Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/5N8rHc2h9kOS16PtzW9fAcd0img.roa
File: 5N8rHc2h9kOS16PtzW9fAcd0img.roa (raw, json)
Hash identifier: mMUiLEoQuWHkDRc8VUAyvxljEhS7OMSkUTPWzm54Im0=
Subject key identifier: E4:DF:2B:1D:CD:A1:F6:43:92:D7:A3:ED:CD:6F:5F:01:C7:74:8A:68
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BECDD33EF814A075FD5E22012307F3203
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/5N8rHc2h9kOS16PtzW9fAcd0img.roa
Signing time: Mon 20 Nov 2023 13:13:21 +0000
ROA not before: Mon 20 Nov 2023 13:13:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ec:dd:33:ef:81:4a:07:5f:d5:e2:20:12:30:7f:32:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 20 13:13:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e4df2b1dcda1f64392d7a3edcd6f5f01c7748a68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:8c:3e:86:70:eb:b4:4c:b3:9a:e0:f2:ef:5a:
58:71:b6:4a:79:ec:61:a5:20:ad:56:f6:60:aa:a0:
46:4c:db:95:e5:ac:66:ac:44:c4:81:8a:da:fb:f1:
26:f8:80:36:03:5e:9e:c6:08:bf:3d:d9:d1:56:76:
96:ee:f0:c2:9b:4c:ca:3b:18:1d:e4:f6:77:ff:24:
71:37:5f:a8:5f:a8:28:fb:67:06:9c:c3:3c:9a:ef:
d1:20:c0:3f:fe:9f:3a:b8:d3:83:ce:50:c9:f5:d5:
2c:d8:45:c5:7d:cf:ca:92:22:c6:fe:52:a8:36:82:
e2:4f:f6:27:5d:97:59:81:51:fb:5e:f5:61:69:62:
a5:df:eb:4c:28:49:c9:b9:97:c4:c8:e4:87:58:66:
de:0b:73:e5:47:8f:7a:2d:fa:96:09:d8:0d:17:d2:
38:5f:2b:fa:bc:9e:28:a2:3f:d0:90:2f:9a:ad:9b:
33:16:4f:31:a1:fe:1f:51:df:70:9f:ed:71:82:80:
f5:4f:0b:d8:da:35:58:d7:1c:c4:1f:6b:11:40:e2:
89:5b:e3:cb:81:0f:8b:6e:13:bf:d4:70:ea:da:f0:
1b:76:30:39:59:ea:c7:42:15:e3:e9:45:ee:39:b0:
eb:e9:2f:23:77:76:ef:e9:da:bd:56:d9:b4:5d:c0:
a8:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:DF:2B:1D:CD:A1:F6:43:92:D7:A3:ED:CD:6F:5F:01:C7:74:8A:68
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/5N8rHc2h9kOS16PtzW9fAcd0img.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
a8:29:da:f4:6c:c6:5b:2d:ba:74:9b:6b:d9:a5:13:ee:03:dd:
44:44:e0:2d:35:13:ed:f3:78:6d:8e:6d:f4:a6:1e:9d:a1:b6:
6d:ef:cb:71:0d:3e:41:62:76:b2:a8:08:c6:ce:0d:89:76:41:
26:02:f8:63:63:da:16:71:cb:cb:74:a3:98:14:66:63:b1:dc:
0a:81:ef:de:ae:bc:30:4c:b8:7c:79:77:f4:47:87:55:40:72:
f4:11:d7:86:3b:81:90:80:35:e1:6f:96:04:f5:42:76:7a:d8:
80:64:d8:62:8f:2e:14:d4:b6:64:5d:c6:ac:be:bc:d4:f8:c2:
79:c2:22:8d:e1:8e:20:23:f8:d5:83:72:a2:80:2c:60:52:a0:
59:cf:e1:a9:6f:e0:74:8f:1b:7b:7f:5a:9f:51:c4:df:4e:aa:
7e:a7:9f:c7:94:0a:16:2f:06:78:ba:e0:3c:9c:a9:bb:1a:3f:
26:bb:c3:61:66:a0:2b:aa:88:d4:5e:0b:38:2a:06:1d:d7:3e:
95:af:39:03:c6:a4:54:8a:3e:88:a6:ea:31:cd:ba:91:b5:43:
d9:4f:4b:a7:d4:42:53:d0:fe:5c:9a:3a:b2:67:0c:9f:cd:6f:
74:9b:7f:25:0d:14:31:c9:4a:73:12:04:e5:96:2e:c3:28:ec:
56:e3:3e:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvs3TPvgUoHX9XiIBIwfzIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTIwMTMxMzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGRmMmIxZGNkYTFmNjQzOTJkN2EzZWRjZDZmNWYwMWM3NzQ4YTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ow+hnDrtEyzmuDy71pYcbZKeexh
pSCtVvZgqqBGTNuV5axmrETEgYra+/Em+IA2A16exgi/PdnRVnaW7vDCm0zKOxgd
5PZ3/yRxN1+oX6go+2cGnMM8mu/RIMA//p86uNODzlDJ9dUs2EXFfc/KkiLG/lKo
NoLiT/YnXZdZgVH7XvVhaWKl3+tMKEnJuZfEyOSHWGbeC3PlR496LfqWCdgNF9I4
Xyv6vJ4ooj/QkC+arZszFk8xof4fUd9wn+1xgoD1TwvY2jVY1xzEH2sRQOKJW+PL
gQ+LbhO/1HDq2vAbdjA5WerHQhXj6UXuObDr6S8jd3bv6dq9Vtm0XcCoawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOTfKx3NofZDktej7c1vXwHHdIpoMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvNU44ckhjMmg5a09TMTZQdHpXOWZBY2QwaW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKgp2vRsxlstunSba9ml
E+4D3URE4C01E+3zeG2ObfSmHp2htm3vy3ENPkFidrKoCMbODYl2QSYC+GNj2hZx
y8t0o5gUZmOx3AqB796uvDBMuHx5d/RHh1VAcvQR14Y7gZCANeFvlgT1QnZ62IBk
2GKPLhTUtmRdxqy+vNT4wnnCIo3hjiAj+NWDcqKALGBSoFnP4alv4HSPG3t/Wp9R
xN9Oqn6nn8eUChYvBni64DycqbsaPya7w2FmoCuqiNReCzgqBh3XPpWvOQPGpFSK
Poim6jHNupG1Q9lPS6fUQlPQ/lyaOrJnDJ/Nb3SbfyUNFDHJSnMSBOWWLsMo7Fbj
PkY=
-----END CERTIFICATE-----
Generated at Mon Apr 21 22:39:41 2025 by rpki-client