Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KmLMdDxvg_gxCRhsH_tGSkVqidk.roa
File: KmLMdDxvg_gxCRhsH_tGSkVqidk.roa (raw, json)
Hash identifier: yygNsLl9251uWy9uQDPn/sQumXx7iJHLalrQfsUj2X4=
Subject key identifier: 2A:62:CC:74:3C:6F:83:F8:31:09:18:6C:1F:FB:46:4A:45:6A:89:D9
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C3B5E742AAF572CDE980ADD336B3F19DD
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KmLMdDxvg_gxCRhsH_tGSkVqidk.roa
Signing time: Tue 05 Dec 2023 19:04:54 +0000
ROA not before: Tue 05 Dec 2023 19:04:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18c:3b5e:357e/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3b:5e:74:2a:af:57:2c:de:98:0a:dd:33:6b:3f:19:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 5 19:04:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a62cc743c6f83f83109186c1ffb464a456a89d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:1f:60:e7:dc:77:9d:13:54:f0:16:71:a5:a1:
19:4b:33:25:4b:f7:39:0a:51:3c:aa:b7:58:04:55:
0b:7b:05:08:68:a0:7d:35:46:92:57:69:72:db:16:
da:3b:56:00:8d:fe:99:02:8d:65:e1:2e:ca:be:63:
ed:ef:a6:f8:c7:06:20:f1:bc:6b:34:c2:2e:3a:82:
a1:4f:a5:e8:7e:5c:88:22:b4:07:62:23:b8:34:34:
4c:8b:24:67:05:2d:83:20:2b:46:50:16:28:b4:55:
24:cb:01:8f:c0:2b:d2:a6:1a:b8:f5:a2:5c:21:a5:
ab:36:2a:af:2c:ca:ad:5c:4e:9c:4e:a3:9c:9e:3e:
10:03:3a:21:27:b1:68:20:22:49:df:fb:c3:54:03:
a7:25:db:d6:4a:66:0c:7e:2f:6c:2d:2c:36:44:3b:
dc:4c:a2:01:46:61:37:84:61:0a:dc:46:1c:6b:d4:
42:7f:d1:7b:22:1a:ce:b8:9f:bf:22:d9:b9:8e:01:
04:1c:07:64:c2:84:0d:d7:c7:6f:cf:d9:e6:df:34:
cf:41:ea:52:17:a5:ca:0c:9f:3a:58:bc:ec:86:7f:
f6:58:07:38:af:f0:ad:00:97:aa:89:13:a0:3b:6a:
c9:eb:0d:e2:2d:30:b5:c0:27:79:fb:2e:5e:74:79:
29:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:62:CC:74:3C:6F:83:F8:31:09:18:6C:1F:FB:46:4A:45:6A:89:D9
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KmLMdDxvg_gxCRhsH_tGSkVqidk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
37:99:03:89:a0:19:59:a0:1f:5d:72:d1:c3:8d:94:76:c6:29:
b9:c4:05:aa:96:c5:44:ff:9f:fc:7a:06:0d:c2:a8:1f:65:1e:
b8:8a:2e:b0:26:f4:1b:f8:e7:6e:7a:87:65:13:32:b2:ef:b3:
d5:fd:4c:02:46:e8:f6:9b:a5:b4:25:0f:9e:01:21:2b:01:d0:
07:aa:48:dd:65:bf:19:52:b1:a2:c1:30:35:d6:0a:07:1d:d1:
07:7b:63:14:46:7d:c8:cb:5e:7e:6a:6b:19:e3:9f:99:42:4f:
8e:eb:d5:8b:bd:8b:19:33:23:a8:dc:24:31:ce:66:5e:3f:3a:
69:41:14:46:0e:50:04:71:dd:45:53:42:38:13:33:f2:1e:a0:
d8:29:39:1b:22:49:64:25:a5:14:f5:55:f0:71:22:6e:9f:c4:
51:c0:3d:44:c0:15:59:ee:0c:45:c2:32:35:17:72:79:2c:b4:
d0:6f:3f:a2:06:6b:db:eb:c3:21:2d:6d:b8:29:93:17:01:75:
25:7b:75:db:22:6a:dd:be:91:67:57:f3:fe:6d:5d:d0:8a:b7:
04:0f:e1:c1:9a:da:6a:c6:12:27:a7:00:0a:a3:cd:c8:36:46:
0c:0f:96:f1:1f:25:3e:67:c6:f3:09:d6:47:35:6a:d9:7e:e8:
e6:cc:ba:36
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYw7XnQqr1cs3pgK3TNrPxndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjA1MTkwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTYyY2M3NDNjNmY4M2Y4MzEwOTE4NmMxZmZiNDY0YTQ1NmE4OWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkx9g59x3nRNU8BZxpaEZSzMlS/c5
ClE8qrdYBFULewUIaKB9NUaSV2ly2xbaO1YAjf6ZAo1l4S7KvmPt76b4xwYg8bxr
NMIuOoKhT6XoflyIIrQHYiO4NDRMiyRnBS2DICtGUBYotFUkywGPwCvSphq49aJc
IaWrNiqvLMqtXE6cTqOcnj4QAzohJ7FoICJJ3/vDVAOnJdvWSmYMfi9sLSw2RDvc
TKIBRmE3hGEK3EYca9RCf9F7IhrOuJ+/Itm5jgEEHAdkwoQN18dvz9nm3zTPQepS
F6XKDJ86WLzshn/2WAc4r/CtAJeqiROgO2rJ6w3iLTC1wCd5+y5edHkpZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCpizHQ8b4P4MQkYbB/7RkpFaonZMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvS21MTWREeHZnX2d4Q1Joc0hfdEdTa1ZxaWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADeZA4mgGVmgH11y0cON
lHbGKbnEBaqWxUT/n/x6Bg3CqB9lHriKLrAm9Bv45256h2UTMrLvs9X9TAJG6Pab
pbQlD54BISsB0AeqSN1lvxlSsaLBMDXWCgcd0Qd7YxRGfcjLXn5qaxnjn5lCT47r
1Yu9ixkzI6jcJDHOZl4/OmlBFEYOUARx3UVTQjgTM/IeoNgpORsiSWQlpRT1VfBx
Im6fxFHAPUTAFVnuDEXCMjUXcnkstNBvP6IGa9vrwyEtbbgpkxcBdSV7ddsiat2+
kWdX8/5tXdCKtwQP4cGa2mrGEienAAqjzcg2RgwPlvEfJT5nxvMJ1kc1atl+6ObM
ujY=
-----END CERTIFICATE-----
Generated at Mon Jul 28 21:50:08 2025 by rpki-client