Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/BKLa5HCX1GqT6FfaRrdRNErmUsU.roa
File: BKLa5HCX1GqT6FfaRrdRNErmUsU.roa (raw, json)
Hash identifier: OY12PQ7NZUwW//XhVpdaXj/oEdgZIc09ouMpVb/6BCA=
Subject key identifier: 04:A2:DA:E4:70:97:D4:6A:93:E8:57:DA:46:B7:51:34:4A:E6:52:C5
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BAB34FAB4337C66EF9FF4C2CC537E2666
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/BKLa5HCX1GqT6FfaRrdRNErmUsU.roa
Signing time: Tue 07 Nov 2023 19:14:17 +0000
ROA not before: Tue 07 Nov 2023 19:14:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ab:34:fa:b4:33:7c:66:ef:9f:f4:c2:cc:53:7e:26:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 7 19:14:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=04a2dae47097d46a93e857da46b751344ae652c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:ea:ef:00:d1:ba:1b:62:cf:f3:7c:6f:07:74:
5e:27:3f:2d:a2:fc:86:45:cd:fe:5a:13:bd:49:15:
94:dc:a8:54:79:be:e7:21:75:d5:c3:1d:51:ba:df:
dc:3f:21:87:32:b2:4b:2f:f4:f4:51:f8:60:92:c5:
84:9c:e4:fd:d2:3d:1c:a9:33:ef:c7:48:d2:26:07:
7c:91:b7:05:cf:3a:31:0f:5d:65:35:52:7e:25:a5:
e1:7d:c4:66:64:3a:81:68:f1:4a:dd:fb:59:40:7f:
de:db:f9:91:a3:3c:a5:44:fb:3a:8e:5d:9b:bf:81:
67:df:71:c7:aa:8d:79:cc:ed:2e:5c:f9:39:ba:38:
0e:d6:04:ca:59:9a:0e:96:54:d4:96:5d:26:9e:6e:
0d:2c:a2:bd:c7:41:43:d5:d1:0a:8c:86:87:31:e9:
3a:58:f1:d6:9d:4f:17:07:cb:d0:b1:61:2d:30:e8:
16:1c:06:d8:64:1a:ba:29:77:e0:a2:b6:48:58:25:
88:dc:ad:50:8d:98:3f:0b:49:5d:55:f0:7f:29:6c:
af:d7:34:8e:66:07:46:4e:8e:9c:c7:d3:87:dd:bb:
ad:35:34:7b:e7:8c:0b:8b:9d:91:ca:de:d1:6c:45:
e4:76:f3:cc:32:d3:a5:5a:d6:6b:21:52:b2:73:2d:
a0:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A2:DA:E4:70:97:D4:6A:93:E8:57:DA:46:B7:51:34:4A:E6:52:C5
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/BKLa5HCX1GqT6FfaRrdRNErmUsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
1b:43:71:d1:89:7f:e8:ad:d7:1f:bb:d9:74:1b:48:65:db:44:
4e:c1:0e:74:49:89:19:20:52:04:6a:2e:6c:a3:bc:ba:80:ca:
a5:5b:88:40:c0:dd:44:33:3c:15:51:5b:e4:74:7c:05:4d:38:
9c:40:92:33:83:13:39:0d:04:6e:a5:98:63:0b:5b:98:72:67:
33:72:72:01:c6:da:56:31:f1:d8:c7:67:0c:33:cd:fb:38:5c:
0e:11:84:b9:71:9c:a6:dd:0f:2b:2b:50:36:41:cb:de:02:d8:
c1:c6:7b:22:40:79:9a:a5:b2:a1:bd:63:ef:28:3b:9f:11:fa:
19:3e:65:b9:bc:36:ad:5d:f6:ae:48:89:e1:63:42:ab:e1:00:
f0:4e:0f:25:dd:db:c8:5e:f4:63:32:3b:ce:2e:e0:49:48:f0:
51:9f:d1:95:d6:9b:39:07:aa:01:6f:b3:ac:8d:44:5c:8e:87:
ee:90:21:7c:11:f7:9b:c8:b4:49:1e:a8:96:5e:ff:e4:1b:8f:
a9:f0:01:68:18:06:bd:e8:07:1b:22:05:34:46:da:27:53:a2:
2f:4b:a9:0d:ca:43:39:53:c6:74:38:73:59:81:aa:5d:f3:b5:
91:5b:4c:06:05:31:76:50:24:db:4f:69:f9:44:7d:92:d4:a1:
bd:93:7d:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYurNPq0M3xm75/0wsxTfiZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTA3MTkxNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGEyZGFlNDcwOTdkNDZhOTNlODU3ZGE0NmI3NTEzNDRhZTY1MmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOrvANG6G2LP83xvB3ReJz8tovyG
Rc3+WhO9SRWU3KhUeb7nIXXVwx1Rut/cPyGHMrJLL/T0UfhgksWEnOT90j0cqTPv
x0jSJgd8kbcFzzoxD11lNVJ+JaXhfcRmZDqBaPFK3ftZQH/e2/mRozylRPs6jl2b
v4Fn33HHqo15zO0uXPk5ujgO1gTKWZoOllTUll0mnm4NLKK9x0FD1dEKjIaHMek6
WPHWnU8XB8vQsWEtMOgWHAbYZBq6KXfgorZIWCWI3K1QjZg/C0ldVfB/KWyv1zSO
ZgdGTo6cx9OH3butNTR754wLi52Ryt7RbEXkdvPMMtOlWtZrIVKycy2g/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFASi2uRwl9Rqk+hX2ka3UTRK5lLFMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvQktMYTVIQ1gxR3FUNkZmYVJyZFJORXJtVXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABtDcdGJf+it1x+72XQb
SGXbRE7BDnRJiRkgUgRqLmyjvLqAyqVbiEDA3UQzPBVRW+R0fAVNOJxAkjODEzkN
BG6lmGMLW5hyZzNycgHG2lYx8djHZwwzzfs4XA4RhLlxnKbdDysrUDZBy94C2MHG
eyJAeZqlsqG9Y+8oO58R+hk+Zbm8Nq1d9q5IieFjQqvhAPBODyXd28he9GMyO84u
4ElI8FGf0ZXWmzkHqgFvs6yNRFyOh+6QIXwR95vItEkeqJZe/+Qbj6nwAWgYBr3o
BxsiBTRG2idToi9LqQ3KQzlTxnQ4c1mBql3ztZFbTAYFMXZQJNtPaflEfZLUob2T
fSA=
-----END CERTIFICATE-----
Generated at Sun May 11 10:54:40 2025 by rpki-client