Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/67f049-879e-4eb4-b1c2-8c8ebf5889da/1/QaHZhWq168cueAfPrqqonrzci-o.roa
File: QaHZhWq168cueAfPrqqonrzci-o.roa (raw, json)
Hash identifier: mpE14UfBPNvjYDRjVNpMw77DVMRpO8XpU0/fY/Xc1pc=
Subject key identifier: 41:A1:D9:85:6A:B5:EB:C7:2E:78:07:CF:AE:AA:A8:9E:BC:DC:8B:EA
Certificate issuer: /CN=40b132c17e598f11b6a10f42ef3bce961e18e8ef
Certificate serial: 018EED044D7202561A7B7EB48113A12858D5
Authority key identifier: 40:B1:32:C1:7E:59:8F:11:B6:A1:0F:42:EF:3B:CE:96:1E:18:E8:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QLEywX5ZjxG2oQ9C7zvOlh4Y6O8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/67f049-879e-4eb4-b1c2-8c8ebf5889da/1/QaHZhWq168cueAfPrqqonrzci-o.roa
Signing time: Wed 17 Apr 2024 17:04:25 +0000
ROA not before: Wed 17 Apr 2024 17:04:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18e:ed04:7a6/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:ed:04:4d:72:02:56:1a:7b:7e:b4:81:13:a1:28:58:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=40b132c17e598f11b6a10f42ef3bce961e18e8ef
Validity
Not Before: Apr 17 17:04:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=41a1d9856ab5ebc72e7807cfaeaaa89ebcdc8bea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:c2:a8:6a:32:ea:c2:f3:fc:6c:d5:57:26:22:
35:f5:f8:c9:0f:00:47:5e:68:9c:ab:d6:82:22:1d:
a8:83:9e:35:70:56:c2:c0:42:88:ec:0b:90:9f:ec:
bb:82:67:8f:f8:b4:ad:35:06:d3:ac:e5:a4:b8:f9:
51:6e:37:12:2b:26:0a:e5:c1:86:2a:fd:42:aa:57:
a9:60:f2:ed:a2:d5:a1:27:05:35:4e:ec:54:38:c8:
87:2e:82:a4:c8:6c:f3:9a:d0:29:c0:25:e4:4e:a1:
3f:06:cf:a6:40:25:c5:e7:08:38:35:dd:9e:7f:82:
c4:5c:45:43:ac:16:31:f3:a0:b7:24:f7:9e:21:df:
4f:66:fb:1e:60:e4:d9:a5:27:80:71:27:37:e3:4f:
bf:5c:d3:83:1c:1f:43:98:88:b4:72:57:0d:b7:45:
04:0c:fe:ef:bd:c4:10:ee:c2:88:65:74:f8:01:1e:
8a:3d:8f:82:cc:ab:4a:aa:c3:a1:05:be:b6:0a:5d:
1c:dd:51:ce:fb:7c:eb:87:c6:a7:cd:0e:29:9f:1e:
51:8e:b3:df:07:99:6f:80:92:2e:56:77:7c:69:7f:
0c:78:8f:10:7f:c8:b1:45:1f:48:c5:a7:5b:7b:40:
b2:f5:84:4e:57:8e:8f:32:74:7c:c2:e3:83:ce:09:
20:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:A1:D9:85:6A:B5:EB:C7:2E:78:07:CF:AE:AA:A8:9E:BC:DC:8B:EA
X509v3 Authority Key Identifier:
keyid:40:B1:32:C1:7E:59:8F:11:B6:A1:0F:42:EF:3B:CE:96:1E:18:E8:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLEywX5ZjxG2oQ9C7zvOlh4Y6O8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/67f049-879e-4eb4-b1c2-8c8ebf5889da/1/QaHZhWq168cueAfPrqqonrzci-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/67f049-879e-4eb4-b1c2-8c8ebf5889da/1/QLEywX5ZjxG2oQ9C7zvOlh4Y6O8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
