Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KxPgqTI_CGOc8p7vMEP9YPSj-pQ.roa
File: KxPgqTI_CGOc8p7vMEP9YPSj-pQ.roa (raw, json)
Hash identifier: b3nE6XbsS2/4bjncxipFVVi3m4KWU5Cek4ezSdm7o+Q=
Subject key identifier: 2B:13:E0:A9:32:3F:08:63:9C:F2:9E:EF:30:43:FD:60:F4:A3:FA:94
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C4C9595172EB6A942C7EE9225397DBACE
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KxPgqTI_CGOc8p7vMEP9YPSj-pQ.roa
Signing time: Sat 09 Dec 2023 03:18:40 +0000
ROA not before: Sat 09 Dec 2023 03:18:40 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:4c:95:95:17:2e:b6:a9:42:c7:ee:92:25:39:7d:ba:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 9 03:18:40 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b13e0a9323f08639cf29eef3043fd60f4a3fa94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f6:e0:ad:10:60:7a:27:91:d2:ee:99:95:d9:
06:e9:05:45:08:54:a6:42:92:d0:f7:92:9b:d2:c4:
a6:2a:e6:63:6a:ff:2e:f2:76:93:50:9c:4b:7f:5f:
7e:8e:65:4f:10:07:b5:05:a5:53:30:72:40:b4:2c:
ab:79:aa:08:10:f6:4b:26:00:39:9b:65:a0:04:65:
8f:95:81:20:fd:28:16:69:09:58:f8:5f:70:b2:db:
23:c9:50:a0:ae:12:f8:0b:50:74:70:19:1d:72:de:
54:66:a9:52:eb:1a:7a:59:0a:42:bd:ba:e9:dc:e9:
d2:85:ed:3b:73:8c:7a:39:42:c0:34:f4:23:f0:7e:
ea:1f:3d:72:66:4a:a8:5b:3f:48:12:36:9e:01:ea:
03:e2:51:be:76:24:75:2e:b9:dc:b3:45:5e:6c:85:
11:7c:a6:bc:05:5b:32:53:ac:e1:c4:bb:8e:6e:b5:
fd:7e:db:27:dc:73:9d:98:97:04:eb:86:1a:d1:8e:
e0:96:d5:96:ce:b6:50:b5:94:2b:2b:09:e9:7f:52:
73:9c:28:ff:d3:6c:7b:80:02:44:7d:ff:fa:7c:16:
49:1f:b1:e3:79:df:55:96:fa:39:b8:2b:a2:24:8f:
e5:c9:61:c7:70:4c:84:8d:d6:ca:58:e4:35:48:9b:
29:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:13:E0:A9:32:3F:08:63:9C:F2:9E:EF:30:43:FD:60:F4:A3:FA:94
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/KxPgqTI_CGOc8p7vMEP9YPSj-pQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
77:ca:29:4b:7f:c2:3b:8b:e1:6e:5d:60:2b:d0:9a:1b:fb:22:
37:8f:57:fc:b0:18:13:96:fb:06:04:67:76:a0:99:40:96:34:
e5:f9:c9:57:73:8f:cd:03:cd:42:3f:15:cd:4b:6d:ed:03:56:
0d:7d:f9:8a:3c:e3:2e:a4:66:5e:ef:f0:9b:ba:5b:88:4b:91:
09:53:57:2f:76:d9:9e:8c:45:4e:46:26:0c:10:f2:16:a1:bb:
ee:15:b7:0a:41:6c:43:1f:70:10:a9:92:fb:11:6e:72:6f:f4:
cb:de:39:bb:0f:4f:df:be:3f:52:60:4d:22:fc:7e:34:e3:73:
8a:49:dd:9f:06:0e:0e:28:33:9d:bb:85:c6:75:08:26:91:bd:
0d:df:f2:12:a0:8e:1a:d6:fe:f3:5a:1d:94:2d:f8:ab:0b:ff:
0c:1d:a8:bf:0a:47:d4:ef:04:c3:db:c1:b1:47:a9:9b:01:ae:
3d:ef:ce:b3:f6:ac:3e:41:c9:e5:fe:e6:57:71:fa:d3:69:2e:
6f:05:0d:d8:25:2d:f5:8f:44:bf:cb:8f:82:21:a9:fa:90:f6:
9f:6d:92:ad:f3:db:42:bb:af:77:e5:06:49:38:8a:ff:ad:58:
ef:9b:4c:e0:ad:82:38:da:5f:d7:ea:46:01:0d:b2:42:c8:6b:
04:37:ca:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxMlZUXLrapQsfukiU5fbrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjA5MDMxODQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjEzZTBhOTMyM2YwODYzOWNmMjllZWYzMDQzZmQ2MGY0YTNmYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvbgrRBgeieR0u6ZldkG6QVFCFSm
QpLQ95Kb0sSmKuZjav8u8naTUJxLf19+jmVPEAe1BaVTMHJAtCyreaoIEPZLJgA5
m2WgBGWPlYEg/SgWaQlY+F9wstsjyVCgrhL4C1B0cBkdct5UZqlS6xp6WQpCvbrp
3OnShe07c4x6OULANPQj8H7qHz1yZkqoWz9IEjaeAeoD4lG+diR1Lrncs0VebIUR
fKa8BVsyU6zhxLuObrX9ftsn3HOdmJcE64Ya0Y7gltWWzrZQtZQrKwnpf1JznCj/
02x7gAJEff/6fBZJH7Hjed9Vlvo5uCuiJI/lyWHHcEyEjdbKWOQ1SJsp1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCsT4KkyPwhjnPKe7zBD/WD0o/qUMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvS3hQZ3FUSV9DR09jOHA3dk1FUDlZUFNqLXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHfKKUt/wjuL4W5dYCvQ
mhv7IjePV/ywGBOW+wYEZ3agmUCWNOX5yVdzj80DzUI/Fc1Lbe0DVg19+Yo84y6k
Zl7v8Ju6W4hLkQlTVy922Z6MRU5GJgwQ8hahu+4VtwpBbEMfcBCpkvsRbnJv9Mve
ObsPT9++P1JgTSL8fjTjc4pJ3Z8GDg4oM527hcZ1CCaRvQ3f8hKgjhrW/vNaHZQt
+KsL/wwdqL8KR9TvBMPbwbFHqZsBrj3vzrP2rD5ByeX+5ldx+tNpLm8FDdglLfWP
RL/Lj4IhqfqQ9p9tkq3z20K7r3flBkk4iv+tWO+bTOCtgjjaX9fqRgENskLIawQ3
ykQ=
-----END CERTIFICATE-----
Generated at Sat Apr 19 06:02:19 2025 by rpki-client