Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2smE_OpE3EwJUe4LHfcarFNVXek.roa
File: 2smE_OpE3EwJUe4LHfcarFNVXek.roa (raw, json)
Hash identifier: N9CYN+zSrXgB+ERGwSTNlVtnbIl2HLjHV+M/Xge7kY8=
Subject key identifier: DA:C9:84:FC:EA:44:DC:4C:09:51:EE:0B:1D:F7:1A:AC:53:55:5D:E9
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C4B761AF781DB206120BE28EB9B15E25B
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2smE_OpE3EwJUe4LHfcarFNVXek.roa
Signing time: Fri 08 Dec 2023 22:04:40 +0000
ROA not before: Fri 08 Dec 2023 22:04:40 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18c:4b75:bf18/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:4b:76:1a:f7:81:db:20:61:20:be:28:eb:9b:15:e2:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 8 22:04:40 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dac984fcea44dc4c0951ee0b1df71aac53555de9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:32:dc:99:3b:b3:75:3d:26:a2:7c:cb:7b:60:
b6:a3:b9:e9:be:9f:2d:fe:51:bd:49:f4:79:e2:09:
85:bb:2f:ab:19:51:c5:97:ca:b8:ec:2f:30:eb:f1:
f5:4d:52:c4:f8:dd:f3:8c:9e:55:f3:a3:79:8a:10:
b7:41:38:0e:e6:b3:52:10:98:d6:4f:d9:2e:e2:5d:
b1:dd:79:98:bf:bb:ae:de:e4:97:16:cd:62:c2:5d:
74:3a:ba:f2:07:ca:9b:85:a7:e1:3f:ba:82:19:e8:
1f:21:1d:31:b1:c5:98:76:45:0c:3a:2e:4c:b8:4c:
29:b8:a6:e8:ee:7f:9b:de:f0:96:80:38:5e:7d:e3:
07:eb:65:8e:d6:93:8a:38:75:08:d5:e3:f5:fd:62:
ad:f8:53:93:cc:d6:41:74:23:84:0e:fb:de:fc:cc:
32:91:dc:8a:e2:70:f8:2c:04:1c:1b:53:50:3f:e8:
77:55:a7:c9:b4:bb:7b:c8:62:40:c9:e0:6e:eb:8d:
f3:f9:59:33:95:97:7e:e7:83:0f:45:89:a5:78:71:
a9:5a:d3:cd:ad:b0:da:cb:40:04:a6:86:9b:38:ef:
02:a2:d5:42:8f:47:06:96:21:4a:65:80:dd:7e:6e:
d3:21:43:66:5e:25:1b:08:30:bb:12:63:aa:61:b8:
55:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C9:84:FC:EA:44:DC:4C:09:51:EE:0B:1D:F7:1A:AC:53:55:5D:E9
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2smE_OpE3EwJUe4LHfcarFNVXek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
9c:a5:47:1f:21:57:90:5b:62:bd:bc:f5:1a:e0:d4:4c:50:f6:
bd:07:1a:d5:85:19:31:bb:49:22:c6:21:b8:b2:0f:1a:b1:94:
8e:fa:34:a1:22:cd:96:0a:c2:ee:27:2c:71:c5:12:c0:72:89:
75:bc:4b:91:a6:a1:fa:32:b9:7e:73:0e:f7:04:cc:cc:1a:dd:
19:ec:4b:e0:e9:47:f9:9a:7a:f8:5e:aa:d5:89:7b:4b:3d:7c:
d9:18:6f:cc:07:d9:0b:a4:15:c8:24:71:f4:79:1b:80:07:20:
c9:4d:64:a2:f9:a2:ef:fd:61:75:4d:31:28:b7:aa:0b:89:7f:
0a:8b:3f:f6:f1:6f:2e:be:ff:a4:6d:08:e4:b8:25:6b:55:fd:
91:8f:94:60:42:03:68:af:79:00:55:50:86:b2:c7:61:55:e7:
83:df:27:e5:e3:07:60:a6:7b:20:9c:b7:1c:76:79:b8:54:94:
65:6d:8e:9a:14:21:88:5f:bd:95:13:8a:f5:52:7f:50:63:1a:
32:73:6b:0d:3a:03:27:b0:1d:f6:94:a7:fa:50:a0:54:51:8c:
b3:be:6d:af:13:12:d2:b7:64:b9:ef:4a:d1:81:db:84:20:3b:
94:7a:28:4c:7e:03:d1:47:8c:aa:a9:5a:62:9f:a9:1d:61:97:
7a:f3:6a:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxLdhr3gdsgYSC+KOubFeJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjA4MjIwNDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM5ODRmY2VhNDRkYzRjMDk1MWVlMGIxZGY3MWFhYzUzNTU1ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTLcmTuzdT0monzLe2C2o7npvp8t
/lG9SfR54gmFuy+rGVHFl8q47C8w6/H1TVLE+N3zjJ5V86N5ihC3QTgO5rNSEJjW
T9ku4l2x3XmYv7uu3uSXFs1iwl10OrryB8qbhafhP7qCGegfIR0xscWYdkUMOi5M
uEwpuKbo7n+b3vCWgDhefeMH62WO1pOKOHUI1eP1/WKt+FOTzNZBdCOEDvve/Mwy
kdyK4nD4LAQcG1NQP+h3VafJtLt7yGJAyeBu643z+VkzlZd+54MPRYmleHGpWtPN
rbDay0AEpoabOO8CotVCj0cGliFKZYDdfm7TIUNmXiUbCDC7EmOqYbhVZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNrJhPzqRNxMCVHuCx33GqxTVV3pMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvMnNtRV9PcEUzRXdKVWU0TEhmY2FyRk5WWGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJylRx8hV5BbYr289Rrg
1ExQ9r0HGtWFGTG7SSLGIbiyDxqxlI76NKEizZYKwu4nLHHFEsByiXW8S5Gmofoy
uX5zDvcEzMwa3RnsS+DpR/maevheqtWJe0s9fNkYb8wH2QukFcgkcfR5G4AHIMlN
ZKL5ou/9YXVNMSi3qguJfwqLP/bxby6+/6RtCOS4JWtV/ZGPlGBCA2iveQBVUIay
x2FV54PfJ+XjB2CmeyCctxx2ebhUlGVtjpoUIYhfvZUTivVSf1BjGjJzaw06Ayew
HfaUp/pQoFRRjLO+ba8TEtK3ZLnvStGB24QgO5R6KEx+A9FHjKqpWmKfqR1hl3rz
arA=
-----END CERTIFICATE-----
Generated at Tue Jun 17 22:32:51 2025 by rpki-client