Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/n99NP8RtAiHpXMh40YAL0A0z4mE.roa
File: n99NP8RtAiHpXMh40YAL0A0z4mE.roa (raw, json)
Hash identifier: /e4eAorafeGslX/SC1fqJCKeufakFQrhzUyefDUF8ac=
Subject key identifier: 9F:DF:4D:3F:C4:6D:02:21:E9:5C:C8:78:D1:80:0B:D0:0D:33:E2:61
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019752ACAE681A28B4EF965377EEF6032D41
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/n99NP8RtAiHpXMh40YAL0A0z4mE.roa
Signing time: Mon 09 Jun 2025 03:12:17 +0000
ROA not before: Mon 09 Jun 2025 03:12:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:52:ac:ae:68:1a:28:b4:ef:96:53:77:ee:f6:03:2d:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 9 03:12:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9fdf4d3fc46d0221e95cc878d1800bd00d33e261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a7:e7:14:a4:fb:fd:01:80:4e:9b:9a:0c:ff:
02:45:03:7d:c0:bd:f6:1e:63:0d:3c:b1:04:33:de:
25:74:df:fe:8c:65:9f:84:5c:f6:83:03:b0:23:6c:
75:f7:0d:0e:c1:e1:2c:c2:99:2b:3e:1f:52:ce:c8:
c6:37:c0:b0:93:d1:dd:f3:f6:4e:08:c4:6f:c2:37:
83:61:7d:84:3f:5b:b9:f5:8c:21:47:0c:8b:8d:56:
28:c6:3a:1e:ec:b1:d4:55:30:53:27:cf:e0:a1:38:
6f:50:05:c1:80:c2:d2:03:7e:79:18:32:13:90:2f:
16:8b:58:2b:cb:69:f5:12:d4:43:8c:56:c9:eb:f1:
f2:96:82:11:d9:10:86:bd:d7:b3:a0:79:5e:09:55:
93:3e:d9:52:d9:3f:4e:fd:36:75:c0:d4:5e:4f:3e:
5b:d2:ab:b8:72:50:f2:b6:23:77:98:e1:b2:66:cc:
9c:09:50:b7:95:b1:b2:38:06:3d:fe:24:eb:5a:5a:
53:04:cb:9b:68:b1:a1:74:78:11:23:9d:17:11:d0:
72:a8:17:0b:6f:59:6c:35:fd:e2:28:ef:01:1e:40:
bc:19:2c:f9:25:51:c4:dc:dd:90:5e:b7:97:dd:f3:
66:41:26:99:38:87:c7:62:2c:6d:6e:ab:41:34:66:
6f:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:DF:4D:3F:C4:6D:02:21:E9:5C:C8:78:D1:80:0B:D0:0D:33:E2:61
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/n99NP8RtAiHpXMh40YAL0A0z4mE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
0b:e4:d5:49:15:b3:9f:e3:85:da:18:8e:35:fd:e7:92:d1:80:
45:fd:99:d6:2b:36:86:f7:89:12:89:9f:02:0c:f8:34:0c:77:
12:ca:09:1b:5d:e9:35:f4:ee:51:69:c5:a6:c7:12:50:c5:90:
60:c0:e5:a8:20:8e:04:83:e3:8c:2a:95:f7:e5:5f:ee:67:22:
1f:8d:db:3c:62:e7:5f:ac:35:a6:58:8a:5b:82:f7:9e:d1:66:
7c:ae:33:ec:bd:20:e8:21:e7:71:98:4e:41:a2:1d:b0:bd:dd:
84:2b:da:46:d6:f5:69:24:ba:a1:4f:69:41:ba:31:6f:bf:5a:
fa:ab:c2:41:a6:5d:1c:6a:07:aa:14:e4:93:b3:e6:b6:74:f5:
c3:af:0f:b0:22:0a:d3:26:d2:9f:3f:7f:35:9d:18:26:28:16:
5a:66:4d:0b:53:d8:e0:71:e3:59:27:d1:1e:2b:13:e6:78:81:
b7:85:4b:08:ca:15:18:5c:54:81:72:9f:8d:0b:93:42:7a:94:
05:0e:6e:8c:28:59:ba:df:cc:b1:b0:fe:ef:84:62:df:93:e9:
46:3b:4a:dd:12:e8:aa:35:3f:b4:10:c5:8c:82:9a:d9:2e:6d:
74:d0:c8:de:37:c9:0b:b1:5f:bf:20:ef:00:a8:fe:d2:54:3b:
35:f2:e5:03
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdSrK5oGii075ZTd+72Ay1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA5MDMxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRmNGQzZmM0NmQwMjIxZTk1Y2M4NzhkMTgwMGJkMDBkMzNlMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqfnFKT7/QGATpuaDP8CRQN9wL32
HmMNPLEEM94ldN/+jGWfhFz2gwOwI2x19w0OweEswpkrPh9SzsjGN8Cwk9Hd8/ZO
CMRvwjeDYX2EP1u59YwhRwyLjVYoxjoe7LHUVTBTJ8/goThvUAXBgMLSA355GDIT
kC8Wi1gry2n1EtRDjFbJ6/HyloIR2RCGvdezoHleCVWTPtlS2T9O/TZ1wNReTz5b
0qu4clDytiN3mOGyZsycCVC3lbGyOAY9/iTrWlpTBMubaLGhdHgRI50XEdByqBcL
b1lsNf3iKO8BHkC8GSz5JVHE3N2QXreX3fNmQSaZOIfHYixtbqtBNGZvKQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJ/fTT/EbQIh6VzIeNGAC9ANM+JhMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvbjk5TlA4UnRBaUhwWE1oNDBZQUwwQTB6NG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAC+TVSRWzn+OF
2hiONf3nktGARf2Z1is2hveJEomfAgz4NAx3EsoJG13pNfTuUWnFpscSUMWQYMDl
qCCOBIPjjCqV9+Vf7mciH43bPGLnX6w1pliKW4L3ntFmfK4z7L0g6CHncZhOQaId
sL3dhCvaRtb1aSS6oU9pQboxb79a+qvCQaZdHGoHqhTkk7PmtnT1w68PsCIK0ybS
nz9/NZ0YJigWWmZNC1PY4HHjWSfRHisT5niBt4VLCMoVGFxUgXKfjQuTQnqUBQ5u
jChZut/MsbD+74Ri35PpRjtK3RLoqjU/tBDFjIKa2S5tdNDI3jfJC7FfvyDvAKj+
0lQ7NfLlAw==
-----END CERTIFICATE-----
Generated at Mon Jun 16 18:04:48 2025 by rpki-client