Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/fchxS-6TpM4UUq3oQmrCnHWN_YE.roa
File: fchxS-6TpM4UUq3oQmrCnHWN_YE.roa (raw, json)
Hash identifier: FYZGeSPTYJ/GW2Xv4CsjjUtQ1zJd8AiZ1Exr5Re8JHU=
Subject key identifier: 7D:C8:71:4B:EE:93:A4:CE:14:52:AD:E8:42:6A:C2:9C:75:8D:FD:81
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018B683F417EBF07737D39AF56CD01335211
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/fchxS-6TpM4UUq3oQmrCnHWN_YE.roa
Signing time: Wed 25 Oct 2023 19:10:57 +0000
ROA not before: Wed 25 Oct 2023 19:10:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:68:3f:41:7e:bf:07:73:7d:39:af:56:cd:01:33:52:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 25 19:10:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7dc8714bee93a4ce1452ade8426ac29c758dfd81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:b2:cd:ab:e4:ae:cb:e1:3d:93:e1:65:2e:ba:
36:0c:da:ad:d5:d4:08:51:76:d9:53:43:3c:04:89:
1a:83:e3:20:7b:e0:dc:2e:db:ca:7c:c8:dc:2f:b7:
cc:c8:4a:57:1f:a0:b3:c7:2d:8b:30:9e:2c:a8:58:
74:75:b8:20:54:00:d2:65:43:9a:6f:6d:46:6e:8a:
32:fb:de:91:69:8e:37:f4:c9:0b:7a:73:b7:63:b9:
42:d6:d1:c1:8c:c5:84:78:52:6a:fb:69:81:f2:28:
0d:38:3f:62:f0:e2:5e:49:59:37:8c:3f:86:46:6b:
8b:1a:db:05:b7:5e:b5:6d:09:86:3a:8a:b1:11:9f:
28:52:9b:d8:42:db:2e:f8:10:33:79:43:62:66:ca:
39:85:69:f1:be:8e:4d:db:dd:af:17:17:3f:e9:d4:
eb:5b:54:d4:55:2d:a4:65:27:84:61:ed:69:1e:65:
43:60:33:7b:0a:a6:4d:67:1d:dd:37:b1:42:a5:94:
05:6b:77:f7:8a:86:67:40:06:83:63:c9:e3:87:77:
b2:cb:60:62:8f:f2:c5:03:49:1a:2b:db:68:a4:8f:
b9:0d:9a:d3:05:19:de:be:dc:e8:bb:07:a1:ef:16:
ab:74:e7:ed:e0:0b:da:eb:17:af:95:23:b0:9f:c9:
ef:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:C8:71:4B:EE:93:A4:CE:14:52:AD:E8:42:6A:C2:9C:75:8D:FD:81
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/fchxS-6TpM4UUq3oQmrCnHWN_YE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
ac:78:7d:8f:8f:64:f2:0d:87:c8:9b:27:62:1f:9a:ea:e9:2c:
83:d3:3a:88:71:99:5f:03:f5:98:bc:26:6f:3e:3f:40:f7:51:
4c:5e:bf:46:d8:83:dd:51:5b:76:b3:6a:27:20:8e:b0:e7:63:
78:ee:2b:70:db:ab:4a:e5:a5:d7:6a:4c:b4:65:55:72:01:e5:
d0:eb:4a:33:a3:13:9a:d7:a0:71:99:5b:b6:a7:b9:df:47:2e:
94:bc:d4:5b:b2:a0:00:74:72:a2:76:bd:34:84:67:c4:91:23:
29:c0:71:33:8d:ef:71:ed:fb:ea:9d:97:10:4c:df:cc:62:4b:
74:9e:ed:60:3a:ad:4d:1c:d6:64:aa:ab:fc:0f:1b:61:04:c9:
62:8e:6e:f0:eb:c0:d4:2a:4d:e1:2a:9e:8b:37:56:93:e1:92:
af:69:44:b5:8a:2f:e4:40:ff:70:a9:58:c8:d4:07:e7:0d:92:
af:04:f8:42:59:a1:7c:cc:30:1a:46:8e:af:19:8a:b4:f9:4d:
5f:99:f3:f0:b1:70:67:0f:16:ca:4e:1c:0c:d4:53:6d:9b:24:
b9:9f:33:e5:d0:9f:20:65:a4:b1:9b:e6:50:3c:c6:db:73:b4:
0c:ac:90:67:13:71:5c:a5:c5:bc:b7:e1:1f:84:13:72:37:f3:
90:92:46:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYtoP0F+vwdzfTmvVs0BM1IRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDI1MTkxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGM4NzE0YmVlOTNhNGNlMTQ1MmFkZTg0MjZhYzI5Yzc1OGRmZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbLNq+Suy+E9k+FlLro2DNqt1dQI
UXbZU0M8BIkag+Mge+DcLtvKfMjcL7fMyEpXH6Czxy2LMJ4sqFh0dbggVADSZUOa
b21Gbooy+96RaY439MkLenO3Y7lC1tHBjMWEeFJq+2mB8igNOD9i8OJeSVk3jD+G
RmuLGtsFt161bQmGOoqxEZ8oUpvYQtsu+BAzeUNiZso5hWnxvo5N292vFxc/6dTr
W1TUVS2kZSeEYe1pHmVDYDN7CqZNZx3dN7FCpZQFa3f3ioZnQAaDY8njh3eyy2Bi
j/LFA0kaK9topI+5DZrTBRnevtzouweh7xardOft4Ava6xevlSOwn8nv1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH3IcUvuk6TOFFKt6EJqwpx1jf2BMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvZmNoeFMtNlRwTTRVVXEzb1FtckNuSFdOX1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKx4fY+PZPINh8ibJ2If
murpLIPTOohxmV8D9Zi8Jm8+P0D3UUxev0bYg91RW3azaicgjrDnY3juK3Dbq0rl
pddqTLRlVXIB5dDrSjOjE5rXoHGZW7anud9HLpS81FuyoAB0cqJ2vTSEZ8SRIynA
cTON73Ht++qdlxBM38xiS3Se7WA6rU0c1mSqq/wPG2EEyWKObvDrwNQqTeEqnos3
VpPhkq9pRLWKL+RA/3CpWMjUB+cNkq8E+EJZoXzMMBpGjq8ZirT5TV+Z8/CxcGcP
FspOHAzUU22bJLmfM+XQnyBlpLGb5lA8xttztAyskGcTcVylxby34R+EE3I385CS
Rkk=
-----END CERTIFICATE-----
Generated at Mon May 12 23:06:07 2025 by rpki-client