Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/KG3ymqhsm0ZEILOeRknPcywMyfQ.roa
File: KG3ymqhsm0ZEILOeRknPcywMyfQ.roa (raw, json)
Hash identifier: r9NwLUAdrw7Q+OsIfOjw+bue6bG2BPoYBeTVBvLo1Hs=
Subject key identifier: 28:6D:F2:9A:A8:6C:9B:46:44:20:B3:9E:46:49:CF:73:2C:0C:C9:F4
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A7C30DFA95DEC515672BE647403338685
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/KG3ymqhsm0ZEILOeRknPcywMyfQ.roa
Signing time: Sat 09 Sep 2023 23:04:52 +0000
ROA not before: Sat 09 Sep 2023 23:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:7c30:5c07/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:7c:30:df:a9:5d:ec:51:56:72:be:64:74:03:33:86:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 9 23:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=286df29aa86c9b464420b39e4649cf732c0cc9f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:3e:2f:29:08:54:92:58:22:64:3b:db:eb:0b:
92:c3:3b:6a:cd:a9:4b:5b:df:c5:03:5d:39:81:2f:
05:12:43:9f:97:7a:3c:fa:15:39:68:7a:c0:66:0b:
c4:84:be:26:b6:d0:2c:85:31:c1:86:78:65:78:5d:
92:43:92:97:f4:21:37:c3:8d:15:c0:e5:36:5a:3a:
c3:f5:af:66:84:2e:d7:40:25:8b:a5:a0:e0:ad:9a:
54:8e:4e:de:02:e5:5b:c9:76:34:ba:ba:15:94:56:
89:9c:ef:75:f5:01:59:6e:17:79:03:c1:17:96:d1:
aa:71:db:1c:0f:de:d2:94:78:11:d1:1d:82:62:3d:
fc:de:0d:bc:77:a7:fa:48:dd:82:74:41:0c:1c:05:
f9:6f:2b:6e:1b:d2:f2:91:cf:d9:91:7d:65:22:1e:
60:50:e6:0d:8c:5c:bf:04:45:f0:55:6b:7a:df:85:
38:af:69:3e:e4:23:93:08:58:8a:2a:e0:65:26:11:
ea:a4:03:96:0a:cc:6a:20:92:16:84:f6:1b:45:0b:
09:45:24:0a:33:1f:ac:16:33:f3:69:02:87:4a:aa:
56:67:67:5e:a4:b7:ed:60:d7:b8:df:3d:7b:56:07:
be:a7:27:a6:ed:26:46:73:95:67:f1:65:4e:ff:12:
80:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:6D:F2:9A:A8:6C:9B:46:44:20:B3:9E:46:49:CF:73:2C:0C:C9:F4
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/KG3ymqhsm0ZEILOeRknPcywMyfQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
a6:80:b1:58:93:82:34:51:a8:01:74:c7:5f:6e:52:9d:34:7a:
1f:ca:dd:4a:cb:cb:98:ec:de:5c:d6:35:59:4f:f8:32:fb:ef:
5a:14:51:7e:52:31:b3:1f:8f:2d:bf:0f:dd:28:56:b7:0b:77:
42:74:05:8f:fe:7e:a6:67:55:04:26:1b:f6:3a:b0:fe:3c:75:
be:09:5d:e5:1c:ac:b5:a7:88:7d:4b:ff:94:10:b2:79:18:2a:
1c:53:40:63:fe:6e:f1:8f:45:83:21:24:d6:6a:82:a0:d8:57:
13:e7:c1:2c:ca:95:a6:59:5c:07:9c:19:d2:3e:89:8c:45:36:
13:63:e9:d9:9d:0c:cb:44:ab:3b:8c:14:31:36:0c:63:5c:1c:
2b:0c:c2:8f:c9:6c:b3:20:ca:a4:c9:89:17:2d:4a:9f:0c:3d:
fd:cb:fa:5b:2a:b7:63:e1:df:ed:73:68:fc:91:9b:6f:0e:a0:
08:13:a1:db:f7:c2:31:2f:24:92:33:c9:b6:44:fb:1c:ad:ce:
71:37:8f:3a:59:dd:86:0f:89:d9:17:a5:f8:a7:a9:79:13:17:
89:42:0d:79:a7:69:6f:62:96:3b:2c:ce:63:74:96:6b:93:19:
98:1d:57:4c:a5:18:3f:06:e1:da:2f:16:09:6d:e0:7a:1b:b8:
9a:cb:60:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYp8MN+pXexRVnK+ZHQDM4aFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTA5MjMwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODZkZjI5YWE4NmM5YjQ2NDQyMGIzOWU0NjQ5Y2Y3MzJjMGNjOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgz4vKQhUklgiZDvb6wuSwztqzalL
W9/FA105gS8FEkOfl3o8+hU5aHrAZgvEhL4mttAshTHBhnhleF2SQ5KX9CE3w40V
wOU2WjrD9a9mhC7XQCWLpaDgrZpUjk7eAuVbyXY0uroVlFaJnO919QFZbhd5A8EX
ltGqcdscD97SlHgR0R2CYj383g28d6f6SN2CdEEMHAX5bytuG9Lykc/ZkX1lIh5g
UOYNjFy/BEXwVWt634U4r2k+5COTCFiKKuBlJhHqpAOWCsxqIJIWhPYbRQsJRSQK
Mx+sFjPzaQKHSqpWZ2depLftYNe43z17Vge+pyem7SZGc5Vn8WVO/xKAnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCht8pqobJtGRCCznkZJz3MsDMn0MB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvS0czeW1xaHNtMFpFSUxPZVJrblBjeXdNeWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKaAsViTgjRRqAF0x19u
Up00eh/K3UrLy5js3lzWNVlP+DL771oUUX5SMbMfjy2/D90oVrcLd0J0BY/+fqZn
VQQmG/Y6sP48db4JXeUcrLWniH1L/5QQsnkYKhxTQGP+bvGPRYMhJNZqgqDYVxPn
wSzKlaZZXAecGdI+iYxFNhNj6dmdDMtEqzuMFDE2DGNcHCsMwo/JbLMgyqTJiRct
Sp8MPf3L+lsqt2Ph3+1zaPyRm28OoAgTodv3wjEvJJIzybZE+xytznE3jzpZ3YYP
idkXpfinqXkTF4lCDXmnaW9iljsszmN0lmuTGZgdV0ylGD8G4dovFglt4HobuJrL
YLY=
-----END CERTIFICATE-----
Generated at Wed Jun 11 11:21:02 2025 by rpki-client