Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/8xK9Kp39pvAgrTV_3GtyNrG1AN0.roa
File: 8xK9Kp39pvAgrTV_3GtyNrG1AN0.roa (raw, json)
Hash identifier: WY0CTKJ7dkgqxWhn6NXetGaWzXMuOXOjU77MEhdazvA=
Subject key identifier: F3:12:BD:2A:9D:FD:A6:F0:20:AD:35:7F:DC:6B:72:36:B1:B5:00:DD
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018AEA0EE787C3266996AD5184D6B490280B
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/8xK9Kp39pvAgrTV_3GtyNrG1AN0.roa
Signing time: Sun 01 Oct 2023 07:05:59 +0000
ROA not before: Sun 01 Oct 2023 07:05:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:ea0e:2f15/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ea:0e:e7:87:c3:26:69:96:ad:51:84:d6:b4:90:28:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 1 07:05:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f312bd2a9dfda6f020ad357fdc6b7236b1b500dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:db:fb:73:85:43:a8:02:0e:92:57:9a:6f:24:
cb:65:7d:73:e3:7f:ed:db:a4:d0:ca:26:e1:ec:27:
60:d2:7b:9a:33:bc:66:9a:0a:b0:25:3c:ef:64:75:
64:72:72:f4:1e:57:4b:57:1a:c0:7a:cf:c0:57:36:
3f:2e:5f:c7:7d:23:a6:83:76:e9:d3:46:40:c2:7a:
9b:df:fc:1c:77:d1:b9:df:87:9e:35:3a:0a:03:81:
ac:5a:b9:79:d5:b6:0b:11:13:bc:8a:eb:e2:7e:fb:
46:6f:80:d7:9b:27:3b:0c:35:83:d4:09:5d:4b:2e:
30:42:6d:a0:31:cd:64:31:ec:db:4d:9e:0e:be:7b:
eb:4d:9a:6b:b2:d5:81:b7:14:10:a8:f3:4d:70:50:
19:e1:ca:a7:f2:c7:86:8a:0b:0e:3f:42:0d:47:ec:
ac:6f:02:d4:10:c3:90:03:63:75:25:92:07:3a:fe:
86:1c:d6:fe:eb:07:3c:83:9e:8b:b8:b1:9c:47:cd:
ce:f5:6a:b3:70:d2:ce:b4:bd:0a:58:c1:67:cd:1c:
1b:c0:c2:a7:57:6a:d8:8f:05:4d:79:a0:64:d3:68:
fc:e9:3a:28:5f:e6:29:84:92:2c:9e:00:fc:26:62:
fb:02:6b:86:b9:60:56:31:7c:62:d2:43:4b:46:47:
eb:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:12:BD:2A:9D:FD:A6:F0:20:AD:35:7F:DC:6B:72:36:B1:B5:00:DD
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/8xK9Kp39pvAgrTV_3GtyNrG1AN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
5a:21:7c:ab:bb:15:b2:3c:15:93:1c:a2:50:4f:5b:4b:43:7e:
1e:ea:11:d4:15:56:d0:a4:3c:cd:bf:ab:0e:4b:80:19:c1:c8:
dc:0e:d0:44:a5:78:0b:0f:a1:5e:e3:bb:17:b6:65:4c:35:f3:
58:50:e9:07:65:28:df:b4:7b:eb:56:12:94:6f:f1:f4:ba:a5:
91:4d:d7:6d:0c:56:1c:51:05:90:68:7f:31:8e:5d:8e:b6:25:
e3:1d:a6:05:3c:e2:e9:dd:9e:76:ea:cc:5d:2b:3f:63:97:bc:
21:2d:e6:b9:95:3e:ce:4d:ae:e1:50:ad:ef:36:4b:5c:7e:4f:
58:b3:22:dd:12:fb:0f:66:0e:52:7d:3a:9d:67:48:9b:5d:00:
c8:eb:fb:01:88:f6:7b:2c:6b:b7:4e:86:18:c9:03:33:05:79:
5a:0c:83:f9:e7:72:d1:8e:51:ad:ff:28:c9:5c:e3:a9:7a:5e:
83:84:4c:7d:3c:34:9c:c7:6b:ad:b8:f7:ec:43:32:f7:65:31:
aa:45:f2:6d:40:00:78:83:a4:e6:ae:2a:1b:65:b1:01:0d:db:
1e:41:9b:87:6a:c3:c5:07:14:e4:80:86:b4:78:c1:0f:d6:8e:
c9:45:91:96:ca:df:3d:c8:f9:c3:76:f9:59:08:e6:20:9f:3c:
e1:27:e6:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYrqDueHwyZplq1RhNa0kCgLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDAxMDcwNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzEyYmQyYTlkZmRhNmYwMjBhZDM1N2ZkYzZiNzIzNmIxYjUwMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidv7c4VDqAIOkleabyTLZX1z43/t
26TQyibh7Cdg0nuaM7xmmgqwJTzvZHVkcnL0HldLVxrAes/AVzY/Ll/HfSOmg3bp
00ZAwnqb3/wcd9G534eeNToKA4GsWrl51bYLERO8iuvifvtGb4DXmyc7DDWD1Ald
Sy4wQm2gMc1kMezbTZ4OvnvrTZprstWBtxQQqPNNcFAZ4cqn8seGigsOP0INR+ys
bwLUEMOQA2N1JZIHOv6GHNb+6wc8g56LuLGcR83O9WqzcNLOtL0KWMFnzRwbwMKn
V2rYjwVNeaBk02j86TooX+YphJIsngD8JmL7AmuGuWBWMXxi0kNLRkfrzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPMSvSqd/abwIK01f9xrcjaxtQDdMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvOHhLOUtwMzlwdkFnclRWXzNHdHlOckcxQU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFohfKu7FbI8FZMcolBP
W0tDfh7qEdQVVtCkPM2/qw5LgBnByNwO0ESleAsPoV7juxe2ZUw181hQ6QdlKN+0
e+tWEpRv8fS6pZFN120MVhxRBZBofzGOXY62JeMdpgU84undnnbqzF0rP2OXvCEt
5rmVPs5NruFQre82S1x+T1izIt0S+w9mDlJ9Op1nSJtdAMjr+wGI9nssa7dOhhjJ
AzMFeVoMg/nnctGOUa3/KMlc46l6XoOETH08NJzHa6249+xDMvdlMapF8m1AAHiD
pOauKhtlsQEN2x5Bm4dqw8UHFOSAhrR4wQ/WjslFkZbK3z3I+cN2+VkI5iCfPOEn
5hw=
-----END CERTIFICATE-----
Generated at Fri Jun 20 03:47:57 2025 by rpki-client