Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/66efb4-d2ec-40d6-9a3e-7990e87bbd5f/1/P2em9y74Yobejm97ua9o-iudHqQ.roa
File: P2em9y74Yobejm97ua9o-iudHqQ.roa (raw, json)
Hash identifier: YrWveFgzdZgEAJ2Ti291o0W/Y7XGIpuaMi2gmRt+gaQ=
Subject key identifier: 3F:67:A6:F7:2E:F8:62:86:DE:8E:6F:7B:B9:AF:68:FA:2B:9D:1E:A4
Certificate issuer: /CN=3d23758dfb6f1d43dcd64d0f0ab27ef715135952
Certificate serial: 019B7A5B05EE3790988898AA0C2556C6B30C
Authority key identifier: 3D:23:75:8D:FB:6F:1D:43:DC:D6:4D:0F:0A:B2:7E:F7:15:13:59:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PSN1jftvHUPc1k0PCrJ-9xUTWVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/66efb4-d2ec-40d6-9a3e-7990e87bbd5f/1/P2em9y74Yobejm97ua9o-iudHqQ.roa
Signing time: Thu 01 Jan 2026 16:19:04 +0000
ROA not before: Thu 01 Jan 2026 16:19:04 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 185.193.144.0/22 maxlen: 24
195.39.222.0/23 maxlen: 24
2a01:a780::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5b:05:ee:37:90:98:88:98:aa:0c:25:56:c6:b3:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d23758dfb6f1d43dcd64d0f0ab27ef715135952
Validity
Not Before: Jan 1 16:19:04 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3f67a6f72ef86286de8e6f7bb9af68fa2b9d1ea4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a2:7d:ad:6b:aa:7a:f8:17:46:0a:11:92:88:
41:d2:71:34:01:77:0f:0b:ad:0a:71:0a:33:7f:4d:
54:3a:f0:a5:4d:4e:2e:ed:77:6a:c0:d0:a7:f5:d4:
53:87:07:c1:b3:22:e3:6a:57:1d:bf:72:62:b8:5e:
e9:a0:b7:35:92:1e:43:d5:05:0c:ff:d0:db:0e:31:
b4:de:69:f2:a8:1e:78:f3:f3:06:8b:46:22:d8:32:
61:52:8f:0e:c2:ab:9f:9f:9a:6c:a4:e2:a3:e4:3f:
f6:83:46:af:9c:92:9f:3e:ca:f1:bf:0e:8b:0c:5c:
29:fc:51:df:7c:f2:a7:77:2f:f2:a6:58:c8:6c:a1:
d2:d2:ae:e7:0b:2f:82:c3:7a:34:45:a1:ad:8b:a1:
f9:b8:0c:b2:77:0a:db:2d:99:e6:e1:8e:fa:b6:97:
3b:ea:93:1c:4d:7e:fc:b1:46:6b:6a:6f:93:ea:67:
77:fb:32:80:64:e6:2c:3f:96:17:16:29:f6:30:ba:
d5:be:9a:ab:fc:91:72:f0:d4:9a:41:c0:ca:47:c8:
28:9e:c2:f4:ba:c0:6c:10:5f:f1:09:6a:c5:3a:4b:
4c:f3:99:ec:c2:b5:12:44:49:fc:56:94:1d:04:22:
26:35:76:d4:d3:b7:a1:f1:65:52:60:61:70:b1:5a:
4b:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:67:A6:F7:2E:F8:62:86:DE:8E:6F:7B:B9:AF:68:FA:2B:9D:1E:A4
X509v3 Authority Key Identifier:
keyid:3D:23:75:8D:FB:6F:1D:43:DC:D6:4D:0F:0A:B2:7E:F7:15:13:59:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PSN1jftvHUPc1k0PCrJ-9xUTWVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66efb4-d2ec-40d6-9a3e-7990e87bbd5f/1/P2em9y74Yobejm97ua9o-iudHqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66efb4-d2ec-40d6-9a3e-7990e87bbd5f/1/PSN1jftvHUPc1k0PCrJ-9xUTWVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.193.144.0/22
