Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/H0zApARPq7DO7m13PVX1TXjyusk.roa
File: H0zApARPq7DO7m13PVX1TXjyusk.roa (raw, json)
Hash identifier: jbJXWfoZBIUpkd4oDj/bMiJjngQY/lG+ox1P3mJ2ayc=
Subject key identifier: 1F:4C:C0:A4:04:4F:AB:B0:CE:EE:6D:77:3D:55:F5:4D:78:F2:BA:C9
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C667FE2811BE1D18292D16CBFBCC335BC
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/H0zApARPq7DO7m13PVX1TXjyusk.roa
Signing time: Thu 14 Dec 2023 04:05:06 +0000
ROA not before: Thu 14 Dec 2023 04:05:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18c:667f:6772/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:66:7f:e2:81:1b:e1:d1:82:92:d1:6c:bf:bc:c3:35:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 14 04:05:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1f4cc0a4044fabb0ceee6d773d55f54d78f2bac9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:84:06:fb:08:47:c4:40:0a:65:63:71:40:9b:
91:74:92:ce:51:a7:dc:96:8b:06:7f:36:26:5e:00:
cc:eb:bb:9d:91:10:68:3f:4d:7b:9c:bf:fd:e9:cd:
83:e3:1c:71:a6:ec:59:52:ac:bb:58:ae:20:94:58:
ee:58:5f:3f:b5:d3:c3:31:39:83:00:47:a1:6f:cf:
ca:d0:b0:10:ca:42:20:2b:73:36:d5:ac:11:7d:0e:
eb:ed:47:d2:bf:f3:12:ca:7a:0d:02:fe:49:00:2b:
e1:ad:3d:97:2e:13:50:a9:dc:2f:4b:5e:06:60:c9:
6e:04:49:c6:07:7d:f9:5a:8d:1a:d8:d5:33:ac:83:
39:c2:c6:5d:bd:d0:6b:39:64:6c:83:15:6a:f2:3e:
47:d3:59:32:1a:b4:72:3f:11:b2:17:5c:6d:01:3a:
80:0e:2f:8e:38:be:22:89:58:bf:6e:ba:80:61:e0:
ed:32:3b:78:7e:e9:17:52:82:5a:8d:f5:23:1b:b8:
2b:d9:36:b9:f8:f1:1a:61:76:e9:ba:a8:5f:24:ff:
ff:7a:57:c0:21:8c:df:03:4c:23:e1:9a:3e:88:31:
f8:24:e2:07:7a:f2:12:af:a8:fe:f4:35:93:8a:8b:
5c:90:7c:6d:89:e9:bf:24:c7:03:c5:7d:9b:af:21:
a7:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:4C:C0:A4:04:4F:AB:B0:CE:EE:6D:77:3D:55:F5:4D:78:F2:BA:C9
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/H0zApARPq7DO7m13PVX1TXjyusk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
0e:48:ec:bc:1c:1d:e3:33:51:74:7d:c7:54:f1:69:ce:f3:ff:
86:38:22:64:c3:9a:ae:42:e2:bc:5d:97:08:31:70:37:a1:e9:
42:15:72:cd:c8:fc:47:4b:9f:5f:54:40:f2:47:e0:67:56:e6:
07:21:4f:fb:6c:87:9f:6e:55:f7:f1:d0:05:67:5d:c3:42:5a:
19:55:74:72:c5:20:c9:63:74:64:4f:2c:13:e3:7b:a0:78:7a:
6a:ce:c4:9e:56:f2:59:35:7e:9e:e7:3b:41:d1:e6:11:a1:12:
81:89:fb:f7:ba:b6:c3:d5:5d:0e:12:d9:7b:d8:da:d0:26:05:
93:7a:75:6e:79:a1:a5:b2:20:81:18:71:f4:55:8e:28:3e:a5:
85:28:a0:12:b4:c5:bd:db:19:50:48:e9:b4:e8:52:ce:ab:ab:
ea:cb:eb:a9:06:41:15:86:a3:e7:62:ab:39:a9:8c:bd:4a:b5:
a1:1f:43:ea:14:ce:a5:11:ac:aa:6b:70:db:f6:1c:13:47:f1:
ee:0d:bf:5e:54:60:e6:e7:0e:ba:f9:70:6a:19:54:dc:93:b4:
a9:02:3f:20:f8:19:a1:ee:0d:94:87:77:23:2f:98:6e:00:16:
b7:65:a8:8a:86:54:d7:50:e4:36:f4:a4:5b:bf:86:55:ea:f2:
ff:ad:31:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxmf+KBG+HRgpLRbL+8wzW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjE0MDQwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjRjYzBhNDA0NGZhYmIwY2VlZTZkNzczZDU1ZjU0ZDc4ZjJiYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoQG+whHxEAKZWNxQJuRdJLOUafc
losGfzYmXgDM67udkRBoP017nL/96c2D4xxxpuxZUqy7WK4glFjuWF8/tdPDMTmD
AEehb8/K0LAQykIgK3M21awRfQ7r7UfSv/MSynoNAv5JACvhrT2XLhNQqdwvS14G
YMluBEnGB335Wo0a2NUzrIM5wsZdvdBrOWRsgxVq8j5H01kyGrRyPxGyF1xtATqA
Di+OOL4iiVi/brqAYeDtMjt4fukXUoJajfUjG7gr2Ta5+PEaYXbpuqhfJP//elfA
IYzfA0wj4Zo+iDH4JOIHevISr6j+9DWTiotckHxtiem/JMcDxX2bryGnRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB9MwKQET6uwzu5tdz1V9U148rrJMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSDB6QXBBUlBxN0RPN20xM1BWWDFUWGp5dXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA5I7LwcHeMzUXR9x1Tx
ac7z/4Y4ImTDmq5C4rxdlwgxcDeh6UIVcs3I/EdLn19UQPJH4GdW5gchT/tsh59u
Vffx0AVnXcNCWhlVdHLFIMljdGRPLBPje6B4emrOxJ5W8lk1fp7nO0HR5hGhEoGJ
+/e6tsPVXQ4S2XvY2tAmBZN6dW55oaWyIIEYcfRVjig+pYUooBK0xb3bGVBI6bTo
Us6rq+rL66kGQRWGo+diqzmpjL1KtaEfQ+oUzqURrKprcNv2HBNH8e4Nv15UYObn
Drr5cGoZVNyTtKkCPyD4GaHuDZSHdyMvmG4AFrdlqIqGVNdQ5Db0pFu/hlXq8v+t
MdU=
-----END CERTIFICATE-----
Generated at Tue Jun 17 04:38:46 2025 by rpki-client