Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/iY8GNxYbyZacuTAySPHwSGF9Rcs.roa
File: iY8GNxYbyZacuTAySPHwSGF9Rcs.roa (raw, json)
Hash identifier: O0xZT4prYOGofVckIhEsXd2oz78kRVSpg89sA6lnI9E=
Subject key identifier: 89:8F:06:37:16:1B:C9:96:9C:B9:30:32:48:F1:F0:48:61:7D:45:CB
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01974FABA28435B8F95A83585D68EF4CED5D
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/iY8GNxYbyZacuTAySPHwSGF9Rcs.roa
Signing time: Sun 08 Jun 2025 13:12:17 +0000
ROA not before: Sun 08 Jun 2025 13:12:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:4f:ab:a2:84:35:b8:f9:5a:83:58:5d:68:ef:4c:ed:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 8 13:12:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=898f0637161bc9969cb9303248f1f048617d45cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f9:09:5f:5e:18:d9:1a:9b:46:8f:8c:eb:cd:c7:
be:82:2d:0a:f6:5b:f1:d6:c9:d7:33:29:2e:39:f3:
dd:5e:ec:67:27:2b:e4:13:01:49:d9:58:7b:e3:43:
cf:1c:76:58:06:9a:2f:f8:ec:63:5c:5c:8f:3c:af:
66:60:5d:87:e1:dd:6a:c8:58:1e:40:a4:bb:99:bc:
d4:5d:d5:6e:17:23:4a:f3:f4:3c:5a:55:58:26:6f:
c5:b1:fd:20:ec:01:75:0c:80:76:85:bd:27:6d:c4:
4e:99:bb:9c:14:a8:a9:ac:9c:3c:e4:8b:7b:a0:9c:
8d:3f:1d:f7:a6:07:15:cb:04:9c:b6:a2:45:f6:61:
99:e6:9b:a2:75:77:cc:bb:6d:be:cb:29:c7:af:29:
47:53:8a:d5:e9:9d:2a:bd:9c:26:e8:5b:ef:0d:3a:
d2:fe:f8:f4:95:a8:12:ae:68:c1:c3:bb:5a:99:5e:
5b:d6:55:92:94:a7:85:25:46:8c:8d:5c:50:64:bd:
81:df:2c:91:92:d8:3b:bb:bc:17:93:c4:be:38:45:
0c:1d:10:d5:87:ee:6e:19:7d:ab:cd:78:34:57:4a:
39:68:32:77:30:d0:25:21:31:ec:54:ba:46:35:03:
db:38:64:a1:b3:30:61:4d:41:aa:bb:ae:83:40:1f:
49:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:8F:06:37:16:1B:C9:96:9C:B9:30:32:48:F1:F0:48:61:7D:45:CB
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/iY8GNxYbyZacuTAySPHwSGF9Rcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
57:d2:f4:06:95:6e:22:26:ec:7f:d9:8f:ae:df:fd:36:1d:40:
7b:b8:22:e5:f1:e4:61:96:3b:c9:da:6e:c8:e1:01:5f:3e:52:
95:a8:44:6b:ac:55:c2:65:1b:e9:34:27:96:1d:b0:1d:93:22:
1a:5a:9a:a0:f8:b4:1c:d5:55:b2:37:05:b2:c6:4e:0f:fc:07:
81:ad:1f:71:ab:39:fa:a9:eb:69:5e:6e:16:a8:8b:e4:d9:b6:
91:d2:e0:f5:0f:90:4d:e8:e4:d9:b2:2e:fa:dc:cc:50:86:b5:
67:c8:8f:d3:30:e0:4b:ea:3a:4e:e3:49:73:43:22:64:32:fb:
0b:db:56:8b:cd:ea:24:67:1d:76:30:02:69:f9:c3:c5:96:ab:
f0:95:f0:5f:72:4c:5d:6e:ac:1e:52:ce:64:62:a4:4d:d3:d9:
15:00:75:d8:ec:5c:e9:3b:9e:5d:4c:4c:2e:d7:f8:6a:f2:29:
db:8d:7d:fe:dc:7a:5e:cd:80:e7:60:53:cd:a1:4e:c8:81:c0:
90:27:91:18:19:5d:07:b2:4b:53:7b:ba:54:97:ca:b3:a3:a9:
c7:cb:3e:44:98:6f:05:8e:3e:ee:d7:1d:17:87:21:c3:86:08:
4c:59:a6:16:3a:12:a1:bd:6a:b0:86:00:76:ae:71:4f:78:b0:
8f:1f:a9:4e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdPq6KENbj5WoNYXWjvTO1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA4MTMxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThmMDYzNzE2MWJjOTk2OWNiOTMwMzI0OGYxZjA0ODYxN2Q0NWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+QlfXhjZGptGj4zrzce+gi0K9lvx
1snXMykuOfPdXuxnJyvkEwFJ2Vh740PPHHZYBpov+OxjXFyPPK9mYF2H4d1qyFge
QKS7mbzUXdVuFyNK8/Q8WlVYJm/Fsf0g7AF1DIB2hb0nbcROmbucFKiprJw85It7
oJyNPx33pgcVywSctqJF9mGZ5puidXfMu22+yynHrylHU4rV6Z0qvZwm6FvvDTrS
/vj0lagSrmjBw7tamV5b1lWSlKeFJUaMjVxQZL2B3yyRktg7u7wXk8S+OEUMHRDV
h+5uGX2rzXg0V0o5aDJ3MNAlITHsVLpGNQPbOGShszBhTUGqu66DQB9JbwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFImPBjcWG8mWnLkwMkjx8EhhfUXLMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvaVk4R054WWJ5WmFjdVRBeVNQSHdTR0Y5UmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAV9L0BpVuIibs
f9mPrt/9Nh1Ae7gi5fHkYZY7ydpuyOEBXz5SlahEa6xVwmUb6TQnlh2wHZMiGlqa
oPi0HNVVsjcFssZOD/wHga0fcas5+qnraV5uFqiL5Nm2kdLg9Q+QTejk2bIu+tzM
UIa1Z8iP0zDgS+o6TuNJc0MiZDL7C9tWi83qJGcddjACafnDxZar8JXwX3JMXW6s
HlLOZGKkTdPZFQB12Oxc6TueXUxMLtf4avIp2419/tx6Xs2A52BTzaFOyIHAkCeR
GBldB7JLU3u6VJfKs6Opx8s+RJhvBY4+7tcdF4chw4YITFmmFjoSob1qsIYAdq5x
T3iwjx+pTg==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:23:20 2025 by rpki-client