Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3QNVOnhCNJuMT0zdhHUetFr6xrU.roa
File: 3QNVOnhCNJuMT0zdhHUetFr6xrU.roa (raw, json)
Hash identifier: 3vUgEW81VxNL6osfgzGBhdTNiQl9L1BytuVyLOYepoI=
Subject key identifier: DD:03:55:3A:78:42:34:9B:8C:4F:4C:DD:84:75:1E:B4:5A:FA:C6:B5
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BE4E9FBB1E2E4EBE3CB86E12FF1E45CEA
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3QNVOnhCNJuMT0zdhHUetFr6xrU.roa
Signing time: Sun 19 Nov 2023 00:10:21 +0000
ROA not before: Sun 19 Nov 2023 00:10:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:e4:e9:fb:b1:e2:e4:eb:e3:cb:86:e1:2f:f1:e4:5c:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 19 00:10:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd03553a7842349b8c4f4cdd84751eb45afac6b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7a:a1:d0:aa:00:f0:ad:aa:6d:7c:66:6e:78:
fb:38:ff:01:24:67:a4:bb:eb:cf:05:f1:b0:8d:6f:
9c:fd:4f:ad:2d:5e:08:8e:da:4a:90:db:00:ac:97:
5d:fa:ae:07:8c:67:d5:93:00:9e:23:c4:ed:94:06:
4a:49:6a:6c:8b:e5:e4:9a:ae:5f:df:b2:9a:a8:6b:
c2:f7:0f:7b:1d:56:52:1b:a0:9f:cf:15:41:dd:8f:
04:0b:86:e2:e0:f0:c9:12:77:35:97:96:a8:dc:46:
43:c6:1d:80:4c:73:fb:2a:72:3c:c8:69:c2:6c:ee:
f0:c5:e1:83:67:69:2f:a7:ae:0f:49:57:58:87:32:
63:9e:15:67:4c:ce:56:cb:2a:84:7e:6e:fb:97:1d:
6f:75:6a:78:73:97:7c:3b:83:03:72:f6:0e:12:86:
ee:b6:25:78:cd:3b:24:88:f3:09:c8:ce:6a:c6:8a:
8d:78:d4:f6:ac:22:c7:39:30:ab:a4:cd:bb:29:f7:
fd:40:ef:53:4e:9a:06:f1:8a:af:e2:8c:43:e4:8c:
2e:0b:ed:cc:8c:26:fb:b4:d6:e2:09:75:44:b0:b2:
05:6c:8e:85:e8:4b:d3:90:6c:f3:15:98:c3:49:48:
cb:6b:c4:c3:95:f6:44:ef:d9:24:b9:b6:f0:7e:a4:
0c:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:03:55:3A:78:42:34:9B:8C:4F:4C:DD:84:75:1E:B4:5A:FA:C6:B5
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3QNVOnhCNJuMT0zdhHUetFr6xrU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
94:74:78:50:52:dc:08:73:54:88:8b:f3:09:45:b3:fa:e6:e0:
9d:8e:d5:2d:9a:b1:22:bd:b9:16:46:9e:91:2a:ca:17:69:be:
1c:e8:d3:a2:0f:64:bb:00:99:d4:26:18:58:75:36:db:90:33:
03:95:50:4b:13:76:ea:25:2d:de:86:a1:e8:09:bd:2e:bc:19:
58:a0:a6:bb:ae:11:cc:94:71:01:bb:77:7d:8b:eb:fb:a7:08:
d3:4c:a5:d4:f1:84:60:63:ad:b6:84:9b:26:02:fe:e1:d8:a6:
6f:cc:3d:c5:d6:c5:12:db:c6:f5:6e:92:46:1a:67:88:9e:50:
6d:53:94:c3:3a:86:04:8f:b3:7f:30:ba:df:89:82:6d:72:f5:
d2:78:e2:8f:ba:6e:3e:74:77:c0:e3:f3:45:ae:33:b5:e4:b3:
d2:7a:14:37:cd:a3:f7:8d:d8:8e:52:11:86:6b:38:10:55:bc:
67:9f:84:b3:9e:f8:51:fd:e4:5d:29:df:93:d4:03:d6:03:fa:
fe:e7:3a:cf:20:e3:cf:53:9e:e1:65:4e:49:c4:3c:2f:b0:28:
7b:50:6c:89:88:9d:0f:14:14:4c:bd:a0:dd:e9:c4:3f:00:81:
7f:67:f9:d2:c8:c3:01:14:8f:7c:35:50:ad:7c:a9:5a:ba:f1:
20:09:3b:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvk6fux4uTr48uG4S/x5FzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTE5MDAxMDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDAzNTUzYTc4NDIzNDliOGM0ZjRjZGQ4NDc1MWViNDVhZmFjNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnqh0KoA8K2qbXxmbnj7OP8BJGek
u+vPBfGwjW+c/U+tLV4IjtpKkNsArJdd+q4HjGfVkwCeI8TtlAZKSWpsi+Xkmq5f
37KaqGvC9w97HVZSG6CfzxVB3Y8EC4bi4PDJEnc1l5ao3EZDxh2ATHP7KnI8yGnC
bO7wxeGDZ2kvp64PSVdYhzJjnhVnTM5WyyqEfm77lx1vdWp4c5d8O4MDcvYOEobu
tiV4zTskiPMJyM5qxoqNeNT2rCLHOTCrpM27Kff9QO9TTpoG8Yqv4oxD5IwuC+3M
jCb7tNbiCXVEsLIFbI6F6EvTkGzzFZjDSUjLa8TDlfZE79kkubbwfqQMfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN0DVTp4QjSbjE9M3YR1HrRa+sa1MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvM1FOVk9uaENOSnVNVDB6ZGhIVWV0RnI2eHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJR0eFBS3AhzVIiL8wlF
s/rm4J2O1S2asSK9uRZGnpEqyhdpvhzo06IPZLsAmdQmGFh1NtuQMwOVUEsTduol
Ld6GoegJvS68GVigpruuEcyUcQG7d32L6/unCNNMpdTxhGBjrbaEmyYC/uHYpm/M
PcXWxRLbxvVukkYaZ4ieUG1TlMM6hgSPs38wut+Jgm1y9dJ44o+6bj50d8Dj80Wu
M7Xks9J6FDfNo/eN2I5SEYZrOBBVvGefhLOe+FH95F0p35PUA9YD+v7nOs8g489T
nuFlTknEPC+wKHtQbImInQ8UFEy9oN3pxD8AgX9n+dLIwwEUj3w1UK18qVq68SAJ
O5c=
-----END CERTIFICATE-----
Generated at Wed Apr 23 03:37:43 2025 by rpki-client