Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/CQFrn_fCkKdY1x75duipNrUSFPQ.roa
File: CQFrn_fCkKdY1x75duipNrUSFPQ.roa (raw, json)
Hash identifier: cHBDXpVzVrGMHjHgwKBePsLSeBc02cgVl76FrwrkxHI=
Subject key identifier: 09:01:6B:9F:F7:C2:90:A7:58:D7:1E:F9:76:E8:A9:36:B5:12:14:F4
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BB955E9961FB45B9B3B3CF3033AD6B87F
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/CQFrn_fCkKdY1x75duipNrUSFPQ.roa
Signing time: Fri 10 Nov 2023 13:04:57 +0000
ROA not before: Fri 10 Nov 2023 13:04:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18b:b955:8416/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:b9:55:e9:96:1f:b4:5b:9b:3b:3c:f3:03:3a:d6:b8:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 10 13:04:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09016b9ff7c290a758d71ef976e8a936b51214f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:c4:ae:6c:14:e5:65:54:1b:df:4f:c8:bb:85:
75:b8:92:91:bf:de:5b:aa:7a:71:52:fd:5d:dd:68:
7c:88:52:66:73:7b:10:f0:6a:d5:ed:db:36:3a:19:
2b:fc:7b:ac:a7:3e:f2:9b:76:8a:f5:76:8d:d7:78:
6d:2a:69:8b:15:8a:2e:ba:fc:ed:f2:37:bc:17:76:
e8:50:6e:26:ee:0d:33:be:9a:85:5c:b8:f0:cf:5e:
bf:a2:1e:98:04:df:53:11:ad:29:c1:c1:3e:72:c1:
2a:99:47:d0:18:8e:e0:22:80:a4:4c:24:89:be:ae:
b2:63:9e:95:55:1d:ef:ed:f9:4c:bb:22:56:ff:76:
98:8b:69:95:49:0d:7e:7d:83:a3:ec:88:f9:74:96:
f5:55:97:15:a4:1a:d5:57:ad:44:c7:61:2e:54:21:
07:ba:71:2f:f3:57:42:1b:ad:b3:e1:25:96:00:6d:
84:63:55:86:4b:26:6d:a1:e9:3d:eb:63:04:92:a3:
df:bb:53:fd:07:4a:49:66:79:af:4c:79:54:13:3c:
75:af:5e:0f:a6:e5:80:45:de:0b:d2:7f:f0:47:1c:
11:91:29:32:a7:d6:e0:37:dd:ac:9a:99:e0:15:1a:
c2:0d:1c:58:b0:70:c4:ef:e0:42:8e:b6:2a:63:25:
81:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:01:6B:9F:F7:C2:90:A7:58:D7:1E:F9:76:E8:A9:36:B5:12:14:F4
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/CQFrn_fCkKdY1x75duipNrUSFPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
94:a5:09:8d:b9:6f:1a:c7:61:c7:fa:53:f9:d0:f9:13:7e:f3:
e7:69:da:ff:57:f4:d1:b7:b6:dc:4e:99:8a:94:df:11:89:99:
cf:90:97:58:9a:1c:e6:07:bd:89:ce:99:f3:fb:95:80:eb:ae:
28:e3:19:bd:5b:78:59:f6:32:9f:eb:35:36:49:e2:0c:6b:77:
12:c6:de:31:a0:74:71:bd:2a:77:a8:ed:fc:dc:8e:5b:db:cc:
a9:20:8e:3a:10:75:b7:6a:8d:6b:bf:df:04:a5:ea:ee:a7:44:
a7:07:0d:21:6e:cb:b5:ea:7d:88:0b:bc:45:c1:13:3a:cf:95:
63:8c:1f:33:b0:49:be:b7:cb:d5:0b:11:51:9e:01:b7:d8:1d:
1e:10:d3:e7:e8:fa:11:4b:78:d7:69:66:1f:a9:ae:59:e3:34:
78:98:44:bd:8a:10:ce:03:f3:94:e2:da:78:f7:69:d4:e4:c5:
2c:c5:4b:ed:f0:1f:67:44:77:4c:61:49:1a:c0:9f:bb:33:8b:
31:d1:db:29:ed:86:d7:d1:2b:2a:ed:be:26:2a:ad:6a:75:da:
bb:30:ac:58:82:2f:7a:4d:3c:b6:e8:b6:b4:de:f8:67:2f:fc:
61:ce:f4:70:ca:ce:9f:67:f9:55:10:55:a7:76:cb:d1:92:7a:
74:9e:9f:6d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYu5VemWH7Rbmzs88wM61rh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTEwMTMwNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTAxNmI5ZmY3YzI5MGE3NThkNzFlZjk3NmU4YTkzNmI1MTIxNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8SubBTlZVQb30/Iu4V1uJKRv95b
qnpxUv1d3Wh8iFJmc3sQ8GrV7ds2Ohkr/Huspz7ym3aK9XaN13htKmmLFYouuvzt
8je8F3boUG4m7g0zvpqFXLjwz16/oh6YBN9TEa0pwcE+csEqmUfQGI7gIoCkTCSJ
vq6yY56VVR3v7flMuyJW/3aYi2mVSQ1+fYOj7Ij5dJb1VZcVpBrVV61Ex2EuVCEH
unEv81dCG62z4SWWAG2EY1WGSyZtoek962MEkqPfu1P9B0pJZnmvTHlUEzx1r14P
puWARd4L0n/wRxwRkSkyp9bgN92smpngFRrCDRxYsHDE7+BCjrYqYyWB3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAkBa5/3wpCnWNce+XboqTa1EhT0MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvQ1FGcm5fZkNrS2RZMXg3NWR1aXBOclVTRlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJSlCY25bxrHYcf6U/nQ
+RN+8+dp2v9X9NG3ttxOmYqU3xGJmc+Ql1iaHOYHvYnOmfP7lYDrrijjGb1beFn2
Mp/rNTZJ4gxrdxLG3jGgdHG9Kneo7fzcjlvbzKkgjjoQdbdqjWu/3wSl6u6nRKcH
DSFuy7XqfYgLvEXBEzrPlWOMHzOwSb63y9ULEVGeAbfYHR4Q0+fo+hFLeNdpZh+p
rlnjNHiYRL2KEM4D85Ti2nj3adTkxSzFS+3wH2dEd0xhSRrAn7szizHR2ynthtfR
KyrtviYqrWp12rswrFiCL3pNPLbotrTe+Gcv/GHO9HDKzp9n+VUQVad2y9GSenSe
n20=
-----END CERTIFICATE-----
Generated at Tue Jun 17 07:04:39 2025 by rpki-client