:69:3a:ed:
df:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:9B:A2:02:35:B0:77:1A:40:1E:8B:5A:DC:CB:00:00:73:84:9C:D2
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3JuiAjWwdxpAHota3MsAAHOEnNI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
1a:eb:a4:25:26:75:6b:96:80:76:05:f0:11:e7:23:ec:fb:b1:
78:65:df:0f:7b:2c:b5:af:25:01:02:3d:2f:51:97:7b:d9:ca:
82:41:dd:d2:fc:35:a2:06:1c:f0:1e:a7:96:e3:e5:8c:6b:b6:
e7:1e:f1:cb:65:7c:5d:44:56:04:00:22:75:59:73:7b:a3:a4:
f3:35:1f:66:8e:04:33:97:85:ae:76:72:2d:d4:24:d3:63:21:
68:dd:df:0c:21:77:8d:99:b6:ad:9d:34:ed:6c:dd:53:67:0e:
d3:9a:eb:16:c5:d7:e3:0d:fc:40:2a:1c:60:db:4c:ff:66:3a:
0a:65:e7:04:3d:d8:2f:c1:ea:5c:e0:7a:f6:19:ba:0d:7a:b3:
dc:5b:12:20:50:cf:3f:e7:6c:9f:3d:e3:9d:6d:d3:72:ae:2b:
22:05:ee:41:70:00:5b:94:7c:f3:5e:dd:b9:08:53:1d:1a:d1:
5e:ae:9b:cf:b8:47:93:32:b2:b3:46:9c:d4:ca:5e:97:69:40:
8d:c9:28:e7:18:2b:d3:1c:b0:7a:7e:34:4c:df:6a:22:b6:dc:
46:9c:aa:53:8d:2e:c0:04:fe:b3:63:84:cf:c0:b7:ec:4c:1d:
cd:a4:30:2d:50:39:27:ed:18:8b:b2:1d:2b:d4:2e:8e:d9:11:
93:11:19:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwjKhgwTxkzSp1fD1+XLCS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjAxMDIxNjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzliYTIwMjM1YjA3NzFhNDAxZThiNWFkY2NiMDAwMDczODQ5Y2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+kTOs185WdPTgkDudb6Bvue2ZSv
sxSBzFP5MDqh1N/wnqi2tSfnmoGG24KZQcR7b2Vfy5J685ubqmSRUKiAEpORv8F5
l7g7otAMkVS9Eh2+U8SqMOv9YGoRYXvJhYuTk3xDi0Ql0iwMOq3xMCjKR6fmxsh1
dsv8Oj88LeyMRoYua4tS6iCaeqtlmwQL041mF852yXBPDpHbcWelRBbIoAtNcS13
o4zTAjLbp5/7E7Ym6LRXrgNpBFcK1OuxAYWHKCuRnsH9QGyL/hZTWR9f5WIaMmQ/
5sVyJvXiWrHYBH7RS7JDiywyuLy/EtdOtdb5WU8Yr112V4DdwnVpOu3f9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNybogI1sHcaQB6LWtzLAABzhJzSMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvM0p1aUFqV3dkeHBBSG90YTNNc0FBSE9Fbk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABrrpCUmdWuWgHYF8BHn
I+z7sXhl3w97LLWvJQECPS9Rl3vZyoJB3dL8NaIGHPAep5bj5Yxrtuce8ctlfF1E
VgQAInVZc3ujpPM1H2aOBDOXha52ci3UJNNjIWjd3wwhd42Ztq2dNO1s3VNnDtOa
6xbF1+MN/EAqHGDbTP9mOgpl5wQ92C/B6lzgevYZug16s9xbEiBQzz/nbJ89451t
03KuKyIF7kFwAFuUfPNe3bkIUx0a0V6um8+4R5MysrNGnNTKXpdpQI3JKOcYK9Mc
sHp+NEzfaiK23EacqlONLsAE/rNjhM/At+xMHc2kMC1QOSftGIuyHSvULo7ZEZMR
GRA=
-----END CERTIFICATE-----
Generated at Sat May 10 13:35:53 2025 by rpki-client