Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rKznJCDWDvaxjhGixdWuBtcrkew.roa
File: rKznJCDWDvaxjhGixdWuBtcrkew.roa (raw, json)
Hash identifier: ZB2YyyhcwO9vBOB8zC1fDLIjlp5ckKehhGoLvC5GCnQ=
Subject key identifier: AC:AC:E7:24:20:D6:0E:F6:B1:8E:11:A2:C5:D5:AE:06:D7:2B:91:EC
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01974B98D9FBABC811E8CD2E8CAD983D43C1
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rKznJCDWDvaxjhGixdWuBtcrkew.roa
Signing time: Sat 07 Jun 2025 18:13:17 +0000
ROA not before: Sat 07 Jun 2025 18:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:4b:98:d9:fb:ab:c8:11:e8:cd:2e:8c:ad:98:3d:43:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 7 18:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=acace72420d60ef6b18e11a2c5d5ae06d72b91ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:ec:eb:e0:78:4b:02:9e:fd:b2:d5:10:b0:76:
45:0e:35:bd:af:c9:1f:16:17:7e:ee:78:63:a9:8c:
82:73:27:6e:2d:ba:40:52:00:b1:69:05:47:bb:9a:
ad:d6:a9:07:80:3b:8a:04:13:c2:18:6e:7d:e6:4c:
da:01:3f:d6:20:5a:86:4b:e9:cb:1f:14:97:eb:8e:
6f:0b:2e:99:0c:a6:b7:a1:87:c1:dd:dc:98:45:01:
ba:34:4d:51:60:f2:28:76:c4:8f:36:f9:b3:5e:07:
c3:bd:e2:1b:ee:f4:be:de:2e:8a:02:c3:4e:2d:56:
92:4e:f1:e4:e6:63:f5:18:9c:6e:51:d8:5a:7d:07:
57:31:60:9a:1c:45:d7:46:97:1a:cd:ca:66:cb:09:
23:10:4f:39:99:20:2e:b1:ab:9e:de:01:30:7a:81:
e8:23:b0:88:f8:cf:a9:4e:63:91:96:a3:fe:80:e9:
5a:db:da:e5:bc:be:3d:cd:7d:86:8a:69:c7:5d:45:
2d:89:6a:3a:c5:8a:bd:55:73:08:86:72:e1:65:61:
d5:cc:40:dc:f3:b6:a1:ea:76:a9:5b:ad:d4:c8:2b:
2f:2e:13:00:c9:f9:7f:a7:6d:47:05:6e:f9:1d:e3:
27:31:c6:0d:4b:a8:72:35:2f:54:14:ce:bd:6c:9d:
f4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:AC:E7:24:20:D6:0E:F6:B1:8E:11:A2:C5:D5:AE:06:D7:2B:91:EC
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rKznJCDWDvaxjhGixdWuBtcrkew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
12:03:1f:cb:ec:59:92:6b:69:a4:65:7a:17:4f:16:95:3e:1f:
90:f6:28:e1:bc:57:49:b7:6d:30:61:c9:a6:d7:c8:ee:37:58:
81:3c:5b:d8:39:3a:ec:9e:72:37:d9:ef:4c:6a:04:70:95:2a:
f2:fc:d1:b6:35:f8:30:b9:08:28:9c:a5:f5:49:32:34:13:7c:
6a:fe:35:04:37:f0:36:9b:e0:73:75:3d:c8:42:95:26:51:c8:
4d:8e:b8:43:af:b5:19:76:23:96:8e:b2:6e:22:c0:c6:7a:fc:
46:ea:ca:7e:8d:b0:37:b9:c9:0e:9b:dd:da:9f:28:55:d0:61:
fe:98:c2:65:b4:1d:f5:27:d1:69:1f:bb:b6:af:51:1e:54:6b:
7e:f3:a8:1a:a6:95:23:f1:e8:4a:97:66:5b:b4:fc:b5:1e:c6:
49:77:61:79:20:f5:1f:8c:91:49:8b:93:76:8f:35:f3:06:f2:
c1:56:1b:a0:46:9b:75:cd:bf:cd:0c:4a:a1:44:5f:35:4b:7c:
86:a0:2c:fc:80:7c:c6:0e:14:c8:24:e7:d9:5c:a0:5e:74:4e:
0a:d1:67:90:67:e8:e9:d1:e2:64:78:ee:4a:82:cc:6a:0b:17:
d8:e2:40:54:47:11:90:87:60:85:7a:bb:0c:82:88:3a:68:9e:
ef:50:c8:5d
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdLmNn7q8gR6M0ujK2YPUPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA3MTgxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FjZTcyNDIwZDYwZWY2YjE4ZTExYTJjNWQ1YWUwNmQ3MmI5MWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ozr4HhLAp79stUQsHZFDjW9r8kf
Fhd+7nhjqYyCcyduLbpAUgCxaQVHu5qt1qkHgDuKBBPCGG595kzaAT/WIFqGS+nL
HxSX645vCy6ZDKa3oYfB3dyYRQG6NE1RYPIodsSPNvmzXgfDveIb7vS+3i6KAsNO
LVaSTvHk5mP1GJxuUdhafQdXMWCaHEXXRpcazcpmywkjEE85mSAusaue3gEweoHo
I7CI+M+pTmORlqP+gOla29rlvL49zX2GimnHXUUtiWo6xYq9VXMIhnLhZWHVzEDc
87ah6napW63UyCsvLhMAyfl/p21HBW75HeMnMcYNS6hyNS9UFM69bJ30QQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKys5yQg1g72sY4RosXVrgbXK5HsMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvckt6bkpDRFdEdmF4amhHaXhkV3VCdGNya2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAEgMfy+xZkmtp
pGV6F08WlT4fkPYo4bxXSbdtMGHJptfI7jdYgTxb2Dk67J5yN9nvTGoEcJUq8vzR
tjX4MLkIKJyl9UkyNBN8av41BDfwNpvgc3U9yEKVJlHITY64Q6+1GXYjlo6ybiLA
xnr8RurKfo2wN7nJDpvd2p8oVdBh/pjCZbQd9SfRaR+7tq9RHlRrfvOoGqaVI/Ho
SpdmW7T8tR7GSXdheSD1H4yRSYuTdo818wbywVYboEabdc2/zQxKoURfNUt8hqAs
/IB8xg4UyCTn2VygXnROCtFnkGfo6dHiZHjuSoLMagsX2OJAVEcRkIdghXq7DIKI
Omie71DIXQ==
-----END CERTIFICATE-----
Generated at Mon Jun 16 12:30:08 2025 by rpki-client