Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HegT9BkyXyNTMFkcwkh86OV3aTg.roa
File: HegT9BkyXyNTMFkcwkh86OV3aTg.roa (raw, json)
Hash identifier: NCrZrLbCP1VdHj0K/uxqvIARHEMUFZgs+jHeEN0eOgQ=
Subject key identifier: 1D:E8:13:F4:19:32:5F:23:53:30:59:1C:C2:48:7C:E8:E5:77:69:38
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018B98BD80946BC8E6BDBA4EE62E30553696
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HegT9BkyXyNTMFkcwkh86OV3aTg.roa
Signing time: Sat 04 Nov 2023 05:10:37 +0000
ROA not before: Sat 04 Nov 2023 05:10:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:98b8:cecd/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:98:bd:80:94:6b:c8:e6:bd:ba:4e:e6:2e:30:55:36:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 4 05:10:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1de813f419325f235330591cc2487ce8e5776938
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:af:b8:48:62:15:d5:4d:86:a3:bf:c8:17:e2:
5e:9f:b4:ad:04:ce:15:a6:7a:81:f1:ba:a4:da:27:
f9:9c:62:99:29:8d:7b:7f:52:d1:d8:16:1b:c9:6e:
18:23:e9:b5:c2:82:b0:5a:ca:8b:b7:da:e7:a1:66:
67:52:b3:68:a6:e1:a1:95:a4:a2:8b:07:5d:f5:10:
b6:8c:4f:f7:64:57:9f:ca:67:34:5a:47:b6:7b:30:
60:2e:f4:46:e1:66:07:82:29:48:5d:51:ed:e4:da:
24:87:31:f0:ea:96:e5:10:1c:de:e2:a7:ae:27:ec:
97:ac:1f:7b:a7:62:a1:8b:62:53:b4:55:83:f7:e3:
42:fc:c7:e5:b4:02:a0:d3:b8:72:c6:10:f2:f8:eb:
bc:39:d0:1d:c4:48:5a:9a:7c:da:d9:4d:46:2a:d5:
ee:83:fa:c3:37:32:3c:c9:0f:c4:a5:f5:18:63:84:
48:63:ed:b0:6b:95:e0:23:de:b7:60:24:54:d3:22:
4a:f6:45:26:25:c8:d7:a1:23:61:66:54:e3:28:f3:
d6:b2:98:49:43:77:70:ca:50:fd:5a:76:d9:d5:fb:
1f:77:f1:37:2f:4b:8d:d1:1a:fa:4f:f3:98:d3:67:
1c:b6:ba:4e:b5:f0:14:93:15:c1:c4:f9:28:96:64:
cf:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:E8:13:F4:19:32:5F:23:53:30:59:1C:C2:48:7C:E8:E5:77:69:38
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HegT9BkyXyNTMFkcwkh86OV3aTg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
c9:2f:a1:4d:a0:29:1b:6f:83:37:56:19:82:fb:91:d7:a9:dd:
e6:f6:79:95:20:8e:ec:17:48:88:2e:0b:fa:b8:36:92:09:ed:
8f:5c:f9:b2:56:d0:0b:05:c4:43:fb:b1:a7:32:a2:64:6f:ab:
d6:19:e7:57:cb:b9:66:68:cf:d0:9c:03:6b:d6:bc:cb:cd:63:
a8:34:f7:6b:f4:13:05:3a:e4:a8:48:38:d5:b0:09:cc:00:f6:
7b:99:8e:61:35:33:d5:4c:34:8a:f7:20:aa:9e:be:50:bf:02:
fa:f5:1e:ce:7c:1a:92:d0:8f:22:ae:9f:e2:9d:51:13:60:7c:
80:e7:03:f8:07:57:4f:61:1d:fc:4b:44:b4:0c:41:ac:ac:04:
a3:bc:c4:29:22:c3:18:ab:a7:ea:ee:2d:d5:18:5b:e5:ad:d3:
41:b9:59:6d:85:47:3b:07:cf:19:73:47:7c:55:84:56:ab:0f:
73:cc:70:7c:81:81:df:bc:85:bc:52:83:d1:56:42:cd:df:f9:
fa:4e:56:6c:fc:12:13:3d:76:c5:62:fc:42:9f:79:9c:77:fc:
24:45:51:87:3b:c5:f1:5c:bc:d0:ac:98:05:d0:f0:20:1c:87:
4b:89:5a:ad:20:26:ba:ef:92:61:19:b6:55:3d:96:7f:56:15:
04:e1:10:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYuYvYCUa8jmvbpO5i4wVTaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTA0MDUxMDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU4MTNmNDE5MzI1ZjIzNTMzMDU5MWNjMjQ4N2NlOGU1Nzc2OTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq+4SGIV1U2Go7/IF+Jen7StBM4V
pnqB8bqk2if5nGKZKY17f1LR2BYbyW4YI+m1woKwWsqLt9rnoWZnUrNopuGhlaSi
iwdd9RC2jE/3ZFefymc0Wke2ezBgLvRG4WYHgilIXVHt5NokhzHw6pblEBze4qeu
J+yXrB97p2Khi2JTtFWD9+NC/MfltAKg07hyxhDy+Ou8OdAdxEhamnza2U1GKtXu
g/rDNzI8yQ/EpfUYY4RIY+2wa5XgI963YCRU0yJK9kUmJcjXoSNhZlTjKPPWsphJ
Q3dwylD9WnbZ1fsfd/E3L0uN0Rr6T/OY02cctrpOtfAUkxXBxPkolmTPgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB3oE/QZMl8jUzBZHMJIfOjld2k4MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSGVnVDlCa3lYeU5UTUZrY3draDg2T1YzYVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAMkvoU2gKRtvgzdWGYL7
kdep3eb2eZUgjuwXSIguC/q4NpIJ7Y9c+bJW0AsFxEP7sacyomRvq9YZ51fLuWZo
z9CcA2vWvMvNY6g092v0EwU65KhIONWwCcwA9nuZjmE1M9VMNIr3IKqevlC/Avr1
Hs58GpLQjyKun+KdURNgfIDnA/gHV09hHfxLRLQMQaysBKO8xCkiwxirp+ruLdUY
W+Wt00G5WW2FRzsHzxlzR3xVhFarD3PMcHyBgd+8hbxSg9FWQs3f+fpOVmz8EhM9
dsVi/EKfeZx3/CRFUYc7xfFcvNCsmAXQ8CAch0uJWq0gJrrvkmEZtlU9ln9WFQTh
EFQ=
-----END CERTIFICATE-----
Generated at Mon Jul 28 22:07:46 2025 by rpki-client