Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IKcQTF3eAnn7UKdHV5VD1R0u1BY.roa
File: IKcQTF3eAnn7UKdHV5VD1R0u1BY.roa (raw, json)
Hash identifier: 8jSFH/EX2bUERcYU8wHgwA2TxfdoXZkRY9cAotOkEdU=
Subject key identifier: 20:A7:10:4C:5D:DE:02:79:FB:50:A7:47:57:95:43:D5:1D:2E:D4:16
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C002D0CA06BCBFDE190C1BA2A35E12546
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IKcQTF3eAnn7UKdHV5VD1R0u1BY.roa
Signing time: Fri 24 Nov 2023 07:13:21 +0000
ROA not before: Fri 24 Nov 2023 07:13:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:00:2d:0c:a0:6b:cb:fd:e1:90:c1:ba:2a:35:e1:25:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 24 07:13:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20a7104c5dde0279fb50a747579543d51d2ed416
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:3d:2d:fe:33:94:90:d8:f9:e0:9c:56:cf:0a:
45:6a:13:fb:7d:c1:f3:8d:f3:de:4f:01:e4:38:5e:
aa:3f:10:ba:e4:0c:22:c3:66:f4:bf:e6:d8:ee:4f:
a2:c5:30:4d:c5:42:fb:70:15:52:18:7b:07:6f:4a:
5b:32:04:2b:fe:4c:fb:18:7b:ef:1d:e6:fc:20:de:
63:f2:13:14:bc:cd:6d:03:25:34:85:ce:89:77:df:
21:b6:32:18:a9:55:d1:09:64:6d:4f:dd:ee:c2:db:
09:9d:dc:44:0a:2b:e0:35:ee:32:29:51:69:96:df:
5c:c4:cb:d1:80:c6:05:45:01:ff:4c:ed:e8:22:34:
84:87:fb:ef:d2:d3:58:b6:ca:b1:85:6c:4d:5f:59:
56:65:f1:9a:eb:bc:a9:e3:a9:50:6c:54:2d:22:62:
71:2f:51:d7:a0:41:15:f2:24:45:a7:32:f3:d5:47:
ce:90:5c:bc:78:0b:ec:dc:96:eb:4f:0e:f1:72:3d:
eb:90:b5:bb:ab:11:09:ec:53:38:88:54:0c:d5:0f:
31:de:d4:84:49:34:51:f3:92:c2:8c:c1:bc:69:82:
bb:6e:14:e5:14:54:02:d8:87:6c:85:99:f2:20:26:
9a:16:18:28:02:e9:2d:4f:31:e6:c1:30:6d:8b:87:
87:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:A7:10:4C:5D:DE:02:79:FB:50:A7:47:57:95:43:D5:1D:2E:D4:16
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IKcQTF3eAnn7UKdHV5VD1R0u1BY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
26:5a:70:7d:43:ac:07:31:04:d5:f9:cc:dc:60:14:65:3b:46:
37:a3:62:42:a7:27:e0:b0:82:c5:16:bb:a9:a7:64:31:7f:73:
fe:0e:38:c1:72:f8:35:2a:eb:f4:1c:94:bf:37:71:f1:a2:c5:
e0:c2:61:92:75:4c:f1:cd:0c:ed:6b:da:da:46:f2:2e:11:2f:
83:65:d4:5f:25:b2:d4:2b:84:3f:76:83:b6:48:41:b1:c2:de:
cd:2e:28:de:54:2c:fd:40:c9:fc:82:57:65:94:cf:ae:28:57:
8e:b6:2f:6e:94:47:9b:52:c6:18:97:e3:1c:80:07:33:51:57:
b9:f3:75:f0:6f:31:25:39:bb:e6:06:03:42:89:06:ed:52:dd:
43:59:b8:35:aa:31:4a:8d:84:92:9c:79:75:fa:f6:2e:29:38:
58:be:d6:ec:5a:07:70:17:29:2f:1a:82:c9:d4:5f:d7:8c:d2:
8b:1a:3a:9c:b6:01:7c:e5:aa:1b:4c:a9:e1:a9:86:0d:95:73:
8e:bd:bc:19:79:5e:77:72:e9:4c:f2:f6:60:54:cd:7a:e1:84:
65:6d:52:88:fe:1c:79:cc:f1:d9:47:58:bc:d7:5a:c5:83:00:
b9:66:8a:65:5f:27:8e:bc:9b:7b:c6:2c:72:bf:4c:bd:ae:06:
b3:89:fc:be
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwALQyga8v94ZDBuio14SVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTI0MDcxMzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE3MTA0YzVkZGUwMjc5ZmI1MGE3NDc1Nzk1NDNkNTFkMmVkNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj0t/jOUkNj54JxWzwpFahP7fcHz
jfPeTwHkOF6qPxC65Awiw2b0v+bY7k+ixTBNxUL7cBVSGHsHb0pbMgQr/kz7GHvv
Heb8IN5j8hMUvM1tAyU0hc6Jd98htjIYqVXRCWRtT93uwtsJndxECivgNe4yKVFp
lt9cxMvRgMYFRQH/TO3oIjSEh/vv0tNYtsqxhWxNX1lWZfGa67yp46lQbFQtImJx
L1HXoEEV8iRFpzLz1UfOkFy8eAvs3JbrTw7xcj3rkLW7qxEJ7FM4iFQM1Q8x3tSE
STRR85LCjMG8aYK7bhTlFFQC2IdshZnyICaaFhgoAuktTzHmwTBti4eHaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCCnEExd3gJ5+1CnR1eVQ9UdLtQWMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSUtjUVRGM2VBbm43VUtkSFY1VkQxUjB1MUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACZacH1DrAcxBNX5zNxg
FGU7RjejYkKnJ+CwgsUWu6mnZDF/c/4OOMFy+DUq6/QclL83cfGixeDCYZJ1TPHN
DO1r2tpG8i4RL4Nl1F8lstQrhD92g7ZIQbHC3s0uKN5ULP1AyfyCV2WUz64oV462
L26UR5tSxhiX4xyABzNRV7nzdfBvMSU5u+YGA0KJBu1S3UNZuDWqMUqNhJKceXX6
9i4pOFi+1uxaB3AXKS8agsnUX9eM0osaOpy2AXzlqhtMqeGphg2Vc469vBl5Xndy
6Uzy9mBUzXrhhGVtUoj+HHnM8dlHWLzXWsWDALlmimVfJ468m3vGLHK/TL2uBrOJ
/L4=
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:26:42 2025 by rpki-client