Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3aMDJGLFW1LdNCWyz_4QNrRYw3k.roa
File: 3aMDJGLFW1LdNCWyz_4QNrRYw3k.roa (raw, json)
Hash identifier: m/JDgpvjGD4w4DitQzTcNpyUtLqJE2AeX1bvoLw5itk=
Subject key identifier: DD:A3:03:24:62:C5:5B:52:DD:34:25:B2:CF:FE:10:36:B4:58:C3:79
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C1AF764E566B9BAC3C07D7E91E04AE187
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3aMDJGLFW1LdNCWyz_4QNrRYw3k.roa
Signing time: Wed 29 Nov 2023 12:04:29 +0000
ROA not before: Wed 29 Nov 2023 12:04:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18c:1af7:3314/128 maxlen: 128
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1a:f7:64:e5:66:b9:ba:c3:c0:7d:7e:91:e0:4a:e1:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 29 12:04:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dda3032462c55b52dd3425b2cffe1036b458c379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:33:69:34:6b:21:29:90:73:14:30:56:df:45:
67:3f:8b:05:34:04:6c:95:50:10:c1:fe:ef:cb:5e:
6a:f9:69:0c:c3:42:16:1d:c9:29:0e:f5:71:a8:30:
f1:5f:5e:de:07:a6:af:56:ba:a2:65:8b:76:eb:cb:
68:cd:72:0f:60:60:8e:75:82:ea:bd:b9:1e:3f:eb:
2b:f0:9c:42:18:1e:f0:25:5f:5f:89:f5:16:f6:14:
92:6f:29:27:19:b7:fa:a7:aa:6d:fa:49:3a:b3:6b:
e7:22:3d:52:41:23:d6:03:d4:04:24:b9:98:74:97:
c7:d5:61:40:bb:de:10:c5:96:c8:10:a8:ca:01:29:
ca:00:98:9e:9e:9e:68:94:11:e8:e2:af:8b:38:0d:
0a:95:77:fa:bd:71:28:ea:d8:71:c4:6a:eb:9d:e2:
b9:b8:4d:18:ae:b0:f7:a9:9c:6a:b6:2e:e6:2c:9d:
0d:37:4c:05:e9:e4:7d:50:85:09:cf:04:78:cf:30:
3e:0b:e9:1f:45:4a:d7:be:63:bb:74:6b:f2:dc:61:
ac:5f:d7:11:70:da:7c:0d:61:de:a0:a7:7e:fa:f5:
fe:88:3c:a5:97:ee:24:fc:3e:e8:bb:04:c4:ca:d6:
28:09:90:85:a9:ab:e9:9a:19:27:9c:cd:f3:a1:62:
0a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:A3:03:24:62:C5:5B:52:DD:34:25:B2:CF:FE:10:36:B4:58:C3:79
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3aMDJGLFW1LdNCWyz_4QNrRYw3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
b5:77:ea:37:99:2e:8e:24:96:1e:e5:80:8c:6c:5b:aa:b3:0a:
37:6a:68:06:4d:80:65:e6:d2:36:6e:ec:24:78:a7:4c:a3:9f:
70:ea:85:2a:dd:cd:17:b8:99:78:c7:69:5d:d3:e2:bb:7a:68:
84:30:77:78:5e:5d:94:f7:e8:43:5e:a5:88:2d:dd:5f:b4:2f:
41:0b:e8:86:27:0d:e6:f7:d1:a1:4e:9d:87:03:1d:e3:cb:59:
a3:15:84:c4:11:61:e6:62:3f:3a:9e:6f:d9:87:13:5c:2f:3d:
50:3c:a2:14:c5:49:46:6c:80:74:ef:83:13:8e:7e:0e:6c:0f:
18:da:b6:6b:f1:17:b9:ba:61:22:72:f0:82:f1:fc:c1:16:ef:
4e:87:ac:f1:c1:dc:42:0d:c8:a8:97:ad:5f:71:10:c8:32:31:
a7:76:d0:8a:39:d8:25:1c:c6:f8:62:c6:a8:2c:dc:52:a0:63:
32:40:4a:62:bf:45:80:19:78:b0:ed:f7:23:a6:7b:b0:65:64:
fd:b4:f7:f4:71:a8:c4:54:eb:05:3a:93:f3:ce:82:2e:27:8b:
b1:9b:7d:e0:07:19:e2:cf:e1:fb:0a:12:bf:e4:93:50:ae:ae:
74:b4:36:a2:fd:b3:c8:54:b6:32:a4:15:83:71:23:c2:2c:45:
b6:36:89:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwa92TlZrm6w8B9fpHgSuGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTI5MTIwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGEzMDMyNDYyYzU1YjUyZGQzNDI1YjJjZmZlMTAzNmI0NThjMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjNpNGshKZBzFDBW30VnP4sFNARs
lVAQwf7vy15q+WkMw0IWHckpDvVxqDDxX17eB6avVrqiZYt268tozXIPYGCOdYLq
vbkeP+sr8JxCGB7wJV9fifUW9hSSbyknGbf6p6pt+kk6s2vnIj1SQSPWA9QEJLmY
dJfH1WFAu94QxZbIEKjKASnKAJienp5olBHo4q+LOA0KlXf6vXEo6thxxGrrneK5
uE0YrrD3qZxqti7mLJ0NN0wF6eR9UIUJzwR4zzA+C+kfRUrXvmO7dGvy3GGsX9cR
cNp8DWHeoKd++vX+iDyll+4k/D7ouwTEytYoCZCFqavpmhknnM3zoWIKuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN2jAyRixVtS3TQlss/+EDa0WMN5MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvM2FNREpHTEZXMUxkTkNXeXpfNFFOclJZdzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALV36jeZLo4klh7lgIxs
W6qzCjdqaAZNgGXm0jZu7CR4p0yjn3DqhSrdzRe4mXjHaV3T4rt6aIQwd3heXZT3
6ENepYgt3V+0L0EL6IYnDeb30aFOnYcDHePLWaMVhMQRYeZiPzqeb9mHE1wvPVA8
ohTFSUZsgHTvgxOOfg5sDxjatmvxF7m6YSJy8ILx/MEW706HrPHB3EINyKiXrV9x
EMgyMad20Io52CUcxvhixqgs3FKgYzJASmK/RYAZeLDt9yOme7BlZP209/RxqMRU
6wU6k/POgi4ni7GbfeAHGeLP4fsKEr/kk1CurnS0NqL9s8hUtjKkFYNxI8IsRbY2
iR0=
-----END CERTIFICATE-----
Generated at Sat May 10 14:43:49 2025 by rpki-client