Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/OTv0ZD56ViB4opegpsE7TWjzVsM.roa
File: OTv0ZD56ViB4opegpsE7TWjzVsM.roa (raw, json)
Hash identifier: kjmQPzgzIUsuQagZzCz91ANiYVe/prNqMpgT9rNooSk=
Subject key identifier: 39:3B:F4:64:3E:7A:56:20:78:A2:97:A0:A6:C1:3B:4D:68:F3:56:C3
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019757D4DF0C9513E95C4E6B5CCB181FC97C
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/OTv0ZD56ViB4opegpsE7TWjzVsM.roa
Signing time: Tue 10 Jun 2025 03:14:17 +0000
ROA not before: Tue 10 Jun 2025 03:14:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:57:d4:df:0c:95:13:e9:5c:4e:6b:5c:cb:18:1f:c9:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 10 03:14:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=393bf4643e7a562078a297a0a6c13b4d68f356c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:8c:7a:37:08:5f:a4:e8:2b:13:c3:a7:a9:eb:
3d:f5:d9:2e:d4:8f:41:49:60:bd:35:76:ea:76:3f:
2f:5b:7d:54:20:f2:19:b9:02:0b:ef:4f:f0:e1:55:
09:ab:a0:e4:f2:10:ce:2e:be:53:07:5b:6c:63:99:
c1:d8:ca:43:b5:e2:80:bf:40:cd:da:99:d3:12:46:
ec:fd:3b:d7:95:6e:32:85:07:67:59:d3:12:5f:9a:
17:7f:65:44:fc:ba:83:ce:ae:a8:fd:2b:83:0c:93:
e0:92:e6:55:7a:05:df:ac:11:fa:aa:73:be:a1:9e:
f2:6c:fe:61:1e:04:e9:37:ed:da:8d:c0:8b:23:85:
71:31:51:f9:64:db:8f:5a:16:21:02:7b:27:41:85:
4d:ce:a8:8f:60:43:2c:dd:98:67:03:99:24:c3:9e:
3a:95:b6:35:3a:9c:63:04:80:d4:a5:ff:84:ab:3c:
4a:0b:57:a6:c9:16:a2:fe:47:58:b7:bc:6b:04:91:
d7:a8:73:18:5f:f4:68:b5:bb:9d:63:d8:51:ca:a8:
ea:47:ce:3c:35:cf:b2:b2:3a:e2:38:88:52:d0:71:
2b:ae:c6:8c:00:17:be:bd:f7:b0:d2:1d:39:94:5b:
f5:35:dd:da:16:1d:67:b4:2f:92:2e:67:62:76:71:
32:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:3B:F4:64:3E:7A:56:20:78:A2:97:A0:A6:C1:3B:4D:68:F3:56:C3
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/OTv0ZD56ViB4opegpsE7TWjzVsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
41:d8:da:79:06:8c:86:ae:da:63:f1:2d:3d:2d:a2:25:59:ed:
14:5c:e8:9b:55:e8:33:3b:e0:54:d3:1e:e7:c6:ec:0d:35:dc:
46:ab:92:40:92:3b:f0:bc:6f:6d:e3:7f:2d:ec:ad:ac:72:a3:
d5:5f:3a:ea:b7:02:e6:14:ad:2f:5c:3c:ae:50:c9:aa:4a:0c:
34:2b:7a:a9:f3:8f:40:8a:5f:fe:cf:3f:ae:34:b5:4e:2e:b3:
f8:14:16:08:70:92:fb:da:d9:e4:68:26:a8:2b:cc:08:76:93:
20:2a:fd:78:fc:7c:b2:3d:a1:f5:6a:b0:0e:54:2d:87:3d:53:
29:2d:1e:bd:00:49:a3:22:f9:34:f4:e7:95:a8:fe:34:e0:1a:
41:e9:d5:d1:94:e8:51:d8:94:6e:21:1e:b2:15:08:7f:f1:ac:
88:03:cd:69:3c:41:74:b8:5d:dd:36:51:5a:f7:8d:f6:83:f9:
7b:e9:bc:63:e8:8a:9f:36:3d:e5:be:09:a7:ce:80:6e:02:bc:
1e:83:43:db:6f:d0:d2:31:7e:69:41:50:39:df:60:bb:7e:ce:
e4:b0:12:3d:88:a7:04:68:18:e4:11:23:a5:39:57:6a:73:9d:
20:f4:2a:9b:82:40:48:4f:51:18:58:af:69:43:68:2c:7c:4f:
a5:d4:4f:65
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdX1N8MlRPpXE5rXMsYH8l8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjEwMDMxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTNiZjQ2NDNlN2E1NjIwNzhhMjk3YTBhNmMxM2I0ZDY4ZjM1NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArox6NwhfpOgrE8Onqes99dku1I9B
SWC9NXbqdj8vW31UIPIZuQIL70/w4VUJq6Dk8hDOLr5TB1tsY5nB2MpDteKAv0DN
2pnTEkbs/TvXlW4yhQdnWdMSX5oXf2VE/LqDzq6o/SuDDJPgkuZVegXfrBH6qnO+
oZ7ybP5hHgTpN+3ajcCLI4VxMVH5ZNuPWhYhAnsnQYVNzqiPYEMs3ZhnA5kkw546
lbY1OpxjBIDUpf+EqzxKC1emyRai/kdYt7xrBJHXqHMYX/RotbudY9hRyqjqR848
Nc+ysjriOIhS0HErrsaMABe+vfew0h05lFv1Nd3aFh1ntC+SLmdidnEyYQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFDk79GQ+elYgeKKXoKbBO01o81bDMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvT1R2MFpENTZWaUI0b3BlZ3BzRTdUV2p6VnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAQdjaeQaMhq7a
Y/EtPS2iJVntFFzom1XoMzvgVNMe58bsDTXcRquSQJI78LxvbeN/LeytrHKj1V86
6rcC5hStL1w8rlDJqkoMNCt6qfOPQIpf/s8/rjS1Ti6z+BQWCHCS+9rZ5GgmqCvM
CHaTICr9ePx8sj2h9WqwDlQthz1TKS0evQBJoyL5NPTnlaj+NOAaQenV0ZToUdiU
biEeshUIf/GsiAPNaTxBdLhd3TZRWveN9oP5e+m8Y+iKnzY95b4Jp86AbgK8HoND
22/Q0jF+aUFQOd9gu37O5LASPYinBGgY5BEjpTlXanOdIPQqm4JASE9RGFivaUNo
LHxPpdRPZQ==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:04:51 2025 by rpki-client