Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3_2nwYsTfXyoetYky3raUMIrWCE.roa
File: 3_2nwYsTfXyoetYky3raUMIrWCE.roa (raw, json)
Hash identifier: 5ZCH4VNWmvFP1ku/vMuD9V3gk5w1Gx1kJSRpRgRKSKU=
Subject key identifier: DF:FD:A7:C1:8B:13:7D:7C:A8:7A:D6:24:CB:7A:DA:50:C2:2B:58:21
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018AB19ED12E06582E39A00F9038B11DA12F
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3_2nwYsTfXyoetYky3raUMIrWCE.roa
Signing time: Wed 20 Sep 2023 08:04:50 +0000
ROA not before: Wed 20 Sep 2023 08:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:b19e:4c51/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b1:9e:d1:2e:06:58:2e:39:a0:0f:90:38:b1:1d:a1:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Sep 20 08:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dffda7c18b137d7ca87ad624cb7ada50c22b5821
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:79:99:5c:fb:73:05:b9:88:ec:9c:86:86:6c:
ee:a2:54:c3:b4:9e:80:31:93:fb:67:71:1e:2e:ab:
7a:2e:7f:87:9e:7b:02:0a:b1:b8:a7:2c:56:35:3e:
5a:f7:73:e5:1f:cf:69:e1:6d:c7:a3:f8:5b:e5:6f:
57:2d:cf:3f:1a:47:db:03:7d:dc:4a:6c:e5:71:c3:
de:ff:bc:94:18:7a:d8:82:ee:eb:ea:a5:10:57:b0:
36:f5:1c:ed:d9:cd:fe:02:de:34:fd:51:07:b9:25:
1e:9c:cb:ba:07:e4:17:ab:52:05:b8:9e:df:3b:ba:
ce:37:2a:32:36:f1:59:bf:06:9b:52:bd:65:19:5c:
51:3b:2d:93:e8:e5:74:b7:3b:51:73:09:c7:2e:45:
29:bc:bd:3a:92:ec:32:dd:12:45:97:45:ef:91:ca:
d1:37:67:7a:f2:31:de:a0:e6:61:83:72:d5:e6:04:
29:fc:fd:cb:64:92:58:6a:ac:10:86:5e:82:ec:04:
c3:98:33:36:6a:78:d0:58:a4:9a:e1:92:0f:94:e7:
7f:75:77:d1:3b:ec:7d:f7:97:ab:42:fa:47:40:7c:
82:ae:a6:1d:7a:cf:4e:e3:17:23:0c:70:5b:26:b4:
05:96:8d:b5:5e:75:c0:4d:df:9d:a9:0d:e3:68:d1:
9d:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:FD:A7:C1:8B:13:7D:7C:A8:7A:D6:24:CB:7A:DA:50:C2:2B:58:21
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3_2nwYsTfXyoetYky3raUMIrWCE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
60:f8:65:6e:36:85:2e:9e:fa:0f:70:61:e5:b2:e9:cb:02:4c:
59:51:2c:2d:ff:f0:dd:8c:2a:23:2b:a4:7e:78:2e:49:d1:c1:
aa:ad:8e:17:e5:4d:06:e5:47:23:7c:55:c4:e2:b9:9a:bb:2e:
f0:8a:77:2d:4d:66:37:a7:6e:4e:77:bf:f0:6b:82:8f:1c:49:
a7:31:63:c3:33:c9:11:9a:14:65:90:0e:fd:06:bc:7d:53:25:
c0:d8:71:06:f6:85:95:29:e1:7d:e8:54:13:46:d5:5d:37:92:
8d:47:64:01:07:3b:50:15:1a:23:ca:b5:99:75:30:8f:96:a6:
f5:01:7e:fb:0c:ba:ac:b1:e6:9a:0b:ef:bd:86:39:c6:08:b3:
3d:29:d1:23:a2:6b:ac:a0:54:d0:cb:29:d3:7e:2c:0d:03:78:
3d:bb:28:00:2b:c4:09:af:22:3f:a4:07:74:d2:d0:e3:8e:fb:
b0:c7:0e:ce:be:3f:4f:18:47:2e:80:d0:c0:81:1c:fb:82:9c:
94:03:cf:94:41:55:82:ad:2a:08:58:91:c5:d5:1d:3e:a0:25:
c2:c1:4a:06:2c:3d:20:4a:0d:2a:de:f0:e9:20:ed:54:2c:a0:
9e:62:52:6e:e4:ec:69:a9:dc:20:f9:19:7b:ff:15:bd:e1:58:
58:fd:96:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYqxntEuBlguOaAPkDixHaEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMwOTIwMDgwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmZkYTdjMThiMTM3ZDdjYTg3YWQ2MjRjYjdhZGE1MGMyMmI1ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXmZXPtzBbmI7JyGhmzuolTDtJ6A
MZP7Z3EeLqt6Ln+HnnsCCrG4pyxWNT5a93PlH89p4W3Ho/hb5W9XLc8/GkfbA33c
SmzlccPe/7yUGHrYgu7r6qUQV7A29Rzt2c3+At40/VEHuSUenMu6B+QXq1IFuJ7f
O7rONyoyNvFZvwabUr1lGVxROy2T6OV0tztRcwnHLkUpvL06kuwy3RJFl0XvkcrR
N2d68jHeoOZhg3LV5gQp/P3LZJJYaqwQhl6C7ATDmDM2anjQWKSa4ZIPlOd/dXfR
O+x995erQvpHQHyCrqYdes9O4xcjDHBbJrQFlo21XnXATd+dqQ3jaNGdUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN/9p8GLE318qHrWJMt62lDCK1ghMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvM18ybndZc1RmWHlvZXRZa3kzcmFVTUlyV0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGD4ZW42hS6e+g9wYeWy
6csCTFlRLC3/8N2MKiMrpH54LknRwaqtjhflTQblRyN8VcTiuZq7LvCKdy1NZjen
bk53v/Brgo8cSacxY8MzyRGaFGWQDv0GvH1TJcDYcQb2hZUp4X3oVBNG1V03ko1H
ZAEHO1AVGiPKtZl1MI+WpvUBfvsMuqyx5poL772GOcYIsz0p0SOia6ygVNDLKdN+
LA0DeD27KAArxAmvIj+kB3TS0OOO+7DHDs6+P08YRy6A0MCBHPuCnJQDz5RBVYKt
KghYkcXVHT6gJcLBSgYsPSBKDSre8Okg7VQsoJ5iUm7k7Gmp3CD5GXv/Fb3hWFj9
lkk=
-----END CERTIFICATE-----
Generated at Thu Jun 19 01:23:06 2025 by rpki-client