Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa
File: Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa (raw, json)
Hash identifier: wgO/9SE3tGGix8ibWbmr4V525qvuelHVkPBzvEmaH3s=
Subject key identifier: 2A:1E:70:63:DF:A5:D0:08:03:30:0D:18:1A:83:4F:75:5A:BA:E6:94
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 0186A98AF28E9D65DE06A3365ED8D0A7A932
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa
Signing time: Fri 03 Mar 2023 22:15:00 +0000
ROA not before: Fri 03 Mar 2023 22:15:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a9:8a:f2:8e:9d:65:de:06:a3:36:5e:d8:d0:a7:a9:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Mar 3 22:15:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a1e7063dfa5d00803300d181a834f755abae694
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:b0:96:1d:d3:75:af:1d:58:e1:7f:e0:cd:16:
88:32:b3:6e:63:48:ef:7e:f2:9b:22:6b:7d:bc:69:
e7:c4:fb:43:44:d3:c1:95:18:86:d0:db:b2:78:bc:
8b:51:9b:ee:5a:e6:52:f1:16:a3:a2:f3:59:94:9f:
72:e8:42:5d:be:a7:2d:82:b1:a5:e5:cc:4e:18:1e:
73:d0:27:68:01:2e:5b:51:ce:6e:ee:89:99:63:08:
c9:5c:26:04:aa:64:e6:d6:73:2f:65:0c:2f:44:f8:
cc:65:ca:1a:02:16:57:34:ba:bd:fd:c4:39:17:e1:
b3:82:1d:71:f3:b6:d7:57:66:99:e3:ff:6f:74:1b:
34:e6:a2:2e:cc:11:5f:a9:e5:ec:dd:75:9c:3c:cf:
f6:9f:2b:d0:15:dd:2d:a3:b1:de:8a:ff:49:25:a8:
d8:3b:fc:77:06:4a:11:86:60:5a:b0:4b:b8:5f:80:
f6:b8:2b:a0:53:22:6f:8a:14:b1:d8:eb:ab:a0:c3:
25:ee:91:08:c2:2c:ad:72:c3:58:6f:f8:37:08:b7:
f9:d9:31:4a:8a:9b:8c:a1:05:39:84:b5:a3:fe:27:
3f:2b:e9:5b:d5:d0:3f:29:fe:32:20:bf:bf:96:97:
87:86:63:e7:e2:c6:82:c8:e5:5c:36:ef:92:9a:7d:
b9:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:1E:70:63:DF:A5:D0:08:03:30:0D:18:1A:83:4F:75:5A:BA:E6:94
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
2b:a0:a6:43:61:fd:65:05:a4:79:53:ff:6a:ea:c5:09:e2:e7:
c6:ff:91:a2:0e:d0:3f:dd:13:5c:78:b0:e2:30:5c:f6:04:3c:
96:01:95:dd:b7:a8:db:ce:7c:a1:6e:b5:8c:5a:d9:29:20:25:
c1:a8:95:45:88:f4:fc:d4:c0:90:2b:0b:ed:07:25:76:e6:0b:
ef:7e:c4:86:93:3d:a2:fd:de:b7:e3:cb:c7:86:e1:62:31:01:
9b:e3:6b:c2:9b:9e:80:c5:b7:77:85:f2:4e:35:a4:5e:d0:6b:
01:01:9e:5b:b4:06:04:d0:b6:cf:df:d4:5b:2e:dd:54:be:3d:
63:50:95:76:f9:65:61:d8:f5:4f:4e:e4:5d:b5:15:c9:c1:8c:
2b:45:9f:20:89:ed:71:26:2a:39:5b:84:40:1f:28:ff:39:ce:
75:ad:46:26:d6:77:bf:6f:b0:0c:1c:ac:23:a8:a5:d5:20:f6:
1c:6a:39:b3:ad:66:d4:36:d7:15:03:d5:68:f9:96:56:40:d6:
28:c3:fe:c6:6d:b7:19:c0:25:3d:95:42:6c:f5:f4:e0:a5:f7:
61:84:d4:30:2d:f5:36:8e:43:61:25:06:2b:42:99:41:fb:26:
53:04:40:0a:e6:86:d3:aa:1d:12:6b:a3:14:e3:e4:93:99:a9:
7f:1b:b4:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYapivKOnWXeBqM2XtjQp6kyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMjIxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFlNzA2M2RmYTVkMDA4MDMzMDBkMTgxYTgzNGY3NTVhYmFlNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLCWHdN1rx1Y4X/gzRaIMrNuY0jv
fvKbImt9vGnnxPtDRNPBlRiG0NuyeLyLUZvuWuZS8RajovNZlJ9y6EJdvqctgrGl
5cxOGB5z0CdoAS5bUc5u7omZYwjJXCYEqmTm1nMvZQwvRPjMZcoaAhZXNLq9/cQ5
F+Gzgh1x87bXV2aZ4/9vdBs05qIuzBFfqeXs3XWcPM/2nyvQFd0to7Heiv9JJajY
O/x3BkoRhmBasEu4X4D2uCugUyJvihSx2OuroMMl7pEIwiytcsNYb/g3CLf52TFK
ipuMoQU5hLWj/ic/K+lb1dA/Kf4yIL+/lpeHhmPn4saCyOVcNu+Smn25jQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCoecGPfpdAIAzANGBqDT3VauuaUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS2g1d1k5LWwwQWdETUEwWUdvTlBkVnE2NXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACugpkNh/WUFpHlT/2rq
xQni58b/kaIO0D/dE1x4sOIwXPYEPJYBld23qNvOfKFutYxa2SkgJcGolUWI9PzU
wJArC+0HJXbmC+9+xIaTPaL93rfjy8eG4WIxAZvja8KbnoDFt3eF8k41pF7QawEB
nlu0BgTQts/f1Fsu3VS+PWNQlXb5ZWHY9U9O5F21FcnBjCtFnyCJ7XEmKjlbhEAf
KP85znWtRibWd79vsAwcrCOopdUg9hxqObOtZtQ21xUD1Wj5llZA1ijD/sZttxnA
JT2VQmz19OCl92GE1DAt9TaOQ2ElBitCmUH7JlMEQArmhtOqHRJroxTj5JOZqX8b
tJw=
-----END CERTIFICATE-----
Generated at Thu Jun 12 02:34:54 2025 by rpki-client