Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/AqOXX_qNcnaLZXLKIdncdsom3ek.roa
File: AqOXX_qNcnaLZXLKIdncdsom3ek.roa (raw, json)
Hash identifier: 1wlB6bxw4nQhe+V3qC9vGRD6l+pGHgvmsm1kwIc8V+I=
Subject key identifier: 02:A3:97:5F:FA:8D:72:76:8B:65:72:CA:21:D9:DC:76:CA:26:DD:E9
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BFBA33F02B289B43C2B9DF915781F6CE4
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/AqOXX_qNcnaLZXLKIdncdsom3ek.roa
Signing time: Thu 23 Nov 2023 10:04:21 +0000
ROA not before: Thu 23 Nov 2023 10:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64:ffff:0:18b:fba2:de95/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:fb:a3:3f:02:b2:89:b4:3c:2b:9d:f9:15:78:1f:6c:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 23 10:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02a3975ffa8d72768b6572ca21d9dc76ca26dde9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:3e:e7:85:e8:4c:b7:99:01:a0:e2:a1:9c:1b:
dc:0d:43:0c:d5:45:f1:f6:ac:c5:39:79:fd:a2:33:
0d:4e:d5:c0:09:d4:58:55:f9:42:e7:0a:ee:04:01:
51:1a:0e:86:a0:28:3e:f3:08:c3:be:80:2a:7b:c8:
61:db:98:3c:90:35:a6:db:26:a9:08:14:03:6f:93:
45:de:ea:54:47:25:3e:ac:d6:4c:1b:b8:a5:af:fa:
80:a1:af:54:2b:e9:22:5a:de:56:b6:83:fb:59:c0:
3a:e1:da:f8:5a:48:10:ac:d2:bf:57:13:88:72:ec:
63:87:a1:57:f6:d1:f2:0f:88:f7:b3:5a:f4:4e:80:
50:7d:97:24:29:1f:79:28:c9:f6:1c:bb:2b:11:bc:
24:d1:90:a4:bf:ff:e2:eb:9c:5e:e2:ab:5f:dc:06:
6a:45:63:cb:64:68:ac:f5:03:30:b9:8c:e5:b7:b7:
e2:0a:98:84:cc:1f:d7:97:cc:7b:a0:48:67:25:8c:
64:ef:5e:33:55:9f:28:c0:d9:35:f7:56:36:e5:77:
65:2b:45:f7:d7:4b:d7:bb:46:38:ab:cc:b5:ec:ff:
7c:4e:df:be:97:1c:21:40:4e:27:42:dd:6f:08:2a:
d4:ee:3b:66:27:a9:f9:35:7d:66:be:59:c0:45:f5:
55:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:A3:97:5F:FA:8D:72:76:8B:65:72:CA:21:D9:DC:76:CA:26:DD:E9
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/AqOXX_qNcnaLZXLKIdncdsom3ek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
38:a8:ab:09:9e:ce:5e:cb:d5:ce:ed:7b:e2:77:b4:0d:1a:e0:
fe:52:1c:03:1c:a3:02:3e:ed:80:1b:91:db:c4:ad:93:da:2b:
c6:f7:d4:48:0a:27:bd:9b:0f:50:20:71:cb:ad:81:b3:09:ec:
d2:45:2a:f9:5f:e7:c9:a2:c8:b0:4e:24:ae:1d:4d:a5:1c:b2:
f6:f3:03:d5:1a:3b:c4:4c:b9:f3:ea:d2:e2:c2:9b:a0:e2:d8:
87:3d:98:16:19:bd:46:b5:b2:c0:21:0c:65:e0:4b:75:9a:47:
3c:f8:d8:6a:92:d2:27:20:34:0f:3f:8f:5d:8a:95:28:60:41:
87:dc:a2:f8:62:74:a6:e9:2b:7d:d7:02:04:61:72:f5:54:e3:
b3:8b:d8:43:e8:90:47:3c:9a:b4:54:08:2d:97:db:03:80:77:
92:d9:76:f4:b5:fe:ff:21:04:a5:06:8e:3e:b0:56:15:30:18:
3d:f3:30:44:53:fe:c5:02:08:2e:5c:1d:4d:27:e2:20:3a:60:
9d:50:bc:5b:b5:9b:1a:0f:de:26:98:5c:8f:25:8f:6a:08:67:
ba:a8:38:68:0f:65:07:49:c1:9c:94:bd:de:5d:87:bf:91:0c:
bf:be:fb:5a:6c:68:b3:5c:e9:b5:1f:31:4c:e0:97:03:1d:4e:
06:a5:8f:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYv7oz8Csom0PCud+RV4H2zkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTIzMTAwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmEzOTc1ZmZhOGQ3Mjc2OGI2NTcyY2EyMWQ5ZGM3NmNhMjZkZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT7nhehMt5kBoOKhnBvcDUMM1UXx
9qzFOXn9ojMNTtXACdRYVflC5wruBAFRGg6GoCg+8wjDvoAqe8hh25g8kDWm2yap
CBQDb5NF3upURyU+rNZMG7ilr/qAoa9UK+kiWt5WtoP7WcA64dr4WkgQrNK/VxOI
cuxjh6FX9tHyD4j3s1r0ToBQfZckKR95KMn2HLsrEbwk0ZCkv//i65xe4qtf3AZq
RWPLZGis9QMwuYzlt7fiCpiEzB/Xl8x7oEhnJYxk714zVZ8owNk191Y25XdlK0X3
10vXu0Y4q8y17P98Tt++lxwhQE4nQt1vCCrU7jtmJ6n5NX1mvlnARfVVkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAKjl1/6jXJ2i2VyyiHZ3HbKJt3pMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvQXFPWFhfcU5jbmFMWlhMS0lkbmNkc29tM2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADioqwmezl7L1c7te+J3
tA0a4P5SHAMcowI+7YAbkdvErZPaK8b31EgKJ72bD1AgccutgbMJ7NJFKvlf58mi
yLBOJK4dTaUcsvbzA9UaO8RMufPq0uLCm6Di2Ic9mBYZvUa1ssAhDGXgS3WaRzz4
2GqS0icgNA8/j12KlShgQYfcovhidKbpK33XAgRhcvVU47OL2EPokEc8mrRUCC2X
2wOAd5LZdvS1/v8hBKUGjj6wVhUwGD3zMERT/sUCCC5cHU0n4iA6YJ1QvFu1mxoP
3iaYXI8lj2oIZ7qoOGgPZQdJwZyUvd5dh7+RDL+++1psaLNc6bUfMUzglwMdTgal
j+s=
-----END CERTIFICATE-----
Generated at Wed Jun 18 01:45:27 2025 by rpki-client