Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Da25zZOe5nDkP29g_XnzWr4eh_k.roa
File: Da25zZOe5nDkP29g_XnzWr4eh_k.roa (raw, json)
Hash identifier: VxQOEDSdiStXttnXnjkrfIgmgvg61IqVnZUEMDyG2LY=
Subject key identifier: 0D:AD:B9:CD:93:9E:E6:70:E4:3F:6F:60:FD:79:F3:5A:BE:1E:87:F9
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01972B985CFC57150855D75B3471A283EA6C
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Da25zZOe5nDkP29g_XnzWr4eh_k.roa
Signing time: Sun 01 Jun 2025 13:04:54 +0000
ROA not before: Sun 01 Jun 2025 13:04:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:2b97:9f6b/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2b:98:5c:fc:57:15:08:55:d7:5b:34:71:a2:83:ea:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 1 13:04:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0dadb9cd939ee670e43f6f60fd79f35abe1e87f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:76:e1:7b:a8:ce:63:29:e4:f0:3e:26:35:a5:
93:8e:f1:66:65:43:5d:f9:1b:3d:76:8f:1e:c8:87:
fc:8c:98:d9:83:ee:6e:ee:ad:8a:f8:49:e9:70:bb:
34:35:b6:61:ff:31:1f:00:0a:f8:2b:4a:e5:1d:26:
a4:30:9c:36:43:00:6c:36:37:28:d3:b9:cb:7e:34:
03:3b:da:81:2e:01:99:60:db:9a:08:0d:70:24:33:
a0:17:de:df:bb:46:9c:50:49:31:26:57:6a:a0:d8:
bd:4e:ff:12:87:83:50:56:ec:81:7b:eb:7e:65:a7:
42:88:ea:3d:a0:ec:de:a7:3c:43:16:2f:be:64:c2:
46:17:e5:18:28:4c:83:d1:2d:4f:58:29:7f:8f:e0:
61:61:2f:eb:0a:42:d4:d6:75:c1:a8:13:9b:c0:50:
52:c2:90:48:41:89:eb:a4:2a:ff:21:8a:41:79:bc:
0b:ac:79:20:45:0f:8f:a0:fd:b9:57:df:3f:27:5c:
47:17:04:de:5a:ae:2c:c0:7c:cb:60:73:c0:20:09:
0f:06:6d:68:69:77:ad:16:dd:b1:93:b5:85:d4:75:
a8:19:73:8f:71:4b:2e:e8:08:56:40:eb:2c:1a:d8:
80:22:e4:a1:4f:05:e2:ae:38:71:94:97:a4:ba:53:
69:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:AD:B9:CD:93:9E:E6:70:E4:3F:6F:60:FD:79:F3:5A:BE:1E:87:F9
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/Da25zZOe5nDkP29g_XnzWr4eh_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:2b97:9f6b/128
Signature Algorithm: sha256WithRSAEncryption
23:2a:f8:ed:2d:eb:ca:ae:8b:fd:fd:f1:26:17:40:63:68:27:
3d:b3:b6:e0:cd:5d:01:35:69:f8:0e:42:51:38:1b:a9:8d:97:
e3:93:c4:b0:46:4d:6a:52:5b:ec:3b:e9:37:67:7c:ac:de:b7:
e9:ca:49:be:3f:b8:25:a4:3a:8f:dc:71:2d:c5:e1:2c:43:98:
96:cb:79:b3:f0:14:0c:fd:ba:d3:29:8b:ee:04:83:0c:eb:58:
df:e9:dc:16:7d:74:34:96:50:ea:22:90:60:d2:aa:ff:fa:3b:
f5:8b:66:7c:4d:98:b4:8a:cd:ba:c6:8e:97:21:c3:ab:21:92:
08:84:4e:10:1c:e1:a7:d2:58:d9:0a:6d:d3:42:c1:32:08:44:
c3:c7:6e:a6:28:d3:8f:80:fc:2f:1c:3d:91:5a:c2:63:a0:ce:
2f:f0:b2:06:96:5e:fd:23:f5:17:7b:e2:57:70:19:1c:76:6b:
f6:dd:3c:25:b5:1f:a0:49:49:0b:ea:90:d2:0b:30:62:dc:40:
3b:d7:9c:21:a2:74:f6:09:d1:bf:d4:94:68:66:4c:46:55:8f:
08:dd:fe:42:d4:78:e4:a5:3c:e3:7a:1e:d3:1d:65:74:28:ef:
ae:55:9a:3a:2b:fa:c6:2a:ed:ef:93:8a:1c:93:4f:08:a3:21:
cd:2e:a8:bf
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZcrmFz8VxUIVddbNHGig+psMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjAxMTMwNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFkYjljZDkzOWVlNjcwZTQzZjZmNjBmZDc5ZjM1YWJlMWU4N2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Xbhe6jOYynk8D4mNaWTjvFmZUNd
+Rs9do8eyIf8jJjZg+5u7q2K+EnpcLs0NbZh/zEfAAr4K0rlHSakMJw2QwBsNjco
07nLfjQDO9qBLgGZYNuaCA1wJDOgF97fu0acUEkxJldqoNi9Tv8Sh4NQVuyBe+t+
ZadCiOo9oOzepzxDFi++ZMJGF+UYKEyD0S1PWCl/j+BhYS/rCkLU1nXBqBObwFBS
wpBIQYnrpCr/IYpBebwLrHkgRQ+PoP25V98/J1xHFwTeWq4swHzLYHPAIAkPBm1o
aXetFt2xk7WF1HWoGXOPcUsu6AhWQOssGtiAIuShTwXirjhxlJekulNpdQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFA2tuc2TnuZw5D9vYP1581q+Hof5MB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvRGEyNXpaT2U1bkRrUDI5Z19YbnpXcjRlaF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXK5efazANBgkqhkiG9w0BAQsFAAOCAQEAIyr47S3ryq6L
/f3xJhdAY2gnPbO24M1dATVp+A5CUTgbqY2X45PEsEZNalJb7DvpN2d8rN636cpJ
vj+4JaQ6j9xxLcXhLEOYlst5s/AUDP260ymL7gSDDOtY3+ncFn10NJZQ6iKQYNKq
//o79YtmfE2YtIrNusaOlyHDqyGSCIROEBzhp9JY2Qpt00LBMghEw8dupijTj4D8
Lxw9kVrCY6DOL/CyBpZe/SP1F3viV3AZHHZr9t08JbUfoElJC+qQ0gswYtxAO9ec
IaJ09gnRv9SUaGZMRlWPCN3+QtR45KU843oe0x1ldCjvrlWaOiv6xirt75OKHJNP
CKMhzS6ovw==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:19:58 2025 by rpki-client