Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3GNtsp3MWjDsqPmzosSfbm5i9yU.roa
File: 3GNtsp3MWjDsqPmzosSfbm5i9yU.roa (raw, json)
Hash identifier: AaAwvr2gmmFtsQ+fLUSu46DlK+W7lyFwhuXxzFpSW30=
Subject key identifier: DC:63:6D:B2:9D:CC:5A:30:EC:A8:F9:B3:A2:C4:9F:6E:6E:62:F7:25
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019756C14BC2640606CBD53AD5C11BBA70B1
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3GNtsp3MWjDsqPmzosSfbm5i9yU.roa
Signing time: Mon 09 Jun 2025 22:13:17 +0000
ROA not before: Mon 09 Jun 2025 22:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:56:c1:4b:c2:64:06:06:cb:d5:3a:d5:c1:1b:ba:70:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 9 22:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc636db29dcc5a30eca8f9b3a2c49f6e6e62f725
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:fb:f2:1b:b4:94:14:81:9a:36:7e:91:88:38:
dd:6f:c9:50:24:87:f0:e8:d4:8c:da:16:a1:93:f2:
ff:ed:a7:0d:99:09:33:65:5f:c7:52:c9:3d:ab:b0:
94:e0:39:52:c9:9f:53:b0:91:98:fc:6a:82:6c:cf:
59:e7:74:15:0d:18:25:6b:be:34:f3:29:e7:6e:a8:
a4:90:cd:a3:f2:54:db:c2:35:96:b2:c5:ae:ff:4c:
43:0d:d3:da:6e:45:3d:fd:a0:cf:1a:50:fd:e6:49:
ff:22:db:9d:a2:68:5f:ed:5c:1e:47:c3:08:a1:1d:
b6:23:df:1e:74:9d:df:03:e3:64:ab:20:25:f7:ac:
5d:01:b9:37:6b:f8:c6:43:44:2e:5c:85:fd:1f:6b:
c6:f8:16:58:17:9d:43:28:f9:f8:cd:5d:33:dc:b3:
f2:52:b3:a6:15:8b:15:34:6b:a4:81:7c:41:f6:ed:
d1:d5:3a:df:d0:12:a4:86:f2:9d:91:ca:11:e6:d3:
2d:a7:0c:8e:60:0e:db:4f:ae:c6:68:1f:d5:8e:06:
d3:78:d0:a2:09:7a:5a:e3:2c:b2:cf:1e:58:a4:01:
b9:0b:1e:f5:5d:1d:3a:4e:c1:44:9c:3b:79:39:fe:
c2:d8:8e:cc:e6:56:2f:fb:1a:ca:b8:40:e9:3e:7b:
1d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:63:6D:B2:9D:CC:5A:30:EC:A8:F9:B3:A2:C4:9F:6E:6E:62:F7:25
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3GNtsp3MWjDsqPmzosSfbm5i9yU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
ba:00:95:8e:c2:53:26:d3:d1:3b:d5:e7:99:23:b5:16:54:4c:
47:e3:ef:84:7e:92:cd:7e:19:b6:ae:25:57:31:03:bf:fd:8c:
00:5b:50:a8:01:1e:d9:48:cf:b3:2d:dd:31:63:c9:30:f8:3f:
e8:9c:a0:e7:e6:e0:ea:61:2c:56:a3:6a:a9:b4:91:59:c3:1b:
59:9d:d8:ef:36:b0:99:35:3e:78:32:39:b7:64:0d:28:22:04:
f7:f2:58:33:cd:8f:35:a8:60:53:c5:5a:49:03:a1:9f:b0:6a:
69:84:ee:9f:fa:e7:42:9d:7d:61:1b:99:5a:67:be:5d:96:63:
7c:2a:cf:63:91:b1:57:df:1c:a6:e2:94:58:0a:81:b3:77:5c:
45:78:59:25:08:fe:5e:03:3e:a1:89:e6:38:9e:00:9a:7a:5e:
3c:87:c4:6c:8d:17:a1:49:21:14:ba:21:54:0c:fd:10:b9:f6:
8d:17:12:e8:5d:6f:fa:94:22:bc:23:1c:bc:1b:8d:66:cc:0d:
79:64:42:3f:fa:1e:c6:86:09:0b:a2:d5:31:74:7d:25:48:8c:
c9:cc:5e:82:cb:77:06:9c:cd:92:2a:86:d5:09:04:6a:ea:6a:
e0:c9:ec:fc:f7:6b:65:f1:46:0c:b1:cb:55:05:9c:3f:7a:98:
44:26:5b:9c
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdWwUvCZAYGy9U61cEbunCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA5MjIxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzYzNmRiMjlkY2M1YTMwZWNhOGY5YjNhMmM0OWY2ZTZlNjJmNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/vyG7SUFIGaNn6RiDjdb8lQJIfw
6NSM2hahk/L/7acNmQkzZV/HUsk9q7CU4DlSyZ9TsJGY/GqCbM9Z53QVDRgla740
8ynnbqikkM2j8lTbwjWWssWu/0xDDdPabkU9/aDPGlD95kn/Itudomhf7VweR8MI
oR22I98edJ3fA+NkqyAl96xdAbk3a/jGQ0QuXIX9H2vG+BZYF51DKPn4zV0z3LPy
UrOmFYsVNGukgXxB9u3R1Trf0BKkhvKdkcoR5tMtpwyOYA7bT67GaB/VjgbTeNCi
CXpa4yyyzx5YpAG5Cx71XR06TsFEnDt5Of7C2I7M5lYv+xrKuEDpPnsd3QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFNxjbbKdzFow7Kj5s6LEn25uYvclMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvM0dOdHNwM01XakRzcVBtem9zU2ZibTVpOXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAugCVjsJTJtPR
O9XnmSO1FlRMR+PvhH6SzX4Ztq4lVzEDv/2MAFtQqAEe2UjPsy3dMWPJMPg/6Jyg
5+bg6mEsVqNqqbSRWcMbWZ3Y7zawmTU+eDI5t2QNKCIE9/JYM82PNahgU8VaSQOh
n7BqaYTun/rnQp19YRuZWme+XZZjfCrPY5GxV98cpuKUWAqBs3dcRXhZJQj+XgM+
oYnmOJ4AmnpePIfEbI0XoUkhFLohVAz9ELn2jRcS6F1v+pQivCMcvBuNZswNeWRC
P/oexoYJC6LVMXR9JUiMycxegst3BpzNkiqG1QkEaupq4Mns/PdrZfFGDLHLVQWc
P3qYRCZbnA==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:39:04 2025 by rpki-client