Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/cehA8a4e1e-Urmj0b1hqmimvyVM.roa
File: cehA8a4e1e-Urmj0b1hqmimvyVM.roa (raw, json)
Hash identifier: klMulrI4SWrcUNEFUySf3Eia3UXJoX0ezyh5RlRfJDI=
Subject key identifier: 71:E8:40:F1:AE:1E:D5:EF:94:AE:68:F4:6F:58:6A:9A:29:AF:C9:53
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C683756A180DC483029784270E0431A07
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/cehA8a4e1e-Urmj0b1hqmimvyVM.roa
Signing time: Thu 14 Dec 2023 12:05:06 +0000
ROA not before: Thu 14 Dec 2023 12:05:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18c:6836:e7c3/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:68:37:56:a1:80:dc:48:30:29:78:42:70:e0:43:1a:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 14 12:05:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=71e840f1ae1ed5ef94ae68f46f586a9a29afc953
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:40:2b:e5:ed:72:ec:0f:44:25:df:42:b8:91:
5a:16:97:18:50:54:a5:f4:b7:7a:d4:3c:f9:27:67:
d4:57:ec:75:cd:d2:14:73:7c:d1:55:fb:ad:92:be:
9b:52:d6:b2:ea:d0:0a:cd:9b:2d:b2:99:65:62:41:
71:64:38:fa:b7:44:2d:ce:4b:9b:42:fa:77:cb:74:
14:49:96:3b:0d:d7:d2:aa:38:44:06:2f:4b:d4:4f:
f5:a2:3a:e5:a6:25:b4:cc:af:6e:17:25:33:57:35:
0e:4d:84:c6:84:40:02:3a:38:f4:5f:88:5e:39:e5:
4f:f0:8f:4e:e4:51:b8:84:7e:15:be:02:67:dc:32:
0c:05:b2:47:aa:ff:d8:e6:ad:9c:f5:38:32:85:91:
9d:57:78:28:03:20:80:af:81:dd:b6:47:53:6f:9d:
ea:c1:56:7c:e7:81:c1:ef:b7:e2:3f:d8:8b:4d:62:
b8:ac:69:9b:56:7a:32:f7:b1:6e:5b:65:29:0a:9d:
4f:47:f5:79:4d:2f:13:69:40:49:2b:08:7d:20:f3:
34:32:11:68:41:a8:95:d5:bc:7c:f3:5b:a1:47:3c:
86:78:bb:28:ce:7a:f0:0b:bd:d1:6f:f1:45:ff:ce:
ae:48:2f:40:19:f4:d8:08:67:49:66:59:49:a5:ec:
f7:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:E8:40:F1:AE:1E:D5:EF:94:AE:68:F4:6F:58:6A:9A:29:AF:C9:53
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/cehA8a4e1e-Urmj0b1hqmimvyVM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
7d:84:c4:25:0a:f5:9e:9f:6b:f4:8a:4f:89:96:5b:61:41:be:
3d:40:27:fc:b4:bf:2f:f8:bb:29:94:d8:9f:3f:5c:5b:50:05:
93:25:74:63:22:28:76:41:9c:bb:73:77:65:29:b4:6d:85:37:
c1:ac:35:e7:68:c7:69:2b:8a:bc:dd:80:56:0b:81:90:c4:ef:
41:c6:11:f1:96:8b:8f:c5:a2:61:96:ba:c4:5b:2d:20:b7:40:
b7:a7:02:a1:d5:6d:4c:ea:24:cc:5b:95:ed:1c:1d:c3:b5:08:
97:84:76:8a:fd:47:72:2b:45:20:a5:c2:fb:07:c8:87:d1:8e:
bc:1f:e0:c0:0b:9a:74:f0:26:1b:74:11:0a:02:4f:b6:11:9a:
e0:86:14:42:76:b0:1b:15:65:2d:48:49:d5:b8:91:92:35:cb:
d1:46:e5:a3:7c:1d:d2:2e:e2:3c:eb:49:58:da:65:77:8a:c9:
51:79:c1:42:7b:10:ee:13:43:86:56:cb:7e:9a:a6:03:7d:81:
b3:72:e0:b6:0a:d7:cd:6a:e4:85:3f:c7:97:73:6a:a6:7e:b8:
10:91:c0:c3:72:61:47:59:9b:e3:fa:3c:3b:5c:f8:cd:47:dd:
6e:a8:32:a7:3d:37:7c:e1:2b:9b:d1:d4:cc:a3:a2:10:0f:c7:
55:8c:1e:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxoN1ahgNxIMCl4QnDgQxoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjE0MTIwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU4NDBmMWFlMWVkNWVmOTRhZTY4ZjQ2ZjU4NmE5YTI5YWZjOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUAr5e1y7A9EJd9CuJFaFpcYUFSl
9Ld61Dz5J2fUV+x1zdIUc3zRVfutkr6bUtay6tAKzZstspllYkFxZDj6t0Qtzkub
Qvp3y3QUSZY7DdfSqjhEBi9L1E/1ojrlpiW0zK9uFyUzVzUOTYTGhEACOjj0X4he
OeVP8I9O5FG4hH4VvgJn3DIMBbJHqv/Y5q2c9TgyhZGdV3goAyCAr4HdtkdTb53q
wVZ854HB77fiP9iLTWK4rGmbVnoy97FuW2UpCp1PR/V5TS8TaUBJKwh9IPM0MhFo
QaiV1bx881uhRzyGeLsoznrwC73Rb/FF/86uSC9AGfTYCGdJZllJpez3nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHHoQPGuHtXvlK5o9G9Yapopr8lTMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvY2VoQThhNGUxZS1Vcm1qMGIxaHFtaW12eVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH2ExCUK9Z6fa/SKT4mW
W2FBvj1AJ/y0vy/4uymU2J8/XFtQBZMldGMiKHZBnLtzd2UptG2FN8GsNedox2kr
irzdgFYLgZDE70HGEfGWi4/FomGWusRbLSC3QLenAqHVbUzqJMxble0cHcO1CJeE
dor9R3IrRSClwvsHyIfRjrwf4MALmnTwJht0EQoCT7YRmuCGFEJ2sBsVZS1ISdW4
kZI1y9FG5aN8HdIu4jzrSVjaZXeKyVF5wUJ7EO4TQ4ZWy36apgN9gbNy4LYK181q
5IU/x5dzaqZ+uBCRwMNyYUdZm+P6PDtc+M1H3W6oMqc9N3zhK5vR1MyjohAPx1WM
HiA=
-----END CERTIFICATE-----
Generated at Sat May 10 11:03:48 2025 by rpki-client