Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IPmnXcR62kzBspPDNqPt9nr8WSw.roa
File: IPmnXcR62kzBspPDNqPt9nr8WSw.roa (raw, json)
Hash identifier: bsRYsFzQrKZGcV0sicGKnDhV57fabqRS+J/aRjrKj54=
Subject key identifier: 20:F9:A7:5D:C4:7A:DA:4C:C1:B2:93:C3:36:A3:ED:F6:7A:FC:59:2C
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C44CF5E9EB396870326D769C6EACB4F9D
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IPmnXcR62kzBspPDNqPt9nr8WSw.roa
Signing time: Thu 07 Dec 2023 15:04:49 +0000
ROA not before: Thu 07 Dec 2023 15:04:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18c:44ce:ba06/128 maxlen: 128
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:44:cf:5e:9e:b3:96:87:03:26:d7:69:c6:ea:cb:4f:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Dec 7 15:04:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20f9a75dc47ada4cc1b293c336a3edf67afc592c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fe:5c:55:91:04:b5:8b:e9:62:50:d9:48:23:
4f:57:e2:15:f4:a9:20:47:cf:5f:8b:74:cd:7f:fa:
a8:e0:06:51:0a:6a:6d:bd:c8:79:9b:a5:67:d8:0c:
e7:91:3e:17:a5:26:c1:3b:5e:ce:95:19:71:86:9f:
60:74:c4:49:4c:e4:98:9f:9c:88:2d:a3:a8:04:b4:
76:53:d9:d0:f0:fc:ac:ee:41:7d:5a:90:98:e8:7e:
9b:f6:94:3d:5c:e5:6d:21:37:44:1f:a8:28:fa:c0:
51:f8:15:4f:11:e2:a5:a6:1f:7e:c3:d0:68:04:b9:
4e:86:16:16:68:2a:15:3e:39:b8:67:32:c9:c1:e1:
f2:50:cc:45:2c:5c:05:fa:3d:5c:5e:1e:d3:c8:a1:
a2:f9:f4:60:02:bb:58:19:11:27:bf:12:5e:e5:69:
59:d9:84:c0:ba:22:dc:9b:c6:5a:d5:45:0f:50:e4:
0d:4d:91:f8:e9:e8:d7:3d:e2:3b:83:36:bc:34:1c:
2f:6b:1b:3a:32:71:fe:12:43:cf:9a:3b:0a:44:86:
c3:c8:c3:74:0d:4a:90:b7:97:0d:88:28:b4:ad:87:
08:65:fa:02:49:cb:aa:28:a8:58:09:1f:5a:5a:9a:
df:d8:b4:58:99:85:33:90:0d:73:90:08:8a:23:e5:
88:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F9:A7:5D:C4:7A:DA:4C:C1:B2:93:C3:36:A3:ED:F6:7A:FC:59:2C
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IPmnXcR62kzBspPDNqPt9nr8WSw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
52:eb:65:b6:af:36:4f:46:f6:16:f2:a1:72:b6:84:54:aa:ca:
b6:da:21:5d:74:3f:e8:22:24:a3:44:9b:15:9d:57:a4:ff:23:
35:9a:e7:86:9a:4c:9b:6b:7c:72:78:88:26:57:84:8e:0e:4a:
be:25:86:14:10:79:06:ba:f6:5f:76:cc:e8:3b:29:11:e7:07:
4e:3e:3a:3c:0d:4e:91:90:d9:3b:3e:60:c3:a6:e7:21:72:2c:
ea:c3:2f:2c:c3:f5:ed:9d:11:14:71:7d:b1:09:c0:39:45:4a:
04:ac:92:44:cc:95:83:cb:9e:33:d2:56:2f:d3:27:db:ce:a6:
62:ce:2a:f3:8f:46:60:5f:ad:7f:31:13:7a:72:e3:f6:f2:d8:
ec:5c:94:10:73:16:25:33:bb:49:7e:59:ff:be:8a:17:96:dc:
d1:b7:d9:f1:57:57:6b:9b:d6:01:26:64:13:f5:db:ce:63:60:
f5:46:e8:4d:06:10:1f:cd:45:7f:1d:07:61:63:19:51:4a:01:
09:5b:d2:ee:ea:63:e0:68:cd:e1:e8:a6:57:2b:21:48:b5:c4:
5d:ea:f5:73:ad:d2:8d:c5:ce:ab:71:bf:2a:dd:ba:f2:27:08:
81:8c:07:5a:01:40:85:bd:dc:a4:08:2e:0e:0f:19:41:30:82:
df:fa:d9:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYxEz16es5aHAybXacbqy0+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMjA3MTUwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY5YTc1ZGM0N2FkYTRjYzFiMjkzYzMzNmEzZWRmNjdhZmM1OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP5cVZEEtYvpYlDZSCNPV+IV9Kkg
R89fi3TNf/qo4AZRCmptvch5m6Vn2AznkT4XpSbBO17OlRlxhp9gdMRJTOSYn5yI
LaOoBLR2U9nQ8Pys7kF9WpCY6H6b9pQ9XOVtITdEH6go+sBR+BVPEeKlph9+w9Bo
BLlOhhYWaCoVPjm4ZzLJweHyUMxFLFwF+j1cXh7TyKGi+fRgArtYGREnvxJe5WlZ
2YTAuiLcm8Za1UUPUOQNTZH46ejXPeI7gza8NBwvaxs6MnH+EkPPmjsKRIbDyMN0
DUqQt5cNiCi0rYcIZfoCScuqKKhYCR9aWprf2LRYmYUzkA1zkAiKI+WIdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCD5p13EetpMwbKTwzaj7fZ6/FksMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSVBtblhjUjYya3pCc3BQRE5xUHQ5bnI4V1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFLrZbavNk9G9hbyoXK2
hFSqyrbaIV10P+giJKNEmxWdV6T/IzWa54aaTJtrfHJ4iCZXhI4OSr4lhhQQeQa6
9l92zOg7KRHnB04+OjwNTpGQ2Ts+YMOm5yFyLOrDLyzD9e2dERRxfbEJwDlFSgSs
kkTMlYPLnjPSVi/TJ9vOpmLOKvOPRmBfrX8xE3py4/by2OxclBBzFiUzu0l+Wf++
iheW3NG32fFXV2ub1gEmZBP1285jYPVG6E0GEB/NRX8dB2FjGVFKAQlb0u7qY+Bo
zeHoplcrIUi1xF3q9XOt0o3FzqtxvyrduvInCIGMB1oBQIW93KQILg4PGUEwgt/6
2XQ=
-----END CERTIFICATE-----
Generated at Thu Jun 19 15:12:55 2025 by rpki-client