Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/lFKRaaWcIha-UegasMz2bcGCizM.roa
File: lFKRaaWcIha-UegasMz2bcGCizM.roa (raw, json)
Hash identifier: Naac1S2PJ7Dl5nN7ROWSNCX8pjwnDuljJs51K5awHQY=
Subject key identifier: 94:52:91:69:A5:9C:22:16:BE:51:E8:1A:B0:CC:F6:6D:C1:82:8B:33
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A83459E282D7B356B050A83444400C989
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/lFKRaaWcIha-UegasMz2bcGCizM.roa
Signing time: Mon 11 Sep 2023 08:04:52 +0000
ROA not before: Mon 11 Sep 2023 08:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:8345:5d87/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:83:45:9e:28:2d:7b:35:6b:05:0a:83:44:44:00:c9:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 11 08:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=94529169a59c2216be51e81ab0ccf66dc1828b33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4b:f2:aa:ac:d8:95:02:fd:3f:d8:69:c7:75:
10:4a:3d:d3:f9:94:08:d9:f8:20:ac:83:f6:49:f6:
f4:e2:b2:41:38:92:33:e3:a7:00:61:af:a7:d2:bf:
c2:ce:c2:ce:98:33:ea:60:26:c7:0c:ee:3a:b0:b1:
97:17:7f:ff:4b:f7:69:cd:1b:f9:a4:2a:00:56:8a:
a2:e7:fa:9a:2a:8d:6e:b6:92:78:12:98:3e:5e:f3:
6e:49:7d:90:aa:d1:eb:62:f0:90:13:ff:91:41:e9:
c0:3b:f4:15:f7:e7:0b:d8:7e:77:7d:6e:8e:15:bb:
9e:3b:11:ce:8b:28:2e:4a:1a:99:9c:28:4a:3d:64:
93:91:5c:cc:a2:30:a3:8f:a5:ec:b2:97:35:68:01:
80:f7:30:e4:fe:05:69:f2:3d:14:1d:98:5d:0e:bc:
ec:23:a9:0c:83:ec:59:af:0c:fb:37:0e:5b:6b:dd:
89:c1:cf:03:59:44:e8:b8:d1:96:15:87:88:ce:9f:
5b:c0:69:b5:3b:77:9c:1c:b7:19:2d:28:ff:db:d7:
18:bc:a7:34:55:f3:9d:3f:de:21:ba:4b:9d:db:bd:
40:51:32:eb:69:99:f9:3a:53:8c:8d:db:9f:eb:65:
cc:8d:e4:77:5d:22:79:a2:67:49:c0:fa:37:33:6d:
76:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:52:91:69:A5:9C:22:16:BE:51:E8:1A:B0:CC:F6:6D:C1:82:8B:33
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/lFKRaaWcIha-UegasMz2bcGCizM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
6a:47:0b:88:fc:76:f6:51:92:2a:dc:f9:a6:90:d7:89:a7:d2:
9c:1a:26:eb:a4:74:08:a8:1b:ae:3b:9c:dd:50:fb:04:25:58:
0b:58:7f:3a:a8:0f:10:54:be:43:76:f7:35:a6:8f:7a:26:af:
f5:30:62:4e:1c:ac:af:3d:54:0b:ef:40:bd:9b:c8:81:f1:5a:
fa:47:f8:b7:d5:a5:cf:56:41:a3:c6:d3:3d:7d:4e:88:1f:a6:
8e:8a:d4:c5:0f:a8:de:94:d9:ab:93:60:a0:47:d3:04:72:a5:
0f:e1:99:30:dd:27:22:d4:4e:d7:f6:54:85:87:b9:07:be:0c:
fe:0f:01:b4:e7:82:fd:aa:21:88:a2:88:be:0d:f8:ec:ec:35:
37:73:50:3a:66:0a:14:ad:1d:ba:bd:d9:5c:57:bd:3f:0b:6f:
6e:ef:56:5c:8f:44:23:c0:aa:23:dc:ff:7d:c4:57:90:78:d5:
4f:1c:da:88:5f:22:30:65:22:6f:51:60:53:0d:07:8f:84:59:
86:a2:ca:9b:e0:78:c9:e0:5d:1e:2b:96:3f:3d:16:d0:76:d4:
39:6c:58:b2:f7:2e:33:07:34:5c:57:30:9b:9b:ed:21:4d:a3:
80:b0:51:e9:54:f3:e3:de:b6:25:c4:ce:2e:f3:f9:fa:af:19:
50:4f:ce:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYqDRZ4oLXs1awUKg0REAMmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTExMDgwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUyOTE2OWE1OWMyMjE2YmU1MWU4MWFiMGNjZjY2ZGMxODI4YjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskvyqqzYlQL9P9hpx3UQSj3T+ZQI
2fggrIP2Sfb04rJBOJIz46cAYa+n0r/CzsLOmDPqYCbHDO46sLGXF3//S/dpzRv5
pCoAVoqi5/qaKo1utpJ4Epg+XvNuSX2QqtHrYvCQE/+RQenAO/QV9+cL2H53fW6O
FbueOxHOiyguShqZnChKPWSTkVzMojCjj6Xsspc1aAGA9zDk/gVp8j0UHZhdDrzs
I6kMg+xZrwz7Nw5ba92Jwc8DWUTouNGWFYeIzp9bwGm1O3ecHLcZLSj/29cYvKc0
VfOdP94hukud271AUTLraZn5OlOMjduf62XMjeR3XSJ5omdJwPo3M212swIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJRSkWmlnCIWvlHoGrDM9m3BgoszMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvbEZLUmFhV2NJaGEtVWVnYXNNejJiY0dDaXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGpHC4j8dvZRkirc+aaQ
14mn0pwaJuukdAioG647nN1Q+wQlWAtYfzqoDxBUvkN29zWmj3omr/UwYk4crK89
VAvvQL2byIHxWvpH+LfVpc9WQaPG0z19Togfpo6K1MUPqN6U2auTYKBH0wRypQ/h
mTDdJyLUTtf2VIWHuQe+DP4PAbTngv2qIYiiiL4N+OzsNTdzUDpmChStHbq92VxX
vT8Lb27vVlyPRCPAqiPc/33EV5B41U8c2ohfIjBlIm9RYFMNB4+EWYaiypvgeMng
XR4rlj89FtB21DlsWLL3LjMHNFxXMJub7SFNo4CwUelU8+PetiXEzi7z+fqvGVBP
zuI=
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:20:17 2025 by rpki-client