50:84:40:72:3b:a1:36:5c:64:f3:e2:03:90:13:4b:a6:77:2f:
02:bc:03:c0:5f:cc:d5:d4:5e:5c:eb:92:67:d0:18:de:30:4f:
36:45:e6:56:57:41:73:27:60:c4:f6:9c:8c:16:55:54:82:9f:
ff:5d:68:34:39:43:2f:f8:4a:fa:34:a3:53:62:0e:20:2c:04:
c8:2c:2a:ff:d1:c1:08:7f:03:14:71:f3:9a:2f:56:f0:f8:24:
7b:8b:24:93:83:b2:5c:c7:e3:ef:81:5b:bf:15:ad:91:90:c3:
c7:36:03:10:d1:30:c6:e8:cc:91:60:54:2f:1b:7e:24:e7:e6:
a6:8c:7c:d9:3b:ea:09:0c:e1:3a:38:02:66:a1:9b:41:de:c8:
cf:63:9f:97:c8:7e:b9:0c:2b:d1:7b:97:63:12:38:64:d2:10:
50:74:93:69:7d:5f:ad:55:b3:36:80:f3:88:aa:6e:f6:2d:42:
04:bf:14:18:8f:29:18:9b:a6:b5:17:cd:a5:ce:a9:f1:d4:c5:
3f:6f:95:45:ee:a0:04:f1:62:63:68:42:63:aa:ce:5d:3a:84:
fb:36:d3:c2:d0:3a:8b:2f:3a:83:ff:4c:b3:1e:38:68:14:c5:
dc:02:e7:c4:18:a3:79:d4:57:43:38:a6:90:b5:d9:7d:e4:92:
f3:11:02:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY7tBE1yAlYae360gROhKFjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjEzMmMxN2U1OThmMTFiNmExMGY0MmVmM2JjZTk2MWUx
OGU4ZWYwHhcNMjQwNDE3MTcwNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWExZDk4NTZhYjVlYmM3MmU3ODA3Y2ZhZWFhYTg5ZWJjZGM4YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisKoajLqwvP8bNVXJiI19fjJDwBH
Xmicq9aCIh2og541cFbCwEKI7AuQn+y7gmeP+LStNQbTrOWkuPlRbjcSKyYK5cGG
Kv1CqlepYPLtotWhJwU1TuxUOMiHLoKkyGzzmtApwCXkTqE/Bs+mQCXF5wg4Nd2e
f4LEXEVDrBYx86C3JPeeId9PZvseYOTZpSeAcSc340+/XNODHB9DmIi0clcNt0UE
DP7vvcQQ7sKIZXT4AR6KPY+CzKtKqsOhBb62Cl0c3VHO+3zrh8anzQ4pnx5RjrPf
B5lvgJIuVnd8aX8MeI8Qf8ixRR9Ixadbe0Cy9YROV46PMnR8wuODzgkgfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEGh2YVqtevHLngHz66qqJ683IvqMB8GA1UdIwQY
MBaAFECxMsF+WY8RtqEPQu87zpYeGOjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxFeXdYNVpqeEcyb1E5Qzd6dk9saDRZNk84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy82N2YwNDktODc5ZS00ZWI0LWIxYzIt
OGM4ZWJmNTg4OWRhLzEvUWFIWmhXcTE2OGN1ZUFmUHJxcW9ucnpjaS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy82N2YwNDktODc5ZS00ZWI0LWIxYzItOGM4ZWJmNTg4OWRh
LzEvUUxFeXdYNVpqeEcyb1E5Qzd6dk9saDRZNk84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFCEQHI7oTZcZPPiA5AT
S6Z3LwK8A8BfzNXUXlzrkmfQGN4wTzZF5lZXQXMnYMT2nIwWVVSCn/9daDQ5Qy/4
Svo0o1NiDiAsBMgsKv/RwQh/AxRx85ovVvD4JHuLJJODslzH4++BW78VrZGQw8c2
AxDRMMbozJFgVC8bfiTn5qaMfNk76gkM4To4Amahm0HeyM9jn5fIfrkMK9F7l2MS
OGTSEFB0k2l9X61VszaA84iqbvYtQgS/FBiPKRibprUXzaXOqfHUxT9vlUXuoATx
YmNoQmOqzl06hPs208LQOosvOoP/TLMeOGgUxdwC58QYo3nUV0M4ppC12X3kkvMR
AgY=
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:54:45 2025 by rpki-client