Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/IfkA8DYAcS9k1Ypfibup2NfE3KQ.roa
File: IfkA8DYAcS9k1Ypfibup2NfE3KQ.roa (raw, json)
Hash identifier: PoKTle1jGXDEd0Zfe+XA7DbogvxAcXRCKw4jbXg9Efk=
Subject key identifier: 21:F9:00:F0:36:00:71:2F:64:D5:8A:5F:89:BB:A9:D8:D7:C4:DC:A4
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A9F988F428B9BFB0580E3E03D907ACA94
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/IfkA8DYAcS9k1Ypfibup2NfE3KQ.roa
Signing time: Sat 16 Sep 2023 20:04:50 +0000
ROA not before: Sat 16 Sep 2023 20:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18a:9f98:3335/128 maxlen: 128
2001:67c:64:ffff:0:18a:837b:f9c7/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:9f:98:8f:42:8b:9b:fb:05:80:e3:e0:3d:90:7a:ca:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 16 20:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21f900f03600712f64d58a5f89bba9d8d7c4dca4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:ef:17:d5:40:02:53:c6:5f:41:fd:15:b5:a4:
9b:9a:4b:41:15:16:af:3b:06:83:e3:4d:78:10:ab:
a3:a7:ce:d4:58:70:58:c4:59:59:e7:4a:50:fa:a7:
24:59:6e:5e:1a:97:a9:89:1d:9a:97:2b:f4:f8:f5:
5b:55:f8:83:d7:cb:c2:b0:e3:bb:2a:db:f1:bf:7f:
47:86:4f:75:d4:d0:f1:0d:42:a5:d4:a7:69:fe:86:
5d:d6:01:6c:4a:21:0b:1d:b9:08:5a:0c:72:f4:14:
2a:60:b4:d7:63:f5:c0:b4:43:11:fb:a3:11:ac:12:
da:43:5c:42:5b:3f:c3:62:3b:01:e1:59:d8:5c:f9:
f7:67:cf:8d:fc:4b:b4:f7:e6:e8:97:2b:d3:39:b2:
fc:30:f4:ac:50:63:45:de:06:db:6a:f3:6c:24:51:
db:6e:7a:52:5a:85:5b:5f:6e:49:70:99:97:fb:3e:
14:4b:8e:14:5a:de:51:17:3f:f1:62:61:aa:10:24:
9d:3d:e0:f4:89:00:47:d6:df:43:4c:17:a0:42:24:
08:e8:7b:3e:68:6a:b8:4d:be:66:9b:95:93:ad:de:
06:87:f1:fd:ec:8d:ab:d8:ab:f9:41:da:49:44:55:
ad:20:1d:91:00:79:a9:bc:a9:d5:0a:58:6c:2e:95:
cf:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:F9:00:F0:36:00:71:2F:64:D5:8A:5F:89:BB:A9:D8:D7:C4:DC:A4
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/IfkA8DYAcS9k1Ypfibup2NfE3KQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
94:63:aa:44:7d:30:45:b7:98:96:16:fa:10:4f:c2:54:80:9f:
08:39:16:e3:ab:1d:61:75:af:1f:39:d7:5f:7d:be:b1:0b:5a:
29:d1:80:6c:ab:68:31:7d:79:a7:d4:ff:5d:2c:93:90:e5:e9:
34:8e:ac:e4:da:81:67:f9:3f:83:61:11:d6:37:fc:43:f8:77:
56:78:a5:40:cf:15:51:3e:24:98:bd:1a:f1:20:bc:22:8a:07:
54:52:c3:8d:5b:a2:a3:d2:62:1b:3e:18:af:eb:12:8b:10:9c:
d7:ba:53:ee:49:f9:28:43:e2:dd:d0:c7:9c:df:f7:29:bd:3b:
0b:9a:4f:ac:c6:23:ae:92:53:da:fc:45:73:c0:bf:b7:b4:77:
05:16:c9:be:07:25:c8:61:16:43:a3:f6:15:40:d2:48:46:5b:
5a:94:7a:8b:7f:be:3f:64:c0:42:be:cb:b1:52:45:e3:99:2c:
2f:a8:dc:2b:29:62:27:dc:fa:58:70:87:7a:38:cb:48:51:7e:
d4:f3:07:a2:ef:c9:b9:7b:95:32:a4:0b:b0:bf:a0:01:6c:8f:
a3:0b:f8:c6:ef:e5:ce:2f:fb:5d:5a:87:0e:37:c0:bc:3a:de:
83:d6:94:8e:33:52:01:23:27:ed:19:76:03:08:a9:dc:39:6a:
d0:e2:f5:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYqfmI9Ci5v7BYDj4D2QesqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTE2MjAwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWY5MDBmMDM2MDA3MTJmNjRkNThhNWY4OWJiYTlkOGQ3YzRkY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6u8X1UACU8ZfQf0VtaSbmktBFRav
OwaD4014EKujp87UWHBYxFlZ50pQ+qckWW5eGpepiR2alyv0+PVbVfiD18vCsOO7
Ktvxv39Hhk911NDxDUKl1Kdp/oZd1gFsSiELHbkIWgxy9BQqYLTXY/XAtEMR+6MR
rBLaQ1xCWz/DYjsB4VnYXPn3Z8+N/Eu09+bolyvTObL8MPSsUGNF3gbbavNsJFHb
bnpSWoVbX25JcJmX+z4US44UWt5RFz/xYmGqECSdPeD0iQBH1t9DTBegQiQI6Hs+
aGq4Tb5mm5WTrd4Gh/H97I2r2Kv5QdpJRFWtIB2RAHmpvKnVClhsLpXPKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCH5APA2AHEvZNWKX4m7qdjXxNykMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvSWZrQThEWUFjUzlrMVlwZmlidXAyTmZFM0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJRjqkR9MEW3mJYW+hBP
wlSAnwg5FuOrHWF1rx851199vrELWinRgGyraDF9eafU/10sk5Dl6TSOrOTagWf5
P4NhEdY3/EP4d1Z4pUDPFVE+JJi9GvEgvCKKB1RSw41boqPSYhs+GK/rEosQnNe6
U+5J+ShD4t3Qx5zf9ym9OwuaT6zGI66SU9r8RXPAv7e0dwUWyb4HJchhFkOj9hVA
0khGW1qUeot/vj9kwEK+y7FSReOZLC+o3CspYifc+lhwh3o4y0hRftTzB6Lvybl7
lTKkC7C/oAFsj6ML+Mbv5c4v+11ahw43wLw63oPWlI4zUgEjJ+0ZdgMIqdw5atDi
9ds=
-----END CERTIFICATE-----
Generated at Sun May 11 23:32:09 2025 by rpki-client