Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/KpT1cgnKKkYiEdTFTi-Etaytv-k.roa
File: KpT1cgnKKkYiEdTFTi-Etaytv-k.roa (raw, json)
Hash identifier: D7FjGHQnGkFM0bCKcQG3oB2zSKFQG94FEbKjQNqepXk=
Subject key identifier: 2A:94:F5:72:09:CA:2A:46:22:11:D4:C5:4E:2F:84:B5:AC:AD:BF:E9
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01974D513937A7BC3BA14F25FE8B28002F46
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/KpT1cgnKKkYiEdTFTi-Etaytv-k.roa
Signing time: Sun 08 Jun 2025 02:14:18 +0000
ROA not before: Sun 08 Jun 2025 02:14:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:4d:51:39:37:a7:bc:3b:a1:4f:25:fe:8b:28:00:2f:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 8 02:14:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a94f57209ca2a462211d4c54e2f84b5acadbfe9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:8d:d4:4a:d0:ef:b9:19:da:92:f3:46:12:b6:
e1:ea:ec:ed:94:ca:61:5b:53:c5:93:12:f3:4c:1d:
4d:da:00:42:32:84:df:70:a8:aa:0d:2f:82:0a:74:
e3:e9:b4:fc:34:c5:ba:6c:26:53:6c:c4:6f:11:44:
e2:9b:63:5a:01:eb:f1:e6:96:03:2d:aa:b4:e0:25:
1c:6b:37:44:4a:b0:49:90:cc:15:86:51:5e:5e:41:
39:09:0f:2d:82:d3:28:9f:c5:7e:3b:8b:ff:a4:bd:
d6:aa:7b:62:2c:6b:ea:1f:e4:c1:cb:f5:85:6f:01:
5b:bd:8d:45:02:b2:83:87:b9:a4:33:70:fa:8c:b5:
5a:0a:73:9b:3e:c1:4d:92:4c:2f:71:17:24:31:07:
59:fb:d9:ed:70:5c:d9:1a:61:38:10:09:6d:93:b5:
7a:ec:48:2d:98:77:fa:7c:fc:a6:b5:12:0f:19:39:
f8:41:c1:31:ca:ba:30:de:b1:ab:8b:13:a5:34:42:
84:8b:2c:7f:0a:a9:50:2e:c2:78:24:e7:9c:46:f7:
c7:23:4d:f0:be:c2:be:9a:fa:2a:bf:7a:e8:b0:2f:
80:df:ff:c7:cd:d0:29:21:a5:fe:5d:ce:e0:d1:e2:
80:f6:85:af:63:ac:55:68:e7:62:50:ff:c9:79:46:
ae:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:94:F5:72:09:CA:2A:46:22:11:D4:C5:4E:2F:84:B5:AC:AD:BF:E9
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/KpT1cgnKKkYiEdTFTi-Etaytv-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
4f:07:69:d9:01:f4:97:06:b4:38:7b:dc:cb:69:de:8d:4a:03:
92:88:a7:cb:c9:19:69:e1:97:9f:17:29:b5:bd:97:24:1a:04:
b3:dd:85:77:36:bb:b4:7f:8f:b9:77:9e:11:83:0c:bd:af:ab:
77:6e:3d:28:c6:9e:90:60:7b:d4:cc:47:39:52:ad:9a:da:45:
8d:62:88:c4:e7:6e:9b:05:ce:74:70:f6:eb:b5:f2:b1:21:54:
f4:e7:49:8e:0e:9f:47:b4:97:6b:f3:1b:f4:be:46:47:cd:32:
cf:ba:7d:11:81:18:72:4f:f7:73:41:9b:17:86:57:a5:aa:79:
d2:82:1c:d7:02:b9:97:63:d5:8a:e6:da:70:f6:82:9d:83:8b:
b2:00:e0:b2:41:7d:c6:d2:70:f8:ac:56:3f:06:08:89:7c:c9:
84:4f:5d:14:45:90:0a:1a:2d:23:da:5f:00:d0:fd:73:78:e9:
cf:be:a7:19:7a:eb:63:58:67:d3:48:c2:45:b5:09:ac:ac:ef:
ff:0f:b1:92:74:59:9a:7f:51:cb:9c:7d:6f:cb:67:d7:9d:bb:
26:2c:77:e5:3e:b2:38:3d:89:25:e6:18:3d:9e:3c:44:cd:16:
ca:4a:df:82:f5:70:2f:ce:6c:60:3f:0f:91:18:a1:48:1c:db:
0d:51:10:40
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdNUTk3p7w7oU8l/osoAC9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA4MDIxNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk0ZjU3MjA5Y2EyYTQ2MjIxMWQ0YzU0ZTJmODRiNWFjYWRiZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso3UStDvuRnakvNGErbh6uztlMph
W1PFkxLzTB1N2gBCMoTfcKiqDS+CCnTj6bT8NMW6bCZTbMRvEUTim2NaAevx5pYD
Laq04CUcazdESrBJkMwVhlFeXkE5CQ8tgtMon8V+O4v/pL3WqntiLGvqH+TBy/WF
bwFbvY1FArKDh7mkM3D6jLVaCnObPsFNkkwvcRckMQdZ+9ntcFzZGmE4EAltk7V6
7EgtmHf6fPymtRIPGTn4QcExyrow3rGrixOlNEKEiyx/CqlQLsJ4JOecRvfHI03w
vsK+mvoqv3rosC+A3//HzdApIaX+Xc7g0eKA9oWvY6xVaOdiUP/JeUaugwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCqU9XIJyipGIhHUxU4vhLWsrb/pMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvS3BUMWNnbktLa1lpRWRURlRpLUV0YXl0di1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEATwdp2QH0lwa0
OHvcy2nejUoDkoiny8kZaeGXnxcptb2XJBoEs92Fdza7tH+PuXeeEYMMva+rd249
KMaekGB71MxHOVKtmtpFjWKIxOdumwXOdHD267XysSFU9OdJjg6fR7SXa/Mb9L5G
R80yz7p9EYEYck/3c0GbF4ZXpap50oIc1wK5l2PViubacPaCnYOLsgDgskF9xtJw
+KxWPwYIiXzJhE9dFEWQChotI9pfAND9c3jpz76nGXrrY1hn00jCRbUJrKzv/w+x
knRZmn9Ry5x9b8tn1527Jix35T6yOD2JJeYYPZ48RM0WykrfgvVwL85sYD8PkRih
SBzbDVEQQA==
-----END CERTIFICATE-----
Generated at Mon Jun 16 09:05:18 2025 by rpki-client