Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/XOX3DvjH3lXGC1jIobeZCcucTJk.roa
File: XOX3DvjH3lXGC1jIobeZCcucTJk.roa (raw, json)
Hash identifier: gsT8JYxPGA+XrSZK+Qw4xaOLIA0mFNfEnmrbIeS/KUU=
Subject key identifier: 5C:E5:F7:0E:F8:C7:DE:55:C6:0B:58:C8:A1:B7:99:09:CB:9C:4C:99
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BD019404BE08269E3D799E2793026DD5D
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/XOX3DvjH3lXGC1jIobeZCcucTJk.roa
Signing time: Tue 14 Nov 2023 23:09:57 +0000
ROA not before: Tue 14 Nov 2023 23:09:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d0:19:40:4b:e0:82:69:e3:d7:99:e2:79:30:26:dd:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 14 23:09:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5ce5f70ef8c7de55c60b58c8a1b79909cb9c4c99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:00:3c:95:c6:3a:1e:8f:08:a4:c8:fe:b7:03:
4d:f9:48:67:b3:e3:be:e4:9d:6c:c1:8c:45:b8:85:
54:04:36:e6:7b:3c:3e:0b:0f:ab:76:12:54:1e:08:
10:6c:93:f8:b9:c5:23:42:cd:a6:62:cc:94:91:dd:
43:c3:d3:54:e3:d1:29:c7:e5:5f:aa:fe:8e:22:91:
44:91:f4:b3:c2:b8:40:42:7e:ce:98:3e:33:07:1a:
3f:de:e9:53:8e:2f:4b:e9:64:41:58:34:d5:8a:7d:
a6:5d:63:55:a7:5a:ad:5d:54:80:a2:6c:56:66:2a:
bf:8b:cb:29:69:27:0e:d5:8e:88:26:91:e7:08:d3:
ab:44:bd:9c:12:d3:d2:be:31:0a:a5:ac:3e:65:98:
16:ff:f1:93:74:f5:bb:27:63:15:45:23:dd:8c:93:
9b:5e:37:58:2b:8c:71:34:f3:e3:14:3a:1b:52:dc:
da:08:23:ab:3b:b0:33:8c:88:5c:0e:26:e0:dc:3e:
d7:74:79:71:d1:fd:9e:be:78:19:e6:2e:9f:aa:e5:
c9:40:bf:8d:bd:24:ad:1e:fe:52:49:44:3c:32:16:
57:86:87:f6:15:44:29:c9:4a:9a:da:64:01:db:74:
ad:a1:15:d0:02:c1:8f:6d:e8:20:d7:8e:9a:3a:af:
38:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:E5:F7:0E:F8:C7:DE:55:C6:0B:58:C8:A1:B7:99:09:CB:9C:4C:99
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/XOX3DvjH3lXGC1jIobeZCcucTJk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
86:a1:e7:c6:0c:5b:3d:f9:cd:13:70:8f:e7:6e:7a:6b:99:3d:
59:be:db:fe:6e:74:f8:be:c7:0d:4b:e2:8a:1a:07:db:a8:e6:
15:76:ad:15:37:d5:8f:65:3d:94:33:f9:3e:e1:5c:11:41:f4:
da:c6:61:3a:84:7f:78:56:56:ea:ec:c4:5a:0a:08:54:2e:33:
32:3a:e5:ea:44:35:62:ff:7a:91:82:ee:12:a9:51:b2:24:35:
c1:fb:18:77:62:8a:64:71:ac:84:b7:a6:59:6e:9f:b5:67:fc:
b0:e4:c5:b1:63:8d:54:ef:c2:ed:ac:fb:72:8b:e0:a3:c4:6e:
6f:5f:45:5b:ec:db:89:3c:91:5f:cf:fe:f0:3c:19:aa:fb:e7:
3a:c2:54:97:b1:c5:d3:c8:f9:ef:bd:c9:c7:32:0f:c2:9c:2b:
14:58:a4:62:21:dc:cd:67:8b:9c:89:68:60:ea:f0:c8:72:04:
9c:0d:8f:73:83:57:55:9e:cd:76:91:0c:3b:1a:63:3f:8f:e1:
49:72:30:63:fd:e8:7e:78:0e:32:41:9f:59:7a:06:81:01:ae:
19:8a:9d:e1:0b:0b:0d:5f:74:34:77:6d:92:a7:7c:dd:98:34:
d4:49:11:28:e2:40:cb:cc:f5:62:05:c5:52:0d:4c:02:50:ad:
8e:6f:7b:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvQGUBL4IJp49eZ4nkwJt1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTE0MjMwOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U1ZjcwZWY4YzdkZTU1YzYwYjU4YzhhMWI3OTkwOWNiOWM0Yzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQA8lcY6Ho8IpMj+twNN+Uhns+O+
5J1swYxFuIVUBDbmezw+Cw+rdhJUHggQbJP4ucUjQs2mYsyUkd1Dw9NU49Epx+Vf
qv6OIpFEkfSzwrhAQn7OmD4zBxo/3ulTji9L6WRBWDTVin2mXWNVp1qtXVSAomxW
Ziq/i8spaScO1Y6IJpHnCNOrRL2cEtPSvjEKpaw+ZZgW//GTdPW7J2MVRSPdjJOb
XjdYK4xxNPPjFDobUtzaCCOrO7AzjIhcDibg3D7XdHlx0f2evngZ5i6fquXJQL+N
vSStHv5SSUQ8MhZXhof2FUQpyUqa2mQB23StoRXQAsGPbegg146aOq84nwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFzl9w74x95VxgtYyKG3mQnLnEyZMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvWE9YM0R2akgzbFhHQzFqSW9iZVpDY3VjVEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIah58YMWz35zRNwj+du
emuZPVm+2/5udPi+xw1L4ooaB9uo5hV2rRU31Y9lPZQz+T7hXBFB9NrGYTqEf3hW
VursxFoKCFQuMzI65epENWL/epGC7hKpUbIkNcH7GHdiimRxrIS3pllun7Vn/LDk
xbFjjVTvwu2s+3KL4KPEbm9fRVvs24k8kV/P/vA8Gar75zrCVJexxdPI+e+9yccy
D8KcKxRYpGIh3M1ni5yJaGDq8MhyBJwNj3ODV1WezXaRDDsaYz+P4UlyMGP96H54
DjJBn1l6BoEBrhmKneELCw1fdDR3bZKnfN2YNNRJESjiQMvM9WIFxVINTAJQrY5v
e9I=
-----END CERTIFICATE-----
Generated at Sun Apr 20 19:16:11 2025 by rpki-client