Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/ZkO3NJMK3GLpwKlsk9F2Zob33nc.roa
File: ZkO3NJMK3GLpwKlsk9F2Zob33nc.roa (raw, json)
Hash identifier: ju3Vb+NkFCtkzGzzArvWS58OtlFjtpByDeCk/mcEx6Q=
Subject key identifier: 66:43:B7:34:93:0A:DC:62:E9:C0:A9:6C:93:D1:76:66:86:F7:DE:77
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C4133ACAE1149218A32FB99DEEFACC144
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/ZkO3NJMK3GLpwKlsk9F2Zob33nc.roa
Signing time: Wed 06 Dec 2023 22:15:54 +0000
ROA not before: Wed 06 Dec 2023 22:15:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:41:33:ac:ae:11:49:21:8a:32:fb:99:de:ef:ac:c1:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 6 22:15:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6643b734930adc62e9c0a96c93d1766686f7de77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:fa:01:33:c5:70:c0:d9:8a:d5:07:84:30:ae:
a0:da:55:7a:bf:01:11:e3:4a:53:22:14:46:ba:5f:
73:ad:9a:49:3f:73:7d:77:4b:94:28:51:23:5a:68:
33:32:d2:6b:7a:a7:24:f2:6b:78:82:64:09:9e:c2:
44:86:bf:1a:2c:8a:10:e2:84:2d:13:3f:8c:ce:68:
94:19:93:8b:fa:ad:6b:14:b2:a6:30:d3:7d:37:ea:
af:72:50:61:48:68:19:2a:46:b8:65:0b:ab:9c:f5:
76:55:04:5a:e8:e0:08:07:b3:97:49:66:4d:16:51:
74:6d:89:e1:4d:2f:19:a6:51:47:53:d5:9d:3f:3d:
d4:cf:75:73:3e:72:81:da:4f:2b:0b:26:d7:42:6d:
a7:45:da:01:c5:f5:08:b4:1a:99:f4:29:71:13:45:
e8:ab:ec:2a:a2:aa:75:96:15:03:0a:64:e8:c2:44:
12:72:21:77:b0:a9:d5:96:7f:26:3b:29:68:e6:a3:
15:6c:a7:9c:3e:27:35:7b:52:a9:a2:82:ef:0d:81:
4f:d7:ed:be:84:d5:60:f9:39:fb:88:4e:4e:dc:df:
3d:80:e6:a9:4f:be:88:fb:31:3c:d5:8a:ab:4f:48:
2f:15:c0:8d:c0:f0:f9:7b:2c:93:4f:e8:13:53:37:
89:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:43:B7:34:93:0A:DC:62:E9:C0:A9:6C:93:D1:76:66:86:F7:DE:77
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/ZkO3NJMK3GLpwKlsk9F2Zob33nc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
ad:15:5d:0a:10:70:52:20:59:45:54:ed:bf:a7:d2:9d:78:f3:
96:7a:52:cb:aa:35:55:5b:66:7f:6b:f2:f9:51:b3:91:e6:f6:
89:83:4b:15:19:87:0a:bc:d1:2f:2d:07:5e:41:37:05:17:e9:
14:e9:16:9a:c5:0d:b6:5c:1e:a3:32:29:0a:e3:e3:17:c8:68:
39:40:52:e7:a1:c9:b6:70:de:b9:14:3b:93:14:67:b4:f9:49:
e1:ac:a6:f5:1a:19:4d:f8:28:2c:cc:0d:08:11:1d:c6:cd:fe:
43:23:65:26:1c:dc:86:d5:c4:ec:f2:0f:1e:b3:78:ea:a4:7d:
71:5e:d4:71:ce:03:18:c6:54:39:79:90:71:07:4d:34:94:9c:
28:6c:4d:79:7b:96:1b:78:a8:67:4d:25:0c:09:d8:29:15:49:
09:dc:63:2c:98:e8:58:1a:96:12:03:95:04:09:26:ec:97:2e:
20:d2:4c:45:54:49:79:d4:b0:bd:99:e0:ff:4e:46:0e:4a:f9:
04:a1:fd:2c:f9:a9:d1:66:63:77:f1:cc:41:8e:19:54:86:9a:
7f:fc:24:e9:9b:7a:35:9e:97:31:ad:c1:e1:aa:f5:38:e0:12:
22:97:32:32:8f:6a:33:07:28:3e:3f:35:fc:d2:5e:dd:cb:36:
86:7d:ae:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxBM6yuEUkhijL7md7vrMFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjA2MjIxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQzYjczNDkzMGFkYzYyZTljMGE5NmM5M2QxNzY2Njg2ZjdkZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfoBM8VwwNmK1QeEMK6g2lV6vwER
40pTIhRGul9zrZpJP3N9d0uUKFEjWmgzMtJreqck8mt4gmQJnsJEhr8aLIoQ4oQt
Ez+MzmiUGZOL+q1rFLKmMNN9N+qvclBhSGgZKka4ZQurnPV2VQRa6OAIB7OXSWZN
FlF0bYnhTS8ZplFHU9WdPz3Uz3VzPnKB2k8rCybXQm2nRdoBxfUItBqZ9ClxE0Xo
q+wqoqp1lhUDCmTowkQSciF3sKnVln8mOylo5qMVbKecPic1e1KpooLvDYFP1+2+
hNVg+Tn7iE5O3N89gOapT76I+zE81YqrT0gvFcCNwPD5eyyTT+gTUzeJvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGZDtzSTCtxi6cCpbJPRdmaG9953MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvWmtPM05KTUszR0xwd0tsc2s5RjJab2IzM25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK0VXQoQcFIgWUVU7b+n
0p1485Z6UsuqNVVbZn9r8vlRs5Hm9omDSxUZhwq80S8tB15BNwUX6RTpFprFDbZc
HqMyKQrj4xfIaDlAUuehybZw3rkUO5MUZ7T5SeGspvUaGU34KCzMDQgRHcbN/kMj
ZSYc3IbVxOzyDx6zeOqkfXFe1HHOAxjGVDl5kHEHTTSUnChsTXl7lht4qGdNJQwJ
2CkVSQncYyyY6FgalhIDlQQJJuyXLiDSTEVUSXnUsL2Z4P9ORg5K+QSh/Sz5qdFm
Y3fxzEGOGVSGmn/8JOmbejWelzGtweGq9TjgEiKXMjKPajMHKD4/NfzSXt3LNoZ9
rqU=
-----END CERTIFICATE-----
Generated at Sat May 10 13:03:37 2025 by rpki-client