Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HXqCjWK9IY3HLcZiVZ2e9hOQ04g.roa
File: HXqCjWK9IY3HLcZiVZ2e9hOQ04g.roa (raw, json)
Hash identifier: KpX7WNKiOMOc+Tc+0KFMKkOKAp0GjnfIT0jGGqtszFc=
Subject key identifier: 1D:7A:82:8D:62:BD:21:8D:C7:2D:C6:62:55:9D:9E:F6:13:90:D3:88
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C24323E1E9E954159014ADAD054895F7E
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HXqCjWK9IY3HLcZiVZ2e9hOQ04g.roa
Signing time: Fri 01 Dec 2023 07:05:21 +0000
ROA not before: Fri 01 Dec 2023 07:05:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64:ffff:0:18c:2431:99d6/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:24:32:3e:1e:9e:95:41:59:01:4a:da:d0:54:89:5f:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 1 07:05:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d7a828d62bd218dc72dc662559d9ef61390d388
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:a3:8c:2c:08:b7:c5:0d:6f:85:a5:17:c7:e1:
67:c9:8c:a8:6e:7d:3f:a4:4b:7e:2c:33:ac:3a:29:
0b:07:87:ec:9d:7d:97:3f:59:7d:0d:43:8e:91:b9:
46:2a:28:ee:88:c9:f5:b5:bd:2d:e8:29:d5:49:39:
61:cb:10:15:06:c7:93:fa:df:8a:52:4b:89:de:13:
0a:c6:78:26:90:16:db:8b:15:95:c3:76:c3:67:54:
ba:4e:01:05:5a:99:0f:09:1b:3d:b6:54:7c:4c:e4:
56:8e:5b:62:eb:0e:b9:58:de:07:98:f7:26:6f:be:
e4:d1:d9:86:94:6a:39:c5:39:77:30:b5:d0:10:c8:
22:83:de:10:e3:e1:f3:99:bb:1b:d8:30:50:81:1c:
e6:36:a5:28:38:39:d4:8f:8a:09:76:ff:71:64:4e:
99:d5:0a:6b:9b:d8:bc:26:bf:4a:6c:97:8e:7e:7e:
55:ab:c1:d4:65:69:71:f7:67:50:1b:36:49:d6:f6:
b5:56:fb:47:44:a2:fc:31:8e:f1:3a:d4:51:5b:a3:
8c:89:98:c6:38:f4:df:95:f3:95:2c:4f:78:ab:78:
6b:3e:5f:db:c8:03:28:fa:76:35:52:ef:50:88:4e:
38:39:ab:80:f3:54:96:80:db:21:04:54:2e:3d:ed:
cc:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:7A:82:8D:62:BD:21:8D:C7:2D:C6:62:55:9D:9E:F6:13:90:D3:88
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/HXqCjWK9IY3HLcZiVZ2e9hOQ04g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
06:49:3b:2a:ea:72:7e:72:63:a8:86:79:61:dd:15:89:bf:34:
3f:a4:f7:da:5b:07:6b:6f:34:02:14:50:5b:ba:de:08:1d:0d:
37:67:49:c9:1b:69:24:96:1f:70:fd:a5:23:52:dd:1c:34:1e:
3e:57:04:90:6e:6c:60:d5:51:41:a7:bc:36:2f:ab:c4:b3:a6:
ca:4f:41:d4:a1:b1:05:4e:62:39:8c:2d:bd:6a:08:1f:b4:bf:
23:1d:bc:b9:8b:72:e5:01:11:e8:1f:2b:97:df:db:6e:3a:20:
65:d4:4a:c7:6f:02:f1:b3:d9:85:ea:7f:ed:25:c1:2e:58:28:
da:a0:f7:16:6f:d8:e3:99:c4:33:d8:75:2c:ad:ee:f7:f1:1d:
8e:34:3a:ec:47:b4:1c:e3:c7:b9:ef:26:c9:73:21:68:0a:9c:
76:e2:a3:bf:97:b4:32:b9:35:2c:c5:61:ef:59:ec:a7:ff:45:
43:7c:44:bb:5b:24:88:4f:8b:98:cd:00:cc:24:22:6d:59:73:
da:85:d2:dc:6f:30:0b:24:90:13:3e:5d:94:cc:02:80:57:98:
f2:e7:03:28:5e:29:ab:b8:aa:10:0d:5d:1c:44:8a:16:9d:96:
94:99:9c:ab:f5:2e:5e:a2:23:a5:2b:81:f6:f5:dd:1a:39:45:
24:f7:8c:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwkMj4enpVBWQFK2tBUiV9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjAxMDcwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdhODI4ZDYyYmQyMThkYzcyZGM2NjI1NTlkOWVmNjEzOTBkMzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqOMLAi3xQ1vhaUXx+FnyYyobn0/
pEt+LDOsOikLB4fsnX2XP1l9DUOOkblGKijuiMn1tb0t6CnVSTlhyxAVBseT+t+K
UkuJ3hMKxngmkBbbixWVw3bDZ1S6TgEFWpkPCRs9tlR8TORWjlti6w65WN4HmPcm
b77k0dmGlGo5xTl3MLXQEMgig94Q4+Hzmbsb2DBQgRzmNqUoODnUj4oJdv9xZE6Z
1Qprm9i8Jr9KbJeOfn5Vq8HUZWlx92dQGzZJ1va1VvtHRKL8MY7xOtRRW6OMiZjG
OPTflfOVLE94q3hrPl/byAMo+nY1Uu9QiE44OauA81SWgNshBFQuPe3McQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB16go1ivSGNxy3GYlWdnvYTkNOIMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSFhxQ2pXSzlJWTNITGNaaVZaMmU5aE9RMDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAZJOyrqcn5yY6iGeWHd
FYm/ND+k99pbB2tvNAIUUFu63ggdDTdnSckbaSSWH3D9pSNS3Rw0Hj5XBJBubGDV
UUGnvDYvq8SzpspPQdShsQVOYjmMLb1qCB+0vyMdvLmLcuUBEegfK5ff2246IGXU
SsdvAvGz2YXqf+0lwS5YKNqg9xZv2OOZxDPYdSyt7vfxHY40OuxHtBzjx7nvJslz
IWgKnHbio7+XtDK5NSzFYe9Z7Kf/RUN8RLtbJIhPi5jNAMwkIm1Zc9qF0txvMAsk
kBM+XZTMAoBXmPLnAyheKau4qhANXRxEihadlpSZnKv1Ll6iI6Urgfb13Ro5RST3
jA4=
-----END CERTIFICATE-----
Generated at Tue Jun 17 01:23:12 2025 by rpki-client