Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NNqXHPOvFXzE7BvNW2kly_GCji0.roa
File: NNqXHPOvFXzE7BvNW2kly_GCji0.roa (raw, json)
Hash identifier: GrqN+C3GgigaML4xhmCUFJ8PHIBJMFzc7pSisy56O70=
Subject key identifier: 34:DA:97:1C:F3:AF:15:7C:C4:EC:1B:CD:5B:69:25:CB:F1:82:8E:2D
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018B35CCCAF6C061ACC33503BD21A9F17207
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NNqXHPOvFXzE7BvNW2kly_GCji0.roa
Signing time: Mon 16 Oct 2023 00:04:55 +0000
ROA not before: Mon 16 Oct 2023 00:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18b:35cc:3749/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:35:cc:ca:f6:c0:61:ac:c3:35:03:bd:21:a9:f1:72:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 16 00:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34da971cf3af157cc4ec1bcd5b6925cbf1828e2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:fc:41:3b:8b:77:18:d1:ad:95:8f:f7:39:30:
08:51:4c:4b:1a:33:5c:01:46:c2:f0:60:25:43:cb:
9d:1b:87:44:e3:12:47:42:f2:8a:c5:c3:32:73:28:
b0:fa:1d:db:34:da:c1:2d:e0:48:da:13:64:2f:01:
0f:bf:d8:1c:c3:53:b1:c4:f2:f6:46:8d:99:07:8c:
b4:2e:67:13:7d:0d:d6:5a:8c:35:b1:da:ff:ae:95:
43:1d:2d:7c:fa:80:07:e6:b9:98:7f:7f:28:4b:a1:
ac:6d:cf:bb:94:73:81:05:4f:78:ad:bb:ec:18:6b:
71:4c:07:f3:81:e1:e6:bb:f8:2a:84:79:54:3e:9f:
52:dc:00:08:84:6d:63:9a:72:4e:e5:12:73:87:f0:
76:0a:68:c6:a7:5c:16:f0:ea:17:95:0b:f5:47:29:
0a:37:01:dc:93:c5:28:98:79:5b:38:ec:27:56:ea:
2f:e0:1d:e0:9b:e8:60:ce:7a:2a:b6:6d:93:6a:3f:
39:11:77:82:d4:16:c0:a0:cb:4b:2a:02:d2:4c:65:
18:f9:77:f3:6e:77:f6:6a:58:8b:56:7a:bf:29:dd:
8c:aa:c7:df:73:55:38:b8:d9:1a:3f:06:a9:a5:9d:
38:f5:27:3c:d7:4a:6e:8f:e6:01:1d:e8:24:f0:a9:
fe:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:DA:97:1C:F3:AF:15:7C:C4:EC:1B:CD:5B:69:25:CB:F1:82:8E:2D
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NNqXHPOvFXzE7BvNW2kly_GCji0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
bc:88:4c:12:be:c3:fb:1b:8f:b2:9d:78:ab:31:7a:34:f5:26:
1e:d6:80:37:e4:03:42:14:f4:96:8c:8e:82:0d:4c:a0:72:49:
38:9f:46:63:7b:1b:e2:c8:64:6b:ee:06:f0:2b:be:9f:a8:ec:
dd:c5:b7:36:ae:1e:42:5f:58:23:c0:2a:3d:27:88:f8:36:d5:
56:7c:1c:a6:6e:90:7c:1a:78:10:03:bd:e9:e3:24:e1:8f:ae:
cd:51:4f:91:da:e4:d8:71:3d:c7:9e:8a:5e:26:07:f1:3f:be:
d3:b8:31:10:c1:f3:de:3a:ed:3f:fe:b1:58:92:c6:97:fb:fa:
1a:27:d0:1f:55:46:77:11:0d:8c:cb:0f:6b:ca:da:7f:b3:19:
a5:77:bd:b8:16:76:24:ca:71:e5:92:b8:fd:0e:db:7a:3d:9f:
c5:2d:47:d3:6e:66:71:d7:ad:c6:29:cc:d4:aa:5d:d1:5c:cf:
ed:28:98:82:fe:7b:4d:35:13:ee:79:cf:2b:58:62:94:4d:95:
95:5a:30:61:a6:cb:e3:ec:64:64:c3:b4:53:e4:eb:08:1b:fe:
1a:64:a9:8d:89:19:29:c7:ba:9e:2b:24:5b:d9:31:b0:bf:16:
62:47:aa:8c:cd:bd:2c:2d:b4:f7:a6:7c:ad:d8:e8:a5:72:f6:
6f:eb:22:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYs1zMr2wGGswzUDvSGp8XIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDE2MDAwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRhOTcxY2YzYWYxNTdjYzRlYzFiY2Q1YjY5MjVjYmYxODI4ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/xBO4t3GNGtlY/3OTAIUUxLGjNc
AUbC8GAlQ8udG4dE4xJHQvKKxcMycyiw+h3bNNrBLeBI2hNkLwEPv9gcw1OxxPL2
Ro2ZB4y0LmcTfQ3WWow1sdr/rpVDHS18+oAH5rmYf38oS6Gsbc+7lHOBBU94rbvs
GGtxTAfzgeHmu/gqhHlUPp9S3AAIhG1jmnJO5RJzh/B2CmjGp1wW8OoXlQv1RykK
NwHck8UomHlbOOwnVuov4B3gm+hgznoqtm2Taj85EXeC1BbAoMtLKgLSTGUY+Xfz
bnf2aliLVnq/Kd2Mqsffc1U4uNkaPwappZ049Sc810puj+YBHegk8Kn++QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDTalxzzrxV8xOwbzVtpJcvxgo4tMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvTk5xWEhQT3ZGWHpFN0J2Tlcya2x5X0dDamkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALyITBK+w/sbj7KdeKsx
ejT1Jh7WgDfkA0IU9JaMjoINTKBySTifRmN7G+LIZGvuBvArvp+o7N3FtzauHkJf
WCPAKj0niPg21VZ8HKZukHwaeBADvenjJOGPrs1RT5Ha5NhxPceeil4mB/E/vtO4
MRDB89467T/+sViSxpf7+hon0B9VRncRDYzLD2vK2n+zGaV3vbgWdiTKceWSuP0O
23o9n8UtR9NuZnHXrcYpzNSqXdFcz+0omIL+e001E+55zytYYpRNlZVaMGGmy+Ps
ZGTDtFPk6wgb/hpkqY2JGSnHup4rJFvZMbC/FmJHqozNvSwttPemfK3Y6KVy9m/r
Iq4=
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:55:07 2025 by rpki-client