Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/kLhLGRydmzaQt_7lhM6R2ErTNkM.roa
File: kLhLGRydmzaQt_7lhM6R2ErTNkM.roa (raw, json)
Hash identifier: U6NCcLPXDFfREbeIsHpEpyFJ5BpR7t5mbUy8+MPWu00=
Subject key identifier: 90:B8:4B:19:1C:9D:9B:36:90:B7:FE:E5:84:CE:91:D8:4A:D3:36:43
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018AFACAA0D5850700173C790A0CF5E1E202
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/kLhLGRydmzaQt_7lhM6R2ErTNkM.roa
Signing time: Wed 04 Oct 2023 13:04:57 +0000
ROA not before: Wed 04 Oct 2023 13:04:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:faca:26a3/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fa:ca:a0:d5:85:07:00:17:3c:79:0a:0c:f5:e1:e2:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 4 13:04:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90b84b191c9d9b3690b7fee584ce91d84ad33643
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:03:d7:c6:48:fd:09:1e:6e:1a:99:2e:55:62:
33:ec:1f:4b:df:ac:e8:b0:0a:b0:02:f7:2f:c5:fd:
f6:84:89:3f:05:6a:dc:fb:65:61:da:a7:d9:82:3c:
4b:ce:83:1f:5f:65:22:4e:ae:c7:4a:15:e4:45:48:
8a:79:33:de:36:e1:4d:05:cf:11:f7:9f:07:82:b8:
4e:09:3a:c0:c6:f2:c5:35:d7:7e:9f:66:9c:28:95:
b6:bd:28:da:10:5f:73:14:cc:f3:c0:58:62:ff:9e:
69:3c:54:83:f2:6b:db:d6:58:82:82:2b:c4:97:54:
25:fe:26:ce:1e:8c:ea:f6:26:65:87:3b:0c:8d:d6:
8a:1e:e3:a7:35:50:97:47:a3:10:25:a8:e9:3e:1a:
59:2d:43:60:ed:a6:97:77:9e:fa:93:97:90:53:76:
0e:0e:20:bf:b7:7c:d6:09:03:ca:f7:76:5b:33:e2:
f3:d2:6c:30:74:98:dd:e7:8b:2f:fc:6b:6c:2e:47:
34:f2:ba:8a:bb:b0:ca:5a:e0:d7:64:8f:5c:69:82:
9a:42:5d:c3:9f:84:95:b5:8b:a6:34:93:5b:17:7e:
5f:84:0c:96:99:11:e4:44:d5:89:eb:22:0a:0e:81:
ec:45:2b:0b:8d:61:88:91:af:9d:a8:b0:50:3b:a1:
06:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:B8:4B:19:1C:9D:9B:36:90:B7:FE:E5:84:CE:91:D8:4A:D3:36:43
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/kLhLGRydmzaQt_7lhM6R2ErTNkM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
be:f7:5e:e3:d2:8d:e0:16:ed:5c:f3:ed:93:98:3f:40:40:e5:
83:bf:e5:37:2f:42:86:ad:08:4b:d0:d1:47:f1:57:08:b3:62:
d4:73:44:f3:7b:93:bd:8a:ea:6f:00:f5:a0:44:ee:0b:73:23:
74:de:e9:35:56:0b:5d:d0:9b:d2:42:48:5b:d2:2a:ba:6a:e1:
c0:27:b7:09:c1:ec:fb:17:39:7f:1d:9d:a8:2e:cc:6e:e2:ca:
b0:7c:21:70:d4:45:18:3a:b1:7c:8b:d0:4e:1e:2c:67:70:01:
64:d3:cd:6f:14:05:fb:cc:81:2a:ac:74:40:b4:a6:62:b2:6e:
c3:61:28:f1:4e:4c:d9:50:2c:16:43:09:25:79:39:4f:93:c4:
4e:51:94:fa:34:2a:13:a3:ca:86:30:42:9c:2d:f7:a5:57:13:
30:fc:5f:ad:9e:c9:5d:3e:33:c5:a9:f2:f5:4e:a1:9b:3e:5d:
f0:ca:eb:d0:b0:9c:3e:db:5c:fc:38:8e:e0:7b:24:82:70:7d:
72:16:2d:5c:f4:b0:1c:0a:62:28:43:b6:85:99:7a:6f:58:47:
f2:a9:bc:29:15:a1:64:b1:a0:10:fa:4f:66:78:6a:cd:5e:62:
aa:ea:58:db:ec:99:9a:ee:e5:c4:2f:ed:25:4e:10:e7:a5:6f:
dc:f5:9e:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYr6yqDVhQcAFzx5Cgz14eICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDA0MTMwNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4NGIxOTFjOWQ5YjM2OTBiN2ZlZTU4NGNlOTFkODRhZDMzNjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwPXxkj9CR5uGpkuVWIz7B9L36zo
sAqwAvcvxf32hIk/BWrc+2Vh2qfZgjxLzoMfX2UiTq7HShXkRUiKeTPeNuFNBc8R
958HgrhOCTrAxvLFNdd+n2acKJW2vSjaEF9zFMzzwFhi/55pPFSD8mvb1liCgivE
l1Ql/ibOHozq9iZlhzsMjdaKHuOnNVCXR6MQJajpPhpZLUNg7aaXd576k5eQU3YO
DiC/t3zWCQPK93ZbM+Lz0mwwdJjd54sv/GtsLkc08rqKu7DKWuDXZI9caYKaQl3D
n4SVtYumNJNbF35fhAyWmRHkRNWJ6yIKDoHsRSsLjWGIka+dqLBQO6EGlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJC4SxkcnZs2kLf+5YTOkdhK0zZDMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEva0xoTEdSeWRtemFRdF83bGhNNlIyRXJUTmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAL73XuPSjeAW7Vzz7ZOY
P0BA5YO/5TcvQoatCEvQ0UfxVwizYtRzRPN7k72K6m8A9aBE7gtzI3Te6TVWC13Q
m9JCSFvSKrpq4cAntwnB7PsXOX8dnaguzG7iyrB8IXDURRg6sXyL0E4eLGdwAWTT
zW8UBfvMgSqsdEC0pmKybsNhKPFOTNlQLBZDCSV5OU+TxE5RlPo0KhOjyoYwQpwt
96VXEzD8X62eyV0+M8Wp8vVOoZs+XfDK69CwnD7bXPw4juB7JIJwfXIWLVz0sBwK
YihDtoWZem9YR/KpvCkVoWSxoBD6T2Z4as1eYqrqWNvsmZru5cQv7SVOEOelb9z1
nh8=
-----END CERTIFICATE-----
Generated at Tue Jun 17 04:03:02 2025 by rpki-client