Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/KrCiG2HQuUsLMJCsyS7pl48YPT8.roa
File: KrCiG2HQuUsLMJCsyS7pl48YPT8.roa (raw, json)
Hash identifier: GvcguE/xCoLKXE7ehnPvI/SgoVAyYAu2NkM8d/W6HJ8=
Subject key identifier: 2A:B0:A2:1B:61:D0:B9:4B:0B:30:90:AC:C9:2E:E9:97:8F:18:3D:3F
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018E04D89BD05D1D462200D3B8E9AD60D830
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/KrCiG2HQuUsLMJCsyS7pl48YPT8.roa
Signing time: Sun 03 Mar 2024 15:04:48 +0000
ROA not before: Sun 03 Mar 2024 15:04:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
2001:67c:64:ffff:0:18d:e84f:370a/128 maxlen: 128
2001:67c:64:ffff:0:18e:4d8:2fd7/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:04:d8:9b:d0:5d:1d:46:22:00:d3:b8:e9:ad:60:d8:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Mar 3 15:04:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2ab0a21b61d0b94b0b3090acc92ee9978f183d3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:cc:9e:fb:5e:31:a5:bc:45:4a:fa:08:ca:1d:
e7:d2:87:1b:23:9e:bc:a2:a3:dd:c5:63:9a:37:cc:
19:fb:0b:99:b9:17:e3:df:e2:a7:ed:9b:cc:c6:71:
00:55:ea:74:3e:0a:94:4f:ad:0b:16:10:9a:bd:ba:
29:ca:44:33:57:da:ec:70:6c:2d:66:d4:4d:e6:5b:
1d:9b:c3:70:82:69:c9:6c:9f:e6:ca:fe:6d:78:a7:
5a:02:74:09:91:a5:d0:ec:1d:ea:47:c1:0a:18:fd:
72:1f:10:b3:79:de:d7:2c:6d:fa:d4:fe:ef:ea:5f:
55:84:b0:74:00:48:e4:aa:84:03:9c:40:51:b9:18:
56:bd:73:06:79:3c:2d:76:3d:28:9c:67:ed:ab:c8:
7c:61:94:5a:96:ec:6f:a9:40:85:09:34:68:87:30:
8b:48:c0:c0:3a:a0:45:41:39:b7:21:2c:5a:89:33:
5f:0e:4f:78:2a:1b:70:c2:83:63:b3:84:83:be:8a:
20:bd:99:2d:60:b0:10:d9:71:35:50:36:0a:75:c8:
70:b8:f2:48:8e:40:c2:4d:5d:14:48:b4:d0:03:e0:
30:3d:e3:f1:a7:76:bd:1d:dd:fc:4e:70:30:f3:3d:
48:6b:d6:20:9d:1e:37:88:67:70:9b:ef:df:4b:57:
cf:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:B0:A2:1B:61:D0:B9:4B:0B:30:90:AC:C9:2E:E9:97:8F:18:3D:3F
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/KrCiG2HQuUsLMJCsyS7pl48YPT8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
58:4c:bf:1f:c5:7f:d8:42:a9:c1:48:01:13:38:41:6e:c8:28:
9e:95:16:32:9c:71:ed:cf:86:9c:11:b5:6d:d2:7a:48:8f:64:
7d:fb:e8:bd:01:07:c1:da:a3:a6:bd:76:c3:f8:25:d9:81:5d:
7c:ff:58:bb:d1:46:08:37:ac:38:9e:12:2f:c5:94:13:05:77:
aa:33:d2:de:76:06:65:53:17:5a:ca:c6:09:93:37:47:0b:89:
c6:ea:93:f7:74:41:e2:3a:87:a1:83:a6:d6:9a:f8:ef:e5:a1:
80:10:9b:6b:66:fd:6b:e9:2a:9a:35:4a:79:42:9a:56:94:80:
0b:a5:f3:e7:c2:76:9e:01:ba:c7:65:23:ab:01:3c:c5:22:5d:
ab:80:8e:e1:09:88:5a:11:58:6a:20:7c:38:10:70:9c:7e:76:
63:49:e2:f0:ef:7b:13:7f:ed:03:93:2a:fb:16:8e:48:2e:d4:
52:ca:51:3e:2e:1d:40:6b:f8:80:90:23:d1:28:34:37:40:a4:
ee:08:ff:dc:1a:a9:7e:22:fb:c2:4a:32:85:f5:eb:eb:91:6d:
4b:ad:c3:c1:79:fe:0c:67:10:95:53:17:cd:21:25:6d:11:bf:
10:d0:74:f5:16:2c:e5:5d:0e:b7:33:27:e9:ed:63:39:fa:f3:
15:19:e4:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY4E2JvQXR1GIgDTuOmtYNgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMzAzMTUwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWIwYTIxYjYxZDBiOTRiMGIzMDkwYWNjOTJlZTk5NzhmMTgzZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsye+14xpbxFSvoIyh3n0ocbI568
oqPdxWOaN8wZ+wuZuRfj3+Kn7ZvMxnEAVep0PgqUT60LFhCavbopykQzV9rscGwt
ZtRN5lsdm8NwgmnJbJ/myv5teKdaAnQJkaXQ7B3qR8EKGP1yHxCzed7XLG361P7v
6l9VhLB0AEjkqoQDnEBRuRhWvXMGeTwtdj0onGftq8h8YZRaluxvqUCFCTRohzCL
SMDAOqBFQTm3ISxaiTNfDk94KhtwwoNjs4SDvoogvZktYLAQ2XE1UDYKdchwuPJI
jkDCTV0USLTQA+AwPePxp3a9Hd38TnAw8z1Ia9YgnR43iGdwm+/fS1fPQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCqwohth0LlLCzCQrMku6ZePGD0/MB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvS3JDaUcySFF1VXNMTUpDc3lTN3BsNDhZUFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFhMvx/Ff9hCqcFIARM4
QW7IKJ6VFjKcce3PhpwRtW3SekiPZH376L0BB8Hao6a9dsP4JdmBXXz/WLvRRgg3
rDieEi/FlBMFd6oz0t52BmVTF1rKxgmTN0cLicbqk/d0QeI6h6GDptaa+O/loYAQ
m2tm/WvpKpo1SnlCmlaUgAul8+fCdp4BusdlI6sBPMUiXauAjuEJiFoRWGogfDgQ
cJx+dmNJ4vDvexN/7QOTKvsWjkgu1FLKUT4uHUBr+ICQI9EoNDdApO4I/9waqX4i
+8JKMoX16+uRbUutw8F5/gxnEJVTF80hJW0RvxDQdPUWLOVdDrczJ+ntYzn68xUZ
5Dg=
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:19:26 2025 by rpki-client