Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/keVK6Xh-tx1dFNYizWpzap9i-TA.roa
File: keVK6Xh-tx1dFNYizWpzap9i-TA.roa (raw, json)
Hash identifier: az/KyOpPEIrpnS6I3diY4+iaNF1KgYV+jBmjfrKUf7s=
Subject key identifier: 91:E5:4A:E9:78:7E:B7:1D:5D:14:D6:22:CD:6A:73:6A:9F:62:F9:30
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BF1568700844629ED48C3612BA3200479
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/keVK6Xh-tx1dFNYizWpzap9i-TA.roa
Signing time: Tue 21 Nov 2023 10:04:21 +0000
ROA not before: Tue 21 Nov 2023 10:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
2001:67c:64:ffff:0:18b:f156:749e/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f1:56:87:00:84:46:29:ed:48:c3:61:2b:a3:20:04:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 21 10:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91e54ae9787eb71d5d14d622cd6a736a9f62f930
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:45:7c:fc:c6:b9:25:3a:2b:db:6d:ad:13:d1:
88:89:79:9c:5a:5c:03:39:95:4c:f0:27:b9:8b:52:
e5:19:3f:03:ca:a1:bd:57:97:39:f9:1a:72:91:3c:
3b:50:91:b9:ad:ef:3d:3d:e1:5a:ef:66:99:ac:87:
4b:5b:31:da:f5:36:83:d0:2f:d0:14:91:31:df:f1:
94:e6:85:3a:d5:88:d4:45:48:66:8c:bb:ed:71:ed:
7a:b5:89:4b:ac:ff:80:93:e8:73:7a:d4:3e:ad:7e:
89:1d:c3:e3:4d:c9:33:5a:42:3d:15:8a:68:f9:e1:
56:ee:ff:43:d3:d0:3c:7c:23:d8:0b:d7:59:18:d3:
39:7a:6c:09:73:ea:ca:4e:bd:67:da:1c:07:74:48:
14:1d:f9:21:a6:c1:bf:e3:07:d6:cd:5d:79:c4:d2:
3a:fc:94:3b:90:9b:fb:dc:2b:79:ec:f4:7c:19:48:
a9:e3:e5:89:ec:f3:34:12:63:31:8a:11:50:5e:da:
b9:6b:54:a9:50:4d:f0:df:e2:c9:54:34:44:3c:45:
0f:04:56:f5:8b:20:37:2e:03:6d:55:3a:35:31:c7:
4a:c2:49:32:45:de:5c:f6:c6:43:b7:4b:9f:1b:dd:
bf:55:d7:63:33:df:3c:71:26:36:f0:0b:aa:e4:a3:
42:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:E5:4A:E9:78:7E:B7:1D:5D:14:D6:22:CD:6A:73:6A:9F:62:F9:30
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/keVK6Xh-tx1dFNYizWpzap9i-TA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
3b:a6:f0:f7:a7:03:27:ce:7c:e6:22:ff:98:16:3f:60:4d:82:
ca:51:b9:9d:af:f2:b9:e5:67:bb:6f:57:1d:5a:c8:42:cf:3c:
b0:ad:ae:02:30:56:49:13:35:35:bf:88:01:3a:7f:ec:2a:3b:
b6:48:ff:f0:c2:d4:ba:5d:34:97:e9:37:29:14:62:4e:6b:8b:
86:f4:a1:4d:a8:be:db:c9:a2:77:7a:cb:8c:27:e9:40:bf:4e:
58:11:b1:3f:e9:09:9c:b0:07:e7:be:1d:3c:a1:27:5a:d4:a1:
c4:f9:82:1f:5f:59:43:cd:fc:35:74:f9:80:fb:4d:6a:f4:22:
13:9c:fa:17:7c:33:88:78:e2:64:d7:bd:fa:4c:73:08:8a:ff:
52:20:31:da:ef:ff:5f:8e:5a:d0:72:3c:fc:55:2e:ac:a9:df:
99:ba:27:1e:1a:21:1d:43:d2:2d:93:c4:a1:ff:1d:e3:37:85:
a1:23:a8:c5:2e:19:11:95:2b:1a:ca:9f:c6:1d:2b:ac:12:df:
e6:4d:3d:de:50:68:ee:73:47:7b:e4:e9:69:9b:38:de:ea:0a:
c5:03:3c:b6:74:86:33:5c:4f:97:56:58:10:96:e5:96:0f:64:
d6:82:43:4a:34:b0:91:17:58:4e:3a:fc:e8:1c:d3:4d:19:c8:
96:14:76:79
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvxVocAhEYp7UjDYSujIAR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTIxMTAwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU1NGFlOTc4N2ViNzFkNWQxNGQ2MjJjZDZhNzM2YTlmNjJmOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEV8/Ma5JTor222tE9GIiXmcWlwD
OZVM8Ce5i1LlGT8DyqG9V5c5+RpykTw7UJG5re89PeFa72aZrIdLWzHa9TaD0C/Q
FJEx3/GU5oU61YjURUhmjLvtce16tYlLrP+Ak+hzetQ+rX6JHcPjTckzWkI9FYpo
+eFW7v9D09A8fCPYC9dZGNM5emwJc+rKTr1n2hwHdEgUHfkhpsG/4wfWzV15xNI6
/JQ7kJv73Ct57PR8GUip4+WJ7PM0EmMxihFQXtq5a1SpUE3w3+LJVDREPEUPBFb1
iyA3LgNtVTo1McdKwkkyRd5c9sZDt0ufG92/VddjM988cSY28Auq5KNCBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJHlSul4frcdXRTWIs1qc2qfYvkwMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEva2VWSzZYaC10eDFkRk5ZaXpXcHphcDlpLVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADum8PenAyfOfOYi/5gW
P2BNgspRuZ2v8rnlZ7tvVx1ayELPPLCtrgIwVkkTNTW/iAE6f+wqO7ZI//DC1Lpd
NJfpNykUYk5ri4b0oU2ovtvJond6y4wn6UC/TlgRsT/pCZywB+e+HTyhJ1rUocT5
gh9fWUPN/DV0+YD7TWr0IhOc+hd8M4h44mTXvfpMcwiK/1IgMdrv/1+OWtByPPxV
Lqyp35m6Jx4aIR1D0i2TxKH/HeM3haEjqMUuGRGVKxrKn8YdK6wS3+ZNPd5QaO5z
R3vk6WmbON7qCsUDPLZ0hjNcT5dWWBCW5ZYPZNaCQ0o0sJEXWE46/Ogc000ZyJYU
dnk=
-----END CERTIFICATE-----
Generated at Wed Jun 18 18:13:54 2025 by rpki-client