Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3dwcOSFoR21P-MkOSJ-nT8ERcSw.roa
File: 3dwcOSFoR21P-MkOSJ-nT8ERcSw.roa (raw, json)
Hash identifier: 6VR18XQAV6QqkOkP6b7+ph3U6SuWh57fG1zIuFIlJLk=
Subject key identifier: DD:DC:1C:39:21:68:47:6D:4F:F8:C9:0E:48:9F:A7:4F:C1:11:71:2C
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BCB9405CCD33B37D2777F9D7CB5F1F6BF
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3dwcOSFoR21P-MkOSJ-nT8ERcSw.roa
Signing time: Tue 14 Nov 2023 02:05:57 +0000
ROA not before: Tue 14 Nov 2023 02:05:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18b:cb93:6f32/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:cb:94:05:cc:d3:3b:37:d2:77:7f:9d:7c:b5:f1:f6:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 14 02:05:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dddc1c392168476d4ff8c90e489fa74fc111712c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:72:12:b6:d6:69:60:e3:8d:79:f8:4a:21:31:
58:6c:42:41:7f:bc:d8:00:f6:20:af:dc:66:2f:a3:
b9:1e:b8:4c:06:49:4f:94:d1:a5:e0:c2:c6:bd:19:
8a:ce:6c:14:3e:82:4c:99:28:a2:d9:51:e2:e4:83:
a3:3c:15:60:ce:a0:9e:4c:64:df:8d:5e:e6:49:d6:
bd:b5:83:c7:4c:97:e4:6c:d4:78:52:c0:61:c5:f6:
54:da:45:0e:01:b6:de:92:4e:8a:79:fb:5f:34:73:
9c:f3:a0:49:37:a8:f4:9d:7e:c1:6b:9e:03:be:54:
e1:39:78:d9:f7:f0:40:93:4c:29:95:4c:87:3d:9d:
85:f8:3b:c4:be:0d:b3:72:c6:46:52:2b:34:86:80:
a8:28:3f:6d:79:d1:33:a9:58:66:ab:fe:27:01:a7:
f0:e8:0e:67:cf:77:2c:c2:08:90:80:4c:57:a6:e1:
77:5a:75:cf:cc:9c:7c:cf:df:d9:7b:58:e0:a9:07:
79:ba:b6:85:21:48:3e:96:56:c4:79:7b:7e:88:ec:
1a:44:9d:2e:03:f4:4c:c6:c9:d7:ac:70:81:d2:a2:
28:76:12:b2:7a:13:3b:de:c7:a7:51:7b:f4:8b:e4:
a5:6c:c4:4c:e1:6c:c5:0f:02:9a:53:ce:dd:4e:cc:
0a:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:DC:1C:39:21:68:47:6D:4F:F8:C9:0E:48:9F:A7:4F:C1:11:71:2C
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/3dwcOSFoR21P-MkOSJ-nT8ERcSw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
c2:fe:2b:16:f5:68:22:23:ec:79:f7:80:f6:1d:46:1f:7a:2d:
e4:f1:88:04:30:53:40:73:f1:2e:ef:e7:a5:5e:9b:a3:11:e2:
26:41:a9:22:61:9c:94:7a:9d:97:5f:b1:f2:7b:47:1f:78:a1:
2b:85:07:20:21:78:91:88:28:7f:ca:d9:2e:cd:15:73:42:44:
5b:b2:36:79:f3:fc:1e:17:95:63:de:31:9a:dd:c1:90:1b:8d:
e8:b9:39:c5:2f:35:46:51:78:77:31:09:bb:46:10:6c:1d:54:
98:f0:f3:88:b4:2d:ca:dc:f5:a6:ce:53:0e:c6:0a:d7:fa:52:
d0:95:1e:6b:00:e3:88:e9:b5:c7:36:04:a2:c7:d6:e5:3e:4d:
af:45:fb:08:78:fd:99:58:96:d0:23:6d:e4:f9:2c:42:c6:6d:
dc:20:c5:06:6c:7c:0d:44:97:c4:98:ed:73:2a:6c:49:33:65:
34:2e:89:e5:32:f6:7b:a8:6d:23:17:44:65:8f:4f:27:c2:46:
36:ea:01:e5:9e:0a:e6:ba:1c:3f:1c:b9:c0:f2:44:a1:f9:5d:
d9:e1:ad:88:e9:7e:82:7a:2e:34:ec:fd:89:30:38:7c:b3:cf:
10:2d:90:d7:06:03:71:77:5f:8e:80:0b:ba:55:0b:50:db:75:
3d:a5:81:a7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvLlAXM0zs30nd/nXy18fa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTE0MDIwNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGRjMWMzOTIxNjg0NzZkNGZmOGM5MGU0ODlmYTc0ZmMxMTE3MTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHISttZpYOONefhKITFYbEJBf7zY
APYgr9xmL6O5HrhMBklPlNGl4MLGvRmKzmwUPoJMmSii2VHi5IOjPBVgzqCeTGTf
jV7mSda9tYPHTJfkbNR4UsBhxfZU2kUOAbbekk6KeftfNHOc86BJN6j0nX7Ba54D
vlThOXjZ9/BAk0wplUyHPZ2F+DvEvg2zcsZGUis0hoCoKD9tedEzqVhmq/4nAafw
6A5nz3cswgiQgExXpuF3WnXPzJx8z9/Ze1jgqQd5uraFIUg+llbEeXt+iOwaRJ0u
A/RMxsnXrHCB0qIodhKyehM73senUXv0i+SlbMRM4WzFDwKaU87dTswKSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN3cHDkhaEdtT/jJDkifp0/BEXEsMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvM2R3Y09TRm9SMjFQLU1rT1NKLW5UOEVSY1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAML+Kxb1aCIj7Hn3gPYd
Rh96LeTxiAQwU0Bz8S7v56Vem6MR4iZBqSJhnJR6nZdfsfJ7Rx94oSuFByAheJGI
KH/K2S7NFXNCRFuyNnnz/B4XlWPeMZrdwZAbjei5OcUvNUZReHcxCbtGEGwdVJjw
84i0Lcrc9abOUw7GCtf6UtCVHmsA44jptcc2BKLH1uU+Ta9F+wh4/ZlYltAjbeT5
LELGbdwgxQZsfA1El8SY7XMqbEkzZTQuieUy9nuobSMXRGWPTyfCRjbqAeWeCua6
HD8cucDyRKH5XdnhrYjpfoJ6LjTs/YkwOHyzzxAtkNcGA3F3X46AC7pVC1DbdT2l
gac=
-----END CERTIFICATE-----
Generated at Tue Jun 17 15:50:29 2025 by rpki-client