Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/GXtIO5HiowgLwu0RNqvbbmiZCj0.roa
File: GXtIO5HiowgLwu0RNqvbbmiZCj0.roa (raw, json)
Hash identifier: JJCI5DN083bxi1mFiCBuHye7MF5oL2wWLQzzaHtLgKU=
Subject key identifier: 19:7B:48:3B:91:E2:A3:08:0B:C2:ED:11:36:AB:DB:6E:68:99:0A:3D
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C314827B238EB54F1F8C78599F2AFB253
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/GXtIO5HiowgLwu0RNqvbbmiZCj0.roa
Signing time: Sun 03 Dec 2023 20:04:21 +0000
ROA not before: Sun 03 Dec 2023 20:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18c:3148:156/128 maxlen: 128
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:31:48:27:b2:38:eb:54:f1:f8:c7:85:99:f2:af:b2:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 3 20:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=197b483b91e2a3080bc2ed1136abdb6e68990a3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:c4:8a:ce:d4:a3:cc:33:4c:7e:11:fe:98:37:
e4:b6:96:6f:0b:46:91:0d:f2:20:53:2e:4d:a9:32:
ac:f5:ef:4d:c8:a6:2d:e5:b3:ae:1f:6e:b4:4d:4a:
98:88:5f:bb:59:e5:8e:bc:d7:fd:ae:e5:29:09:a3:
cf:c0:2e:5a:5a:12:56:d6:37:df:be:fd:ce:7d:9b:
b4:fd:24:61:a7:16:43:10:67:95:c1:b7:d7:84:1b:
08:c3:a5:b1:42:46:b5:0b:fa:4b:9b:b5:71:56:69:
3d:8c:54:47:d5:c6:ea:ae:08:d7:09:91:88:3e:a4:
c6:77:0e:e2:d9:b0:a0:9f:58:df:c9:12:75:bc:5a:
91:63:25:f1:17:98:ad:8c:ac:cb:2e:14:d9:00:46:
48:cb:9f:be:6c:1c:b3:af:9e:e6:b1:b3:94:1e:9d:
e3:66:70:71:ab:9f:71:c6:de:1f:b1:09:3e:81:3a:
29:3b:e6:81:a1:9b:11:ff:04:1e:43:72:10:6c:de:
68:21:c3:e7:6c:6e:e0:4e:05:be:5c:97:b2:3f:d4:
99:c4:45:e5:a2:a6:18:68:d2:2a:10:5c:08:32:12:
d4:a2:a8:77:47:e8:3f:7c:6c:50:95:c0:58:9f:1e:
75:8a:3a:28:b1:ec:c6:81:6c:93:87:c4:c5:04:85:
fc:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:7B:48:3B:91:E2:A3:08:0B:C2:ED:11:36:AB:DB:6E:68:99:0A:3D
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/GXtIO5HiowgLwu0RNqvbbmiZCj0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
92:c2:27:80:96:32:4b:78:bd:0a:60:e0:bd:74:08:2a:61:f9:
93:ae:b7:ed:ff:ac:2d:5b:80:25:7c:66:88:b0:91:a2:2b:ad:
ab:57:cc:a5:b9:ba:22:d5:89:13:60:ae:a2:b0:72:eb:c5:a1:
19:92:37:65:ff:18:73:27:de:2f:72:aa:66:fd:82:cc:a0:4b:
70:85:ae:b2:8a:47:2a:4e:e2:9e:60:6e:0a:10:6e:ed:a0:01:
60:b9:1f:ba:96:26:04:19:ab:1e:54:01:c7:08:b2:8f:47:cf:
8d:09:88:7d:12:41:07:2d:37:c9:75:73:4c:36:a1:38:3a:50:
74:03:2a:fd:8b:2d:07:d0:08:3f:1a:f0:c7:54:0a:3d:de:5d:
bc:d6:4a:ee:5b:56:4c:4e:35:2a:b3:2f:a8:76:30:3c:26:6f:
14:a3:5b:4d:80:62:55:5c:6c:d2:a8:ba:f9:32:71:14:7b:95:
df:68:25:aa:68:06:a2:d4:2c:f7:2f:15:d9:21:20:9c:3a:5d:
0f:29:33:6d:f0:c5:de:42:44:9b:b9:8e:33:25:31:e6:03:e8:
fe:17:c5:b4:e4:00:bc:84:c6:9f:93:40:87:21:aa:4a:0e:83:
b0:21:09:15:9c:b2:15:95:b8:3f:61:81:24:db:b3:f0:b5:e8:
ce:f5:38:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwxSCeyOOtU8fjHhZnyr7JTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjAzMjAwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTdiNDgzYjkxZTJhMzA4MGJjMmVkMTEzNmFiZGI2ZTY4OTkwYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sSKztSjzDNMfhH+mDfktpZvC0aR
DfIgUy5NqTKs9e9NyKYt5bOuH260TUqYiF+7WeWOvNf9ruUpCaPPwC5aWhJW1jff
vv3OfZu0/SRhpxZDEGeVwbfXhBsIw6WxQka1C/pLm7VxVmk9jFRH1cbqrgjXCZGI
PqTGdw7i2bCgn1jfyRJ1vFqRYyXxF5itjKzLLhTZAEZIy5++bByzr57msbOUHp3j
ZnBxq59xxt4fsQk+gTopO+aBoZsR/wQeQ3IQbN5oIcPnbG7gTgW+XJeyP9SZxEXl
oqYYaNIqEFwIMhLUoqh3R+g/fGxQlcBYnx51ijoosezGgWyTh8TFBIX8gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBl7SDuR4qMIC8LtETar225omQo9MB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvR1h0SU81SGlvd2dMd3UwUk5xdmJibWlaQ2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJLCJ4CWMkt4vQpg4L10
CCph+ZOut+3/rC1bgCV8ZoiwkaIrratXzKW5uiLViRNgrqKwcuvFoRmSN2X/GHMn
3i9yqmb9gsygS3CFrrKKRypO4p5gbgoQbu2gAWC5H7qWJgQZqx5UAccIso9Hz40J
iH0SQQctN8l1c0w2oTg6UHQDKv2LLQfQCD8a8MdUCj3eXbzWSu5bVkxONSqzL6h2
MDwmbxSjW02AYlVcbNKouvkycRR7ld9oJapoBqLULPcvFdkhIJw6XQ8pM23wxd5C
RJu5jjMlMeYD6P4XxbTkALyExp+TQIchqkoOg7AhCRWcshWVuD9hgSTbs/C16M71
OFI=
-----END CERTIFICATE-----
Generated at Tue Jun 17 04:44:12 2025 by rpki-client