Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/43mOK7BhPNdh9avcDPJXAnFrTbY.roa
File: 43mOK7BhPNdh9avcDPJXAnFrTbY.roa (raw, json)
Hash identifier: JswVINh6+Dx9hrLTebLMa0soW6lNBJERS5Ca0YQpHbQ=
Subject key identifier: E3:79:8E:2B:B0:61:3C:D7:61:F5:AB:DC:0C:F2:57:02:71:6B:4D:B6
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C21D5FE3E86F0B8F0903FB9ACF5ABCE8B
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/43mOK7BhPNdh9avcDPJXAnFrTbY.roa
Signing time: Thu 30 Nov 2023 20:05:21 +0000
ROA not before: Thu 30 Nov 2023 20:05:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
2001:67c:64:ffff:0:18c:21d5:49ec/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:21:d5:fe:3e:86:f0:b8:f0:90:3f:b9:ac:f5:ab:ce:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 30 20:05:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e3798e2bb0613cd761f5abdc0cf25702716b4db6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:89:38:ff:3e:e7:9c:3b:9d:15:28:7b:2f:78:
d6:47:d1:c3:2b:1f:f2:e9:99:04:ec:11:31:96:7d:
b6:f4:4c:f9:74:d6:d3:7f:36:7c:ea:f2:97:c1:7e:
4c:69:cd:20:3f:f2:0b:7f:ec:a2:dc:ae:88:df:fa:
8f:ab:08:91:77:9c:a0:a3:e7:de:e9:9f:e0:37:6e:
50:8d:41:17:04:e6:f1:92:a4:d7:4c:bf:82:8f:df:
34:1d:82:09:44:dd:85:1b:e7:50:ad:97:6d:82:2b:
b9:8d:9b:fc:f4:f7:b5:8e:d3:61:a4:cc:0e:b8:14:
01:e7:a0:0b:47:e5:b3:7b:e1:5a:63:94:8d:5d:6d:
11:0e:51:73:ea:1a:0e:ef:a0:a9:e2:d6:18:1d:d1:
a9:c5:91:1a:70:ab:ab:49:19:fb:05:8a:89:64:6a:
95:5e:45:8f:50:a4:64:7f:75:34:67:0d:c7:b5:4c:
cc:82:89:40:92:b5:36:9b:fd:32:c6:fd:e9:4a:26:
af:66:d0:ac:66:58:92:8c:d1:e3:ad:54:4b:8e:82:
7c:b9:d6:bb:52:62:70:d9:31:16:93:03:2a:88:6e:
a3:51:54:9d:f1:9a:e0:39:d0:e5:59:ab:a8:b3:7a:
b9:e4:6c:93:58:0d:14:5b:13:78:e4:69:a0:17:42:
ee:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:79:8E:2B:B0:61:3C:D7:61:F5:AB:DC:0C:F2:57:02:71:6B:4D:B6
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/43mOK7BhPNdh9avcDPJXAnFrTbY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
4f:1b:d0:6c:d5:e2:1d:3e:51:ca:28:4d:6e:35:17:c0:8d:89:
79:02:89:c3:35:37:01:2b:ac:f9:fd:cb:06:46:47:fd:26:3c:
67:b5:4c:35:c4:6c:9c:a1:90:01:05:ec:d9:05:0d:d4:2b:0b:
e8:44:1e:42:82:37:2c:51:80:a5:0f:fb:9f:4f:97:56:02:55:
02:a0:b0:da:b1:46:5b:77:da:6a:e2:d5:d3:b1:1c:8a:1a:57:
c1:a7:44:16:38:5c:05:0b:89:89:60:33:ca:2b:1b:3a:3a:85:
e2:d5:06:65:77:68:4c:ed:fb:7e:72:ea:46:27:46:e1:c7:90:
57:1f:a6:06:ea:02:0b:ba:ff:68:a8:0a:4d:34:c2:b0:85:e9:
16:83:ee:90:92:21:75:ef:25:3c:5b:e8:96:f2:13:c4:b4:b8:
f1:8c:9f:2d:4c:67:5c:d9:e2:80:0a:10:5e:99:2a:cc:ff:f2:
d0:f2:38:d3:60:9c:c4:17:50:ab:d3:10:ec:dd:23:c3:a8:84:
c3:e4:79:00:90:14:b8:68:1a:6c:64:8d:ac:f1:5d:71:6f:40:
a9:65:77:20:96:a8:ca:60:7e:f8:75:88:19:6b:d6:03:33:38:
68:39:a8:c2:6e:26:77:2e:ee:d0:b1:11:bc:8f:fa:9f:2e:b0:
a5:fe:62:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwh1f4+hvC48JA/uaz1q86LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTMwMjAwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc5OGUyYmIwNjEzY2Q3NjFmNWFiZGMwY2YyNTcwMjcxNmI0ZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ok4/z7nnDudFSh7L3jWR9HDKx/y
6ZkE7BExln229Ez5dNbTfzZ86vKXwX5Mac0gP/ILf+yi3K6I3/qPqwiRd5ygo+fe
6Z/gN25QjUEXBObxkqTXTL+Cj980HYIJRN2FG+dQrZdtgiu5jZv89Pe1jtNhpMwO
uBQB56ALR+Wze+FaY5SNXW0RDlFz6hoO76Cp4tYYHdGpxZEacKurSRn7BYqJZGqV
XkWPUKRkf3U0Zw3HtUzMgolAkrU2m/0yxv3pSiavZtCsZliSjNHjrVRLjoJ8uda7
UmJw2TEWkwMqiG6jUVSd8ZrgOdDlWauos3q55GyTWA0UWxN45GmgF0LuhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFON5jiuwYTzXYfWr3AzyVwJxa022MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvNDNtT0s3QmhQTmRoOWF2Y0RQSlhBbkZyVGJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE8b0GzV4h0+UcooTW41
F8CNiXkCicM1NwErrPn9ywZGR/0mPGe1TDXEbJyhkAEF7NkFDdQrC+hEHkKCNyxR
gKUP+59Pl1YCVQKgsNqxRlt32mri1dOxHIoaV8GnRBY4XAULiYlgM8orGzo6heLV
BmV3aEzt+35y6kYnRuHHkFcfpgbqAgu6/2ioCk00wrCF6RaD7pCSIXXvJTxb6Jby
E8S0uPGMny1MZ1zZ4oAKEF6ZKsz/8tDyONNgnMQXUKvTEOzdI8OohMPkeQCQFLho
GmxkjazxXXFvQKlldyCWqMpgfvh1iBlr1gMzOGg5qMJuJncu7tCxEbyP+p8usKX+
Yhs=
-----END CERTIFICATE-----
Generated at Mon May 12 16:56:25 2025 by rpki-client