Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Apmngs7LwBMAWyGy4slDfvPk2rU.roa
File: Apmngs7LwBMAWyGy4slDfvPk2rU.roa (raw, json)
Hash identifier: aXqF3FP9qviMYLyIemFNXtQNPtPkZYxux/Cb/ECgh84=
Subject key identifier: 02:99:A7:82:CE:CB:C0:13:00:5B:21:B2:E2:C9:43:7E:F3:E4:DA:B5
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01973BB7008397162A2CDDB5C13272E3D82C
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Apmngs7LwBMAWyGy4slDfvPk2rU.roa
Signing time: Wed 04 Jun 2025 16:12:18 +0000
ROA not before: Wed 04 Jun 2025 16:12:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3b:b7:00:83:97:16:2a:2c:dd:b5:c1:32:72:e3:d8:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 4 16:12:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0299a782cecbc013005b21b2e2c9437ef3e4dab5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f4:69:59:d4:c5:7d:d2:47:50:5b:c9:99:ce:
88:44:30:d4:31:64:40:4d:b7:0b:9d:9e:fc:b3:8f:
51:f8:0d:72:fa:67:2c:01:d6:51:80:cb:af:65:5b:
aa:dc:23:30:6d:91:1d:38:eb:6f:71:95:70:b7:b6:
f9:2b:f0:ab:1a:ab:04:b2:1f:aa:ec:ef:b4:c2:bb:
1b:5c:e5:bf:b1:c5:85:3c:c5:dc:ae:b1:88:c7:eb:
4d:97:71:ed:af:63:00:b7:25:38:36:bc:ad:55:28:
34:d7:8a:80:a8:0e:1e:46:51:0c:97:47:73:33:ad:
c8:d6:32:48:c7:21:5c:cf:97:14:f4:65:86:af:48:
b3:b3:c8:86:ff:7e:69:a5:ed:24:ec:f0:c2:3a:8d:
0e:ae:71:50:b0:5e:27:21:c7:df:fe:e4:46:89:27:
4a:10:cb:67:4f:f1:82:c9:0d:b2:04:fd:96:c1:29:
f8:ff:8d:06:95:81:0b:ed:5b:e6:f4:6e:77:dd:d1:
ec:11:bf:7d:e4:f7:07:22:05:90:ed:f8:87:49:19:
52:13:f9:61:59:4e:70:4f:93:16:4a:39:e9:32:2c:
26:40:99:49:19:d7:13:29:5f:d7:8f:ea:40:56:69:
e7:90:12:2f:6b:58:05:49:f6:3f:55:73:41:f2:ca:
f1:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:99:A7:82:CE:CB:C0:13:00:5B:21:B2:E2:C9:43:7E:F3:E4:DA:B5
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Apmngs7LwBMAWyGy4slDfvPk2rU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
58:3e:17:d4:af:82:81:04:9a:8d:47:f3:4d:93:47:58:51:f6:
1b:6e:64:9c:73:f1:ce:ce:c6:fd:6a:67:3a:e5:21:00:56:32:
d0:5d:49:f3:10:e9:25:b6:45:3c:19:8e:4c:52:ad:3f:95:83:
6e:eb:d0:93:1e:22:33:3b:e3:7c:e7:16:21:e8:95:8b:fa:eb:
2e:b6:53:48:cc:eb:9a:62:e8:40:ec:e0:8c:6c:ae:dd:8a:64:
f8:9a:bd:ce:64:67:4c:02:48:08:33:c1:00:1d:9c:a9:dd:c6:
8d:d0:5f:0c:97:5a:ea:6a:d8:91:9f:c5:8e:55:04:b2:dc:00:
48:b8:1e:00:4d:43:1a:db:be:99:7b:a9:6a:ba:14:a2:ee:b6:
f3:df:2b:54:46:69:34:6d:0a:a3:d5:70:06:c3:46:c8:16:a1:
e8:42:a8:24:3e:9a:b9:9d:fb:e1:bc:18:6b:06:e6:48:ef:99:
53:8d:57:35:17:27:60:1e:d7:7d:8c:08:a3:87:74:68:f2:e4:
3f:aa:fe:4b:6c:94:b0:02:41:39:a9:9b:20:fc:22:4d:fb:f9:
ba:0f:db:d2:39:d9:7c:ad:44:80:bb:a6:1e:88:19:28:f8:f4:
bb:67:21:dd:52:f3:c2:d3:46:a7:91:0c:79:3e:d5:31:3c:64:
b1:b2:82:ab
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZc7twCDlxYqLN21wTJy49gsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA0MTYxMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjk5YTc4MmNlY2JjMDEzMDA1YjIxYjJlMmM5NDM3ZWYzZTRkYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfRpWdTFfdJHUFvJmc6IRDDUMWRA
TbcLnZ78s49R+A1y+mcsAdZRgMuvZVuq3CMwbZEdOOtvcZVwt7b5K/CrGqsEsh+q
7O+0wrsbXOW/scWFPMXcrrGIx+tNl3Htr2MAtyU4NrytVSg014qAqA4eRlEMl0dz
M63I1jJIxyFcz5cU9GWGr0izs8iG/35ppe0k7PDCOo0OrnFQsF4nIcff/uRGiSdK
EMtnT/GCyQ2yBP2WwSn4/40GlYEL7Vvm9G533dHsEb995PcHIgWQ7fiHSRlSE/lh
WU5wT5MWSjnpMiwmQJlJGdcTKV/Xj+pAVmnnkBIva1gFSfY/VXNB8srxGwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAKZp4LOy8ATAFshsuLJQ37z5Nq1MB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvQXBtbmdzN0x3Qk1BV3lHeTRzbERmdlBrMnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAWD4X1K+CgQSa
jUfzTZNHWFH2G25knHPxzs7G/WpnOuUhAFYy0F1J8xDpJbZFPBmOTFKtP5WDbuvQ
kx4iMzvjfOcWIeiVi/rrLrZTSMzrmmLoQOzgjGyu3Ypk+Jq9zmRnTAJICDPBAB2c
qd3GjdBfDJda6mrYkZ/FjlUEstwASLgeAE1DGtu+mXuparoUou62898rVEZpNG0K
o9VwBsNGyBah6EKoJD6auZ374bwYawbmSO+ZU41XNRcnYB7XfYwIo4d0aPLkP6r+
S2yUsAJBOambIPwiTfv5ug/b0jnZfK1EgLumHogZKPj0u2ch3VLzwtNGp5EMeT7V
MTxksbKCqw==
-----END CERTIFICATE-----
Generated at Mon Jun 16 04:11:55 2025 by rpki-client