Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/Odctlx1yxJrAmI7QpcEVMd3qaDw.roa
File: Odctlx1yxJrAmI7QpcEVMd3qaDw.roa (raw, json)
Hash identifier: qoRoE865XoUsbEKI4LZ00vf2ycwT153WDPlnT3yapWw=
Subject key identifier: 39:D7:2D:97:1D:72:C4:9A:C0:98:8E:D0:A5:C1:15:31:DD:EA:68:3C
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018B4DAC3F3188E4F057834FE1061DD383CE
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/Odctlx1yxJrAmI7QpcEVMd3qaDw.roa
Signing time: Fri 20 Oct 2023 15:20:15 +0000
ROA not before: Fri 20 Oct 2023 15:20:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:4d:ac:3f:31:88:e4:f0:57:83:4f:e1:06:1d:d3:83:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 20 15:20:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=39d72d971d72c49ac0988ed0a5c11531ddea683c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:29:a6:54:b9:91:48:2e:f0:fc:41:71:f8:36:
f5:9e:be:24:56:94:77:ed:b2:e2:a9:c6:39:af:9f:
8e:c0:ff:cf:c5:f8:09:0b:29:b2:88:96:95:9e:02:
90:c5:cf:46:8c:9b:10:f7:db:f4:5d:fa:05:08:12:
92:fd:ca:e6:9e:62:27:7c:6f:cc:90:e6:58:78:19:
55:66:80:1d:70:20:72:9f:02:af:11:be:f2:80:28:
e7:a4:77:11:16:e4:26:89:c3:38:f5:2a:1a:fe:1c:
50:66:1c:c0:4c:08:f5:51:1d:a0:3b:fe:a1:94:00:
8d:1a:3a:0a:27:9b:fe:cb:ad:40:bb:4d:66:15:72:
26:8d:94:25:6f:5d:da:38:ce:69:b3:39:93:5d:90:
88:e8:77:52:bb:b2:25:33:91:0c:db:ea:de:4a:ca:
9b:bc:10:11:52:76:91:ca:bf:4f:ce:e2:b4:42:6c:
2c:49:a7:10:89:a4:a7:2c:de:70:48:03:08:68:f9:
ef:cb:1e:bf:7b:da:5a:ef:76:05:17:05:1c:49:3c:
2e:7b:d0:59:b9:9b:83:b1:54:b0:64:5c:f5:94:e5:
d6:9a:f1:86:86:9e:8a:0b:37:2b:c2:55:ff:27:89:
57:42:95:72:d9:a9:bb:a3:14:ea:82:a6:74:7a:ef:
45:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:D7:2D:97:1D:72:C4:9A:C0:98:8E:D0:A5:C1:15:31:DD:EA:68:3C
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/Odctlx1yxJrAmI7QpcEVMd3qaDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
6f:4b:83:99:c0:0a:b7:b1:71:ea:2a:5e:4a:c3:62:6e:69:bc:
f8:d0:61:ec:47:92:08:ff:9f:dd:89:78:5e:ac:b3:66:12:7c:
2a:f6:f6:26:4e:22:38:90:d0:9b:57:9a:47:4f:62:bc:36:8d:
b4:ed:45:e3:87:6f:00:1d:64:b0:86:f0:e3:9a:fe:b0:28:b2:
e3:3c:5b:e9:51:5e:88:52:f1:57:35:3b:f5:e9:f8:c4:1b:e9:
bd:e9:3c:6d:f9:26:df:e4:e4:92:d7:89:3e:bd:ac:4c:cf:dc:
f8:67:c0:41:b5:62:7a:16:cc:0d:66:93:cf:46:eb:ce:83:7f:
f4:da:ee:01:6c:35:37:68:d6:7d:78:0c:13:df:5b:d8:16:70:
e1:70:1b:14:6d:d0:c2:39:06:23:28:2f:4a:74:14:54:73:c6:
fe:e8:b9:2e:bc:9a:9f:2a:6c:2f:c8:e2:7d:d1:a9:8f:6c:23:
c9:28:88:bd:13:ef:f8:21:94:0c:34:f1:9e:36:e7:23:9c:4a:
10:b1:90:05:42:5e:c0:21:a8:fb:e7:fe:9d:2f:2e:3b:61:42:
7b:bd:53:02:7d:57:04:c9:68:0c:7a:47:34:39:a3:f0:21:f6:
de:de:81:00:cb:c1:a4:27:7b:bd:1f:26:28:d3:f8:2a:0c:a7:
ea:d1:70:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYtNrD8xiOTwV4NP4QYd04POMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDIwMTUyMDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ3MmQ5NzFkNzJjNDlhYzA5ODhlZDBhNWMxMTUzMWRkZWE2ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnymmVLmRSC7w/EFx+Db1nr4kVpR3
7bLiqcY5r5+OwP/PxfgJCymyiJaVngKQxc9GjJsQ99v0XfoFCBKS/crmnmInfG/M
kOZYeBlVZoAdcCBynwKvEb7ygCjnpHcRFuQmicM49Soa/hxQZhzATAj1UR2gO/6h
lACNGjoKJ5v+y61Au01mFXImjZQlb13aOM5pszmTXZCI6HdSu7IlM5EM2+reSsqb
vBARUnaRyr9PzuK0QmwsSacQiaSnLN5wSAMIaPnvyx6/e9pa73YFFwUcSTwue9BZ
uZuDsVSwZFz1lOXWmvGGhp6KCzcrwlX/J4lXQpVy2am7oxTqgqZ0eu9FgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDnXLZcdcsSawJiO0KXBFTHd6mg8MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvT2RjdGx4MXl4SnJBbUk3UXBjRVZNZDNxYUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG9Lg5nACrexceoqXkrD
Ym5pvPjQYexHkgj/n92JeF6ss2YSfCr29iZOIjiQ0JtXmkdPYrw2jbTtReOHbwAd
ZLCG8OOa/rAosuM8W+lRXohS8Vc1O/Xp+MQb6b3pPG35Jt/k5JLXiT69rEzP3Phn
wEG1YnoWzA1mk89G686Df/Ta7gFsNTdo1n14DBPfW9gWcOFwGxRt0MI5BiMoL0p0
FFRzxv7ouS68mp8qbC/I4n3RqY9sI8koiL0T7/ghlAw08Z425yOcShCxkAVCXsAh
qPvn/p0vLjthQnu9UwJ9VwTJaAx6RzQ5o/Ah9t7egQDLwaQne70fJijT+CoMp+rR
cNA=
-----END CERTIFICATE-----
Generated at Sun Jun 8 14:26:14 2025 by rpki-client