Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IdjoERYIcL-2Or1VVGlKKU9tRM0.roa
File: IdjoERYIcL-2Or1VVGlKKU9tRM0.roa (raw, json)
Hash identifier: ne/Ky9i59QxWaJqY4TNJ/Dq97Z18T8nEgZxzCscqmok=
Subject key identifier: 21:D8:E8:11:16:08:70:BF:B6:3A:BD:55:54:69:4A:29:4F:6D:44:CD
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C80769CEAC8D04AF7CAA6B8FD33813702
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IdjoERYIcL-2Or1VVGlKKU9tRM0.roa
Signing time: Tue 19 Dec 2023 05:05:06 +0000
ROA not before: Tue 19 Dec 2023 05:05:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18c:8076:162f/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:80:76:9c:ea:c8:d0:4a:f7:ca:a6:b8:fd:33:81:37:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 19 05:05:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21d8e811160870bfb63abd5554694a294f6d44cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:6c:f2:f7:49:1a:35:04:cf:e3:b3:d1:e9:86:
91:03:6e:50:c0:15:21:62:ba:0a:16:e1:f2:08:56:
fd:f7:4d:ef:88:f5:b9:e1:c9:92:5c:9e:4d:87:ec:
74:0c:9b:21:14:25:d1:85:a1:12:5e:13:a4:19:f3:
d4:d7:f4:31:36:2c:34:88:c3:c3:c7:de:71:3b:30:
3a:79:b4:62:d4:24:be:45:59:c0:c2:58:7f:da:db:
13:bc:9b:f7:22:34:da:49:2d:3c:5f:44:6f:16:1c:
1b:62:6d:3f:07:0b:09:1e:2a:34:d6:d9:4f:e1:09:
3b:79:00:30:96:2c:10:5f:52:ab:70:65:e8:0f:c4:
00:e6:bb:a7:62:27:d1:32:9a:56:77:b3:70:31:5f:
a0:54:00:de:4f:4a:28:ce:e7:13:69:1c:28:56:a9:
6b:77:e9:27:5d:06:f5:68:5d:15:2d:0d:bd:1b:93:
10:79:03:ad:5a:e4:52:f0:0c:e1:af:05:f9:33:54:
33:ed:aa:07:75:ef:d3:ca:94:e6:f9:01:1e:32:5b:
4a:3b:cc:d1:79:ab:e7:6d:4a:c9:40:a6:c0:14:78:
91:dc:ef:7a:cb:68:b0:27:7b:c2:35:a6:c8:27:b7:
5f:bc:61:76:93:09:1a:24:00:90:8d:48:3f:bb:aa:
e7:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:D8:E8:11:16:08:70:BF:B6:3A:BD:55:54:69:4A:29:4F:6D:44:CD
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IdjoERYIcL-2Or1VVGlKKU9tRM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
84:16:a1:89:f9:3c:23:ce:6a:5d:dd:56:d8:d6:da:4e:ed:4d:
74:d8:f2:8d:63:ce:c3:66:29:f4:d1:64:37:15:9d:7c:3c:27:
01:a9:2b:2d:c3:f4:05:66:2e:d5:5d:15:10:3f:cc:f9:dd:65:
4e:eb:a2:5c:bd:6e:e1:e5:86:a2:6a:74:50:15:71:11:47:6e:
7e:01:6a:54:9b:39:72:63:16:cc:ad:56:3f:47:bb:6b:b8:14:
b1:73:48:43:b1:1a:24:3b:e8:c2:22:82:29:36:6b:1c:4f:05:
1d:41:e4:77:30:f4:de:57:65:3f:3a:d6:40:31:1d:c7:11:7e:
9d:d3:32:4b:3b:ff:72:1b:d8:be:1c:98:21:de:cd:b8:af:34:
d5:a4:16:24:31:94:63:b4:97:83:8f:d3:b9:1f:c2:33:af:fd:
89:e9:39:fb:6e:d6:51:ab:f6:d5:46:12:c5:6d:b5:df:c8:58:
d3:ef:08:9e:c1:25:d4:18:27:39:fa:bd:3b:b9:55:39:2e:14:
79:34:2d:a0:8e:f7:29:5d:2a:bb:7c:f6:83:72:fd:53:4d:f4:
fb:1a:22:0f:60:a0:97:46:73:d0:80:01:f2:ec:74:d9:03:b8:
81:8d:89:2a:4d:f1:9f:9a:36:a1:65:8f:1d:49:a8:12:e2:5e:
b1:e9:a3:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYyAdpzqyNBK98qmuP0zgTcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjE5MDUwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQ4ZTgxMTE2MDg3MGJmYjYzYWJkNTU1NDY5NGEyOTRmNmQ0NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomzy90kaNQTP47PR6YaRA25QwBUh
YroKFuHyCFb9903viPW54cmSXJ5Nh+x0DJshFCXRhaESXhOkGfPU1/QxNiw0iMPD
x95xOzA6ebRi1CS+RVnAwlh/2tsTvJv3IjTaSS08X0RvFhwbYm0/BwsJHio01tlP
4Qk7eQAwliwQX1KrcGXoD8QA5runYifRMppWd7NwMV+gVADeT0oozucTaRwoVqlr
d+knXQb1aF0VLQ29G5MQeQOtWuRS8AzhrwX5M1Qz7aoHde/TypTm+QEeMltKO8zR
eavnbUrJQKbAFHiR3O96y2iwJ3vCNabIJ7dfvGF2kwkaJACQjUg/u6rnmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCHY6BEWCHC/tjq9VVRpSilPbUTNMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSWRqb0VSWUljTC0yT3IxVlZHbEtLVTl0Uk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIQWoYn5PCPOal3dVtjW
2k7tTXTY8o1jzsNmKfTRZDcVnXw8JwGpKy3D9AVmLtVdFRA/zPndZU7roly9buHl
hqJqdFAVcRFHbn4BalSbOXJjFsytVj9Hu2u4FLFzSEOxGiQ76MIigik2axxPBR1B
5Hcw9N5XZT861kAxHccRfp3TMks7/3Ib2L4cmCHezbivNNWkFiQxlGO0l4OP07kf
wjOv/YnpOftu1lGr9tVGEsVttd/IWNPvCJ7BJdQYJzn6vTu5VTkuFHk0LaCO9yld
Krt89oNy/VNN9PsaIg9goJdGc9CAAfLsdNkDuIGNiSpN8Z+aNqFljx1JqBLiXrHp
oxk=
-----END CERTIFICATE-----
Generated at Mon Jul 28 21:57:22 2025 by rpki-client