195.39.222.0/23
IPv6:
2a01:a780::/32
Signature Algorithm: sha256WithRSAEncryption
3d:f6:1d:48:7b:ee:a6:cd:ac:f3:51:8d:96:35:77:a7:ba:0f:
f0:a8:0a:62:1d:85:dd:58:94:ba:9d:10:7a:98:dc:57:a2:10:
47:c4:c3:37:77:93:86:9c:bc:10:9e:87:bd:87:ca:d3:0b:da:
aa:2b:cc:bb:fb:cd:5b:7e:8e:b8:a9:c0:9b:41:6d:eb:82:85:
16:70:5b:fb:c7:0c:d8:b7:df:f3:8a:45:73:c2:45:cc:87:96:
5f:41:4f:36:1e:61:f3:81:0c:5f:cb:ec:bd:a8:09:45:aa:84:
99:05:a9:82:57:ac:8c:27:94:9a:98:af:4b:08:2e:a4:f2:44:
c0:a1:f5:ea:30:f4:d0:c6:cc:ff:bf:8f:d1:8f:39:c2:c6:ec:
5a:5c:53:e3:7c:51:d9:92:8c:21:c6:02:64:db:50:82:b1:37:
65:01:5a:8e:35:b9:46:4f:74:35:8b:2b:a5:d4:54:d3:01:ea:
e2:ac:c4:04:b5:b9:70:62:ef:b8:bd:b9:c1:5e:be:5d:5a:fe:
44:b0:67:16:11:b0:a6:bd:6a:ad:17:2a:7b:ea:a7:a6:f6:c1:
f9:4e:dc:50:5b:cb:84:02:a2:02:50:d5:e6:d9:cc:be:3a:48:
97:75:2a:fb:bd:9e:5b:f1:19:8d:eb:34:69:d2:80:ab:4a:2d:
ca:2a:de:dd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt6WwXuN5CYiJiqDCVWxrMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMjM3NThkZmI2ZjFkNDNkY2Q2NGQwZjBhYjI3ZWY3MTUx
MzU5NTIwHhcNMjYwMTAxMTYxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjY3YTZmNzJlZjg2Mjg2ZGU4ZTZmN2JiOWFmNjhmYTJiOWQxZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqJ9rWuqevgXRgoRkohB0nE0AXcP
C60KcQozf01UOvClTU4u7XdqwNCn9dRThwfBsyLjalcdv3JiuF7poLc1kh5D1QUM
/9DbDjG03mnyqB548/MGi0Yi2DJhUo8Owqufn5pspOKj5D/2g0avnJKfPsrxvw6L
DFwp/FHffPKndy/ypljIbKHS0q7nCy+Cw3o0RaGti6H5uAyydwrbLZnm4Y76tpc7
6pMcTX78sUZram+T6md3+zKAZOYsP5YXFin2MLrVvpqr/JFy8NSaQcDKR8gonsL0
usBsEF/xCWrFOktM85nswrUSREn8VpQdBCImNXbU07eh8WVSYGFwsVpLWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD9npvcu+GKG3o5ve7mvaPornR6kMB8GA1UdIwQY
MBaAFD0jdY37bx1D3NZNDwqyfvcVE1lSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFNOMWpmdHZIVVBjMWswUENySi05eFVUV1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82NmVmYjQtZDJlYy00MGQ2LTlhM2Ut
Nzk5MGU4N2JiZDVmLzEvUDJlbTl5NzRZb2Jlam05N3VhOW8taXVkSHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82NmVmYjQtZDJlYy00MGQ2LTlhM2UtNzk5MGU4N2JiZDVm
LzEvUFNOMWpmdHZIVVBjMWswUENySi05eFVUV1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCucGQAwQB
wyfeMA0EAgACMAcDBQAqAaeAMA0GCSqGSIb3DQEBCwUAA4IBAQA99h1Ie+6mzazz
UY2WNXenug/wqApiHYXdWJS6nRB6mNxXohBHxMM3d5OGnLwQnoe9h8rTC9qqK8y7
+81bfo64qcCbQW3rgoUWcFv7xwzYt9/zikVzwkXMh5ZfQU82HmHzgQxfy+y9qAlF
qoSZBamCV6yMJ5SamK9LCC6k8kTAofXqMPTQxsz/v4/RjznCxuxaXFPjfFHZkowh
xgJk21CCsTdlAVqONblGT3Q1iyul1FTTAerirMQEtblwYu+4vbnBXr5dWv5EsGcW
EbCmvWqtFyp76qem9sH5TtxQW8uEAqICUNXm2cy+OkiXdSr7vZ5b8RmN6zRp0oCr
Si3KKt7d
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:01:12 2026 by rpki-client