Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/85HRtlL1uxn-kiZfy6EiKeGFgQw.roa
File: 85HRtlL1uxn-kiZfy6EiKeGFgQw.roa (raw, json)
Hash identifier: nq77ARp9+MWuQvqLyuTh6Ub1fmpPclqXG5HF+tXpMCg=
Subject key identifier: F3:91:D1:B6:52:F5:BB:19:FE:92:26:5F:CB:A1:22:29:E1:85:81:0C
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C295F02C122DBF8EE2A0D1B7ED8C25627
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/85HRtlL1uxn-kiZfy6EiKeGFgQw.roa
Signing time: Sat 02 Dec 2023 07:12:21 +0000
ROA not before: Sat 02 Dec 2023 07:12:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:29:5f:02:c1:22:db:f8:ee:2a:0d:1b:7e:d8:c2:56:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 2 07:12:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f391d1b652f5bb19fe92265fcba12229e185810c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:4a:31:36:60:7c:27:42:9e:78:00:44:a6:c4:
1f:6f:45:6a:87:36:2c:a1:35:b2:68:6c:a4:d5:bc:
fe:7e:08:c4:16:83:a8:52:82:9b:aa:11:76:14:d2:
25:7e:96:ca:91:c0:37:48:02:80:e2:1d:ab:a9:94:
60:17:18:e0:95:2d:a8:3b:21:6d:9a:b6:87:e6:b4:
40:44:d5:f0:27:f3:fe:18:54:c3:fa:17:e5:c9:7f:
c9:92:61:33:10:27:ce:c1:21:65:d4:f2:70:4e:82:
29:fc:1f:e7:83:41:a5:83:79:80:6c:63:af:29:6c:
1e:7b:85:60:5f:9e:60:4f:8b:a5:ea:7f:67:dc:9c:
2d:70:b7:f7:09:3f:2c:4f:ea:a3:30:db:4d:28:45:
31:41:12:33:30:46:d9:e7:f8:fb:e6:a4:22:15:bb:
8e:7a:e7:3e:65:2f:a7:55:76:29:2a:2a:5c:ec:66:
76:9d:ff:23:72:3e:f1:e1:06:3a:56:fe:5e:2e:22:
9d:2a:12:75:8a:da:7b:fc:d9:f7:6e:2f:df:d3:bd:
d2:c1:ce:44:e9:1c:bf:91:4f:3c:59:cc:8a:cd:d7:
60:f8:34:8f:3e:ff:e2:1c:d1:5f:85:99:e0:65:e2:
69:54:bd:69:94:1b:59:e5:80:99:8d:dd:9b:b7:43:
c0:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:91:D1:B6:52:F5:BB:19:FE:92:26:5F:CB:A1:22:29:E1:85:81:0C
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/85HRtlL1uxn-kiZfy6EiKeGFgQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
a3:be:f0:f3:6f:b3:19:62:ee:3a:a2:75:7c:d3:b0:6f:44:ec:
be:a1:a0:17:02:b3:c0:78:6f:1a:8c:81:ac:86:1d:e2:13:17:
83:07:fb:00:7c:11:0c:71:74:43:84:48:12:0e:8e:22:72:52:
a9:1b:8b:10:b9:15:b0:a4:5e:b0:a1:70:25:48:ce:66:94:a3:
14:3a:c9:8d:30:92:84:01:79:7f:ee:83:8f:53:96:a5:46:c3:
71:81:13:d2:e8:32:cf:28:5f:da:78:67:d9:99:65:ca:2f:0c:
ab:71:3a:da:82:04:d0:59:cf:3c:1d:8d:10:5f:06:84:af:c4:
5b:da:8a:f1:dd:8f:95:0c:41:29:e4:16:6c:5d:b5:38:6c:98:
ea:11:5a:92:76:e6:4e:68:9d:60:04:74:50:38:0c:17:92:66:
a4:3d:d1:6d:37:c4:ea:9f:d6:ac:65:64:fa:a5:85:4a:da:9e:
2c:bd:2d:76:80:5b:02:e2:25:f9:75:0b:4d:5b:96:87:b7:97:
0a:35:4d:e2:46:58:52:69:25:23:d7:15:78:b5:a3:0d:c9:69:
fa:3a:a2:d0:66:f5:92:7d:55:1a:e0:0d:92:a9:5c:fe:2f:fe:
97:ba:c5:af:0c:c8:88:b7:89:97:9f:e7:9e:f0:d6:36:80:96:
04:f0:11:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwpXwLBItv47ioNG37YwlYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjAyMDcxMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzkxZDFiNjUyZjViYjE5ZmU5MjI2NWZjYmExMjIyOWUxODU4MTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkoxNmB8J0KeeABEpsQfb0VqhzYs
oTWyaGyk1bz+fgjEFoOoUoKbqhF2FNIlfpbKkcA3SAKA4h2rqZRgFxjglS2oOyFt
mraH5rRARNXwJ/P+GFTD+hflyX/JkmEzECfOwSFl1PJwToIp/B/ng0Glg3mAbGOv
KWwee4VgX55gT4ul6n9n3JwtcLf3CT8sT+qjMNtNKEUxQRIzMEbZ5/j75qQiFbuO
euc+ZS+nVXYpKipc7GZ2nf8jcj7x4QY6Vv5eLiKdKhJ1itp7/Nn3bi/f073Swc5E
6Ry/kU88WcyKzddg+DSPPv/iHNFfhZngZeJpVL1plBtZ5YCZjd2bt0PAKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPOR0bZS9bsZ/pImX8uhIinhhYEMMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvODVIUnRsTDF1eG4ta2laZnk2RWlLZUdGZ1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKO+8PNvsxli7jqidXzT
sG9E7L6hoBcCs8B4bxqMgayGHeITF4MH+wB8EQxxdEOESBIOjiJyUqkbixC5FbCk
XrChcCVIzmaUoxQ6yY0wkoQBeX/ug49TlqVGw3GBE9LoMs8oX9p4Z9mZZcovDKtx
OtqCBNBZzzwdjRBfBoSvxFvaivHdj5UMQSnkFmxdtThsmOoRWpJ25k5onWAEdFA4
DBeSZqQ90W03xOqf1qxlZPqlhUraniy9LXaAWwLiJfl1C01bloe3lwo1TeJGWFJp
JSPXFXi1ow3Jafo6otBm9ZJ9VRrgDZKpXP4v/pe6xa8MyIi3iZef557w1jaAlgTw
Ebk=
-----END CERTIFICATE-----
Generated at Sun May 11 23:02:50 2025 by rpki-client