Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/00ivH3o0kdlfUL1P7cs01g6KO4k.roa
File: 00ivH3o0kdlfUL1P7cs01g6KO4k.roa (raw, json)
Hash identifier: 5+iK76iLCQ6bR+cfJRo8kM1mMwnCcZb3jVMkfJ1beVI=
Subject key identifier: D3:48:AF:1F:7A:34:91:D9:5F:50:BD:4F:ED:CB:34:D6:0E:8A:3B:89
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A6FF66323CB786018CE08794B409505D2
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/00ivH3o0kdlfUL1P7cs01g6KO4k.roa
Signing time: Thu 07 Sep 2023 14:05:32 +0000
ROA not before: Thu 07 Sep 2023 14:05:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18a:6ff5:c620/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:6f:f6:63:23:cb:78:60:18:ce:08:79:4b:40:95:05:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 7 14:05:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d348af1f7a3491d95f50bd4fedcb34d60e8a3b89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:09:05:8e:c2:b8:92:8b:91:6a:ac:6b:ab:f6:
e1:77:f4:d2:5e:30:c6:92:97:8a:49:1e:95:9f:7f:
82:dd:32:b1:a2:d5:ca:c9:3f:63:7f:67:d2:cb:94:
1b:43:a1:1a:e8:ab:55:84:bd:cd:42:57:80:98:99:
53:ad:d2:75:b0:44:82:cf:3d:40:91:f2:a6:96:58:
ec:06:1a:97:c9:21:5d:42:59:34:67:21:78:78:06:
94:49:97:8c:75:5e:22:3f:ba:e2:2f:c0:7c:bf:38:
49:15:49:3b:b5:ad:e3:65:cc:1a:a7:dd:ac:7c:51:
4a:dc:f5:32:81:41:73:52:b1:e4:52:68:6d:48:e3:
25:98:da:49:b5:42:cf:5b:4e:77:8a:ef:f5:e2:43:
d8:d6:f8:30:0b:e3:1f:39:a2:6f:ca:05:75:33:82:
23:55:f9:22:ac:db:65:3d:1f:f6:9f:69:b9:e5:e2:
06:49:28:40:0b:41:36:e9:8a:0e:39:b6:b5:0a:40:
01:04:96:e0:0c:7e:fc:b3:79:2f:64:7e:ce:e9:80:
35:94:0d:b4:7b:19:0c:6a:fa:d2:ca:c9:0e:de:d7:
ee:84:dd:d5:83:ad:2e:11:3f:85:97:76:50:d8:1a:
28:b8:3f:4e:90:2e:d8:ec:99:01:84:07:83:b9:cd:
9a:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:48:AF:1F:7A:34:91:D9:5F:50:BD:4F:ED:CB:34:D6:0E:8A:3B:89
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/00ivH3o0kdlfUL1P7cs01g6KO4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
8d:88:8b:6f:31:ea:42:bf:8a:c8:44:26:a5:6f:91:ed:4e:36:
a1:f5:cf:92:32:e8:8b:30:f0:af:87:d2:81:51:9e:d7:e1:7b:
ba:5f:9d:f9:ef:cd:fe:95:aa:4a:50:e5:16:7b:73:21:e3:f3:
45:ea:fc:c7:b2:a2:6f:98:4e:98:27:d8:4f:b7:db:83:6d:a1:
28:08:23:6e:41:0b:8b:66:e2:91:73:c6:6f:fe:66:c9:81:be:
37:60:bd:fa:1d:13:fe:39:b4:bb:7b:f7:e5:22:aa:ea:ac:7a:
5f:1f:7b:dd:00:f7:68:5f:00:1e:00:3f:ab:31:03:3c:15:f2:
2f:18:ad:e8:f6:25:13:b8:e5:b4:a3:41:f3:d4:a2:19:e9:4f:
aa:6b:68:03:f7:20:02:3b:8c:76:46:54:2e:94:b1:5f:91:c3:
9e:d2:73:a0:df:b6:74:15:24:6c:3e:fd:0a:92:e3:b4:96:66:
1d:63:a0:75:2a:61:89:78:85:92:96:7e:24:af:9e:01:c7:fd:
a6:c9:c0:4c:25:6b:e3:ae:17:2b:0c:1a:60:46:de:52:45:81:
8b:89:36:c7:e6:29:31:66:a6:d3:dc:a4:c4:56:5b:d5:3e:db:
e1:9f:8b:53:c8:1e:fb:7f:c7:b2:af:9b:e0:0a:5d:2e:33:ad:
a0:22:a2:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYpv9mMjy3hgGM4IeUtAlQXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTA3MTQwNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQ4YWYxZjdhMzQ5MWQ5NWY1MGJkNGZlZGNiMzRkNjBlOGEzYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgkFjsK4kouRaqxrq/bhd/TSXjDG
kpeKSR6Vn3+C3TKxotXKyT9jf2fSy5QbQ6Ea6KtVhL3NQleAmJlTrdJ1sESCzz1A
kfKmlljsBhqXySFdQlk0ZyF4eAaUSZeMdV4iP7riL8B8vzhJFUk7ta3jZcwap92s
fFFK3PUygUFzUrHkUmhtSOMlmNpJtULPW053iu/14kPY1vgwC+MfOaJvygV1M4Ij
VfkirNtlPR/2n2m55eIGSShAC0E26YoOOba1CkABBJbgDH78s3kvZH7O6YA1lA20
exkMavrSyskO3tfuhN3Vg60uET+Fl3ZQ2BoouD9OkC7Y7JkBhAeDuc2aMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNNIrx96NJHZX1C9T+3LNNYOijuJMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvMDBpdkgzbzBrZGxmVUwxUDdjczAxZzZLTzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI2Ii28x6kK/ishEJqVv
ke1ONqH1z5Iy6Isw8K+H0oFRntfhe7pfnfnvzf6VqkpQ5RZ7cyHj80Xq/Meyom+Y
Tpgn2E+324NtoSgII25BC4tm4pFzxm/+ZsmBvjdgvfodE/45tLt79+Uiquqsel8f
e90A92hfAB4AP6sxAzwV8i8Yrej2JRO45bSjQfPUohnpT6praAP3IAI7jHZGVC6U
sV+Rw57Sc6DftnQVJGw+/QqS47SWZh1joHUqYYl4hZKWfiSvngHH/abJwEwla+Ou
FysMGmBG3lJFgYuJNsfmKTFmptPcpMRWW9U+2+Gfi1PIHvt/x7Kvm+AKXS4zraAi
ojQ=
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:38:54 2025 by rpki-client