Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IwAf_lDZEapwREMyZnXGAlqlYhA.roa
File: IwAf_lDZEapwREMyZnXGAlqlYhA.roa (raw, json)
Hash identifier: sVleuR8l+4VRnJNXmlsxA2swVkgN5j7/WfG20QNHc9Q=
Subject key identifier: 23:00:1F:FE:50:D9:11:AA:70:44:43:32:66:75:C6:02:5A:A5:62:10
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018C1CAEB843F18532BC6F5A9D06730ECC89
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IwAf_lDZEapwREMyZnXGAlqlYhA.roa
Signing time: Wed 29 Nov 2023 20:04:21 +0000
ROA not before: Wed 29 Nov 2023 20:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
2001:67c:64:ffff:0:18c:1cae:a6f1/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1c:ae:b8:43:f1:85:32:bc:6f:5a:9d:06:73:0e:cc:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 29 20:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=23001ffe50d911aa704443326675c6025aa56210
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b0:40:a1:52:70:db:69:e4:b9:74:d9:0c:ef:
2f:f0:28:b3:da:bb:b6:e6:08:e8:4a:86:48:8c:47:
9d:a9:d3:c5:b6:89:b7:32:07:f9:eb:61:c8:69:77:
6a:08:f9:bd:6c:28:21:f8:28:ae:dd:a1:68:45:75:
9e:67:b5:8b:74:46:35:45:7b:85:c3:23:86:0d:77:
06:55:e1:e4:ea:85:75:a5:ab:32:30:4b:b9:3d:5d:
39:f4:5f:5d:8f:5a:0b:70:8c:84:91:5b:e8:13:75:
6e:21:c6:76:1e:23:b1:72:42:47:0f:43:36:02:fc:
9d:ee:ea:5e:50:01:cb:af:aa:97:c6:91:d6:df:d0:
00:b7:c3:72:b0:70:0b:26:56:8b:30:71:dc:ae:b5:
3c:d6:36:b0:d8:2e:98:22:c4:05:d3:c0:8d:18:b9:
51:92:60:e7:c8:20:5b:76:46:b2:9c:2b:b2:d7:bf:
81:4e:b5:d6:be:9c:ce:22:34:fa:a7:01:de:21:9e:
78:b0:77:b0:4b:38:1e:42:3a:ae:b6:06:4e:93:3c:
bf:81:bb:c2:d9:09:01:7a:a3:15:6f:d1:2f:51:62:
cc:55:04:2b:1e:a5:0c:4e:4e:bc:95:78:05:a8:9a:
2b:15:12:0a:d2:75:40:7c:96:b7:4a:7c:06:53:33:
d0:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:00:1F:FE:50:D9:11:AA:70:44:43:32:66:75:C6:02:5A:A5:62:10
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/IwAf_lDZEapwREMyZnXGAlqlYhA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
20:96:92:64:45:5b:86:d5:30:93:66:02:c0:bd:81:f8:4e:28:
f9:06:47:38:f0:44:0a:fb:ea:ff:24:8f:b1:aa:bd:3f:fc:98:
44:55:7b:8a:63:64:6f:1e:06:6e:b6:96:ed:8b:9d:cd:48:37:
f9:3b:b3:d8:55:8f:3f:59:08:f8:bc:04:88:51:d6:e8:5e:76:
cf:0b:7c:f8:da:81:a2:97:bf:59:65:5a:48:73:0d:5f:e0:e0:
07:96:a1:0e:41:33:a1:ea:90:ea:cc:a9:7d:45:27:e0:3d:e5:
e5:6b:47:c5:fb:80:6a:6a:f2:b7:bd:84:7a:0b:66:d8:db:b4:
1e:ff:68:dd:73:50:ed:5b:51:0c:32:9f:70:44:51:9d:d7:ae:
05:82:39:b1:47:51:4a:a5:b7:ae:92:26:4f:66:cb:d8:fc:5e:
37:a3:d6:21:2b:46:98:82:02:d0:3b:49:44:c9:66:bd:c9:5c:
b2:10:55:92:77:8b:42:77:27:60:ed:84:e7:4b:44:22:e5:9c:
e0:dc:9b:cd:f2:88:c4:4c:24:fc:db:fe:11:f6:c9:6e:46:86:
4f:17:bd:cd:10:6c:ac:27:5d:c8:8b:4b:6a:f5:6b:7a:f7:50:
e0:08:ef:d8:ab:d9:62:7a:cc:c0:63:97:ce:09:62:89:45:ca:
6d:ad:c1:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYwcrrhD8YUyvG9anQZzDsyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTI5MjAwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAwMWZmZTUwZDkxMWFhNzA0NDQzMzI2Njc1YzYwMjVhYTU2MjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7BAoVJw22nkuXTZDO8v8Ciz2ru2
5gjoSoZIjEedqdPFtom3Mgf562HIaXdqCPm9bCgh+Ciu3aFoRXWeZ7WLdEY1RXuF
wyOGDXcGVeHk6oV1pasyMEu5PV059F9dj1oLcIyEkVvoE3VuIcZ2HiOxckJHD0M2
Avyd7upeUAHLr6qXxpHW39AAt8NysHALJlaLMHHcrrU81jaw2C6YIsQF08CNGLlR
kmDnyCBbdkaynCuy17+BTrXWvpzOIjT6pwHeIZ54sHewSzgeQjqutgZOkzy/gbvC
2QkBeqMVb9EvUWLMVQQrHqUMTk68lXgFqJorFRIK0nVAfJa3SnwGUzPQXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCMAH/5Q2RGqcERDMmZ1xgJapWIQMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvSXdBZl9sRFpFYXB3UkVNeVpuWEdBbHFsWWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACCWkmRFW4bVMJNmAsC9
gfhOKPkGRzjwRAr76v8kj7GqvT/8mERVe4pjZG8eBm62lu2Lnc1IN/k7s9hVjz9Z
CPi8BIhR1uheds8LfPjagaKXv1llWkhzDV/g4AeWoQ5BM6HqkOrMqX1FJ+A95eVr
R8X7gGpq8re9hHoLZtjbtB7/aN1zUO1bUQwyn3BEUZ3XrgWCObFHUUqlt66SJk9m
y9j8Xjej1iErRpiCAtA7SUTJZr3JXLIQVZJ3i0J3J2DthOdLRCLlnODcm83yiMRM
JPzb/hH2yW5Ghk8Xvc0QbKwnXciLS2r1a3r3UOAI79ir2WJ6zMBjl84JYolFym2t
wSg=
-----END CERTIFICATE-----
Generated at Wed Jun 18 04:42:10 2025 by rpki-client