Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/AtlS1NhvBHhIjLe-bzxqCgWUCkE.roa
File: AtlS1NhvBHhIjLe-bzxqCgWUCkE.roa (raw, json)
Hash identifier: c7mMnmnGPHgVPb7RjpXqq1arSmUEd8AKvgQDPHliR9o=
Subject key identifier: 02:D9:52:D4:D8:6F:04:78:48:8C:B7:BE:6F:3C:6A:0A:05:94:0A:41
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01975C2414B828913F0684CC245AD7B51038
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/AtlS1NhvBHhIjLe-bzxqCgWUCkE.roa
Signing time: Tue 10 Jun 2025 23:19:17 +0000
ROA not before: Tue 10 Jun 2025 23:19:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5c:24:14:b8:28:91:3f:06:84:cc:24:5a:d7:b5:10:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 10 23:19:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=02d952d4d86f0478488cb7be6f3c6a0a05940a41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:99:30:80:c0:5a:3d:6c:84:5c:35:29:49:83:
f0:97:86:0a:04:cb:c3:da:2d:be:87:de:96:1a:8c:
35:bd:b1:bc:70:96:c8:85:eb:27:7c:6b:6c:f6:4d:
d2:9a:93:f4:d4:59:3d:cd:07:3b:aa:35:06:d9:0f:
e4:fe:15:ac:da:37:42:7c:44:d3:13:ff:9e:16:ff:
24:c7:55:8c:a7:c8:5c:19:2d:b9:99:fa:59:c3:58:
1d:c3:df:7a:7c:a8:9e:a3:5a:71:f0:21:4c:5a:ed:
20:84:7a:11:e9:87:d0:e5:cb:05:8e:c7:00:03:8d:
06:86:1e:50:ce:9f:e7:3e:22:59:8c:f7:c9:36:f2:
11:25:e3:ef:c2:15:f2:91:b2:0a:97:0a:f7:54:14:
3f:2d:8d:2e:ef:5c:e3:4d:62:44:07:6a:e9:1b:5e:
fe:68:cc:2e:69:f2:80:c5:5d:65:6e:fb:e8:2a:dd:
e2:e1:9b:46:d3:6d:5a:ed:03:75:d4:f4:5d:f9:52:
78:95:23:fe:d6:73:10:1d:ba:57:d9:95:a0:3d:71:
78:1d:f7:ad:70:c2:01:59:60:eb:1e:5a:d4:75:57:
61:36:7b:c8:bf:ea:05:31:b9:81:5c:2a:81:15:5a:
ae:bb:a7:22:f5:28:be:8d:f7:a4:8c:44:49:9b:72:
00:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:D9:52:D4:D8:6F:04:78:48:8C:B7:BE:6F:3C:6A:0A:05:94:0A:41
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/AtlS1NhvBHhIjLe-bzxqCgWUCkE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
83:b1:a8:69:67:10:9f:64:9d:68:5e:96:07:de:39:5b:2e:6e:
66:98:f7:0c:36:55:94:e4:b6:e8:89:7e:9c:a0:54:43:2f:75:
06:3b:2b:59:fc:92:97:e4:f9:26:c1:ef:d9:a7:d4:e6:59:36:
fd:6b:20:a0:08:92:58:1a:aa:b1:72:cb:df:fc:88:f7:d1:cc:
7b:17:b4:1c:1f:77:22:17:50:4c:05:ed:fd:e0:f2:68:f9:0e:
2f:ff:84:80:6a:a6:55:b8:55:a6:2d:3d:b0:5d:13:54:e1:1f:
2c:4a:1a:f4:39:36:72:58:c7:f6:e7:9c:9d:52:65:2b:cc:b7:
91:bd:42:1a:38:30:73:4e:67:ef:5c:5d:17:e4:0e:01:5b:48:
82:05:23:19:49:5e:45:4f:9d:26:c6:f0:5d:65:33:a4:16:de:
01:aa:3e:7b:b0:c1:75:9b:9d:22:58:07:22:a2:6c:07:95:cd:
6d:09:69:13:ca:63:a8:99:91:b9:49:c8:84:53:41:bd:4a:40:
f8:66:94:7c:4e:91:03:e8:cc:6d:76:b2:01:57:90:26:d6:37:
ab:d4:31:5b:85:4a:63:a9:6d:29:5f:13:93:dd:79:56:3a:7b:
78:e1:3a:2f:81:b9:13:a9:02:53:75:49:f8:ae:95:33:44:c3:
6e:c8:27:8c
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdcJBS4KJE/BoTMJFrXtRA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjEwMjMxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ5NTJkNGQ4NmYwNDc4NDg4Y2I3YmU2ZjNjNmEwYTA1OTQwYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JkwgMBaPWyEXDUpSYPwl4YKBMvD
2i2+h96WGow1vbG8cJbIhesnfGts9k3SmpP01Fk9zQc7qjUG2Q/k/hWs2jdCfETT
E/+eFv8kx1WMp8hcGS25mfpZw1gdw996fKieo1px8CFMWu0ghHoR6YfQ5csFjscA
A40Ghh5Qzp/nPiJZjPfJNvIRJePvwhXykbIKlwr3VBQ/LY0u71zjTWJEB2rpG17+
aMwuafKAxV1lbvvoKt3i4ZtG021a7QN11PRd+VJ4lSP+1nMQHbpX2ZWgPXF4Hfet
cMIBWWDrHlrUdVdhNnvIv+oFMbmBXCqBFVquu6ci9Si+jfekjERJm3IANwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFALZUtTYbwR4SIy3vm88agoFlApBMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvQXRsUzFOaHZCSGhJakxlLWJ6eHFDZ1dVQ2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAg7GoaWcQn2Sd
aF6WB945Wy5uZpj3DDZVlOS26Il+nKBUQy91BjsrWfySl+T5JsHv2afU5lk2/Wsg
oAiSWBqqsXLL3/yI99HMexe0HB93IhdQTAXt/eDyaPkOL/+EgGqmVbhVpi09sF0T
VOEfLEoa9Dk2cljH9uecnVJlK8y3kb1CGjgwc05n71xdF+QOAVtIggUjGUleRU+d
JsbwXWUzpBbeAao+e7DBdZudIlgHIqJsB5XNbQlpE8pjqJmRuUnIhFNBvUpA+GaU
fE6RA+jMbXayAVeQJtY3q9QxW4VKY6ltKV8Tk915Vjp7eOE6L4G5E6kCU3VJ+K6V
M0TDbsgnjA==
-----END CERTIFICATE-----
Generated at Tue Jun 17 01:23:56 2025 by rpki-client