Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KHMRJHQZmWw_SAQhSM25fMdh32c.roa
File: KHMRJHQZmWw_SAQhSM25fMdh32c.roa (raw, json)
Hash identifier: 1uETdLnjsOxFCH54xEVuEYR6TwF6DsGGP5oQQmCa+g4=
Subject key identifier: 28:73:11:24:74:19:99:6C:3F:48:04:21:48:CD:B9:7C:C7:61:DF:67
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BBEEB0DC2C6E32BC20E6DE144B8291212
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KHMRJHQZmWw_SAQhSM25fMdh32c.roa
Signing time: Sat 11 Nov 2023 15:05:57 +0000
ROA not before: Sat 11 Nov 2023 15:05:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:beea:60ef/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:be:eb:0d:c2:c6:e3:2b:c2:0e:6d:e1:44:b8:29:12:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 11 15:05:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=287311247419996c3f48042148cdb97cc761df67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:66:c6:5b:52:38:2e:0b:0d:b7:df:ec:91:67:
42:9e:47:1a:c6:6b:f3:58:e9:8e:ca:c2:8d:bc:dd:
42:cd:09:58:ce:cc:13:5c:70:81:75:a1:56:10:64:
2f:eb:a9:03:df:c1:56:eb:39:f3:da:c8:31:0c:5b:
53:1a:2c:04:04:03:46:95:08:33:fa:d3:23:74:c5:
68:f7:62:f7:66:66:6f:9a:36:bb:d7:09:01:d4:29:
e2:1a:8d:c8:d7:db:83:46:a6:11:5e:2f:26:68:c4:
de:31:79:0b:78:5a:18:6f:a4:79:ff:86:9c:2b:f7:
14:00:15:02:06:27:9f:1b:9b:55:b4:b2:7b:25:c1:
a8:a0:50:d1:36:06:4c:35:86:07:57:d7:6d:cc:b9:
2d:4e:d4:64:6e:82:e8:6e:ba:46:f3:dc:53:6b:bb:
51:8f:18:43:3d:08:e9:65:0c:1f:db:71:95:81:c1:
19:6a:19:04:27:99:5a:f6:7c:5b:39:c6:49:ec:a1:
ce:89:95:0f:ed:ea:ac:11:0b:c6:20:54:8a:46:10:
8f:d0:e7:a9:4b:58:94:32:ec:06:91:a6:fb:29:0d:
ce:62:85:ba:72:e8:9e:4d:96:3c:22:86:9a:ba:12:
e2:86:a8:26:e9:0a:38:bd:17:71:26:36:46:0c:c8:
a6:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:73:11:24:74:19:99:6C:3F:48:04:21:48:CD:B9:7C:C7:61:DF:67
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KHMRJHQZmWw_SAQhSM25fMdh32c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
20:85:b2:c7:7f:56:18:d5:53:16:70:50:bf:3c:63:e2:b3:ff:
78:1b:20:72:f7:3c:77:b3:6d:db:c8:a5:00:e3:1d:a0:00:87:
4a:2b:2c:ac:aa:53:2d:31:93:d6:9d:bc:f6:dc:f8:4c:52:d8:
d3:70:77:fc:99:06:bf:b8:e3:3b:da:b0:c6:1b:07:56:da:d5:
bf:6e:6c:26:b4:5b:d3:93:b8:8f:b9:73:1b:10:6e:0e:28:bf:
83:ce:2a:3e:d9:3b:9d:a1:b8:00:ed:22:e1:ff:36:c2:85:77:
4e:e1:34:05:94:88:dc:88:93:e7:c6:fe:ac:3f:dd:05:2e:21:
86:8b:b2:b0:0a:6c:30:55:b0:dc:37:ee:1d:bc:96:bc:0d:17:
11:be:ef:83:9f:a6:9f:83:20:43:27:0d:78:0e:01:a7:84:88:
87:a2:9b:bc:9d:79:74:5f:f9:43:fe:00:f0:89:a0:7d:ec:8b:
c5:d0:01:29:c9:16:db:00:e9:4a:48:60:08:92:9f:5a:d1:01:
db:6d:08:d1:e1:1a:fa:60:db:29:f8:2f:51:16:9d:58:93:7d:
79:d6:f6:a6:89:80:32:5a:fd:4c:67:d4:f9:99:00:66:e4:0d:
7e:04:32:27:d7:4d:9c:47:f5:24:e0:fd:90:61:57:8d:24:40:
17:c6:e0:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYu+6w3CxuMrwg5t4US4KRISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTExMTUwNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODczMTEyNDc0MTk5OTZjM2Y0ODA0MjE0OGNkYjk3Y2M3NjFkZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2bGW1I4LgsNt9/skWdCnkcaxmvz
WOmOysKNvN1CzQlYzswTXHCBdaFWEGQv66kD38FW6znz2sgxDFtTGiwEBANGlQgz
+tMjdMVo92L3ZmZvmja71wkB1CniGo3I19uDRqYRXi8maMTeMXkLeFoYb6R5/4ac
K/cUABUCBiefG5tVtLJ7JcGooFDRNgZMNYYHV9dtzLktTtRkboLobrpG89xTa7tR
jxhDPQjpZQwf23GVgcEZahkEJ5la9nxbOcZJ7KHOiZUP7eqsEQvGIFSKRhCP0Oep
S1iUMuwGkab7KQ3OYoW6cuieTZY8IoaauhLihqgm6Qo4vRdxJjZGDMimKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFChzESR0GZlsP0gEIUjNuXzHYd9nMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvS0hNUkpIUVptV3dfU0FRaFNNMjVmTWRoMzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACCFssd/VhjVUxZwUL88
Y+Kz/3gbIHL3PHezbdvIpQDjHaAAh0orLKyqUy0xk9advPbc+ExS2NNwd/yZBr+4
4zvasMYbB1ba1b9ubCa0W9OTuI+5cxsQbg4ov4POKj7ZO52huADtIuH/NsKFd07h
NAWUiNyIk+fG/qw/3QUuIYaLsrAKbDBVsNw37h28lrwNFxG+74Ofpp+DIEMnDXgO
AaeEiIeim7ydeXRf+UP+APCJoH3si8XQASnJFtsA6UpIYAiSn1rRAdttCNHhGvpg
2yn4L1EWnViTfXnW9qaJgDJa/Uxn1PmZAGbkDX4EMifXTZxH9STg/ZBhV40kQBfG
4Aw=
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:10:45 2025 by rpki-client