Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rSW1_M17ogfSldoCueZtnZw9d68.roa
File: rSW1_M17ogfSldoCueZtnZw9d68.roa (raw, json)
Hash identifier: EfcpTtfWCA3IWSQQ3EUduwxc8UINNHFNNFT+R8ZhrFA=
Subject key identifier: AD:25:B5:FC:CD:7B:A2:07:D2:95:DA:02:B9:E6:6D:9D:9C:3D:77:AF
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01974F07C1FA5BD22FBA5D25913E3876709E
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rSW1_M17ogfSldoCueZtnZw9d68.roa
Signing time: Sun 08 Jun 2025 10:13:17 +0000
ROA not before: Sun 08 Jun 2025 10:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:4f:07:c1:fa:5b:d2:2f:ba:5d:25:91:3e:38:76:70:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 8 10:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ad25b5fccd7ba207d295da02b9e66d9d9c3d77af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e5:70:3f:bb:87:fe:9a:58:76:f2:a2:fa:6d:
4e:82:27:b4:3f:84:e0:23:ca:4c:7d:4b:0f:e5:24:
f3:f6:3f:d8:7c:53:d5:f6:c0:6a:d0:92:7c:19:97:
04:a1:a0:84:be:de:67:75:13:12:bb:fa:fe:ed:1c:
bf:4b:ef:88:16:aa:40:9b:87:11:f5:89:c2:7d:3e:
79:ec:34:6d:0c:66:bf:1c:a6:ac:da:95:3f:31:b6:
68:69:fb:6c:a4:20:57:5d:9a:94:d2:cd:54:01:d7:
05:44:d3:80:1b:8d:9a:8f:02:72:8d:a1:75:f8:e7:
6c:1d:ac:d7:e1:e8:d1:14:3e:f2:bb:da:06:12:99:
b0:1c:a1:d7:90:ae:77:6a:7a:ef:21:ef:ce:ff:d3:
fc:86:b8:d3:ef:0f:9a:d9:86:56:b4:5f:ac:34:ad:
84:ef:58:84:d0:94:a1:5d:31:a5:28:6e:86:a7:07:
74:3a:1e:6c:39:e6:47:4e:1d:20:46:ff:c6:43:33:
be:f7:b2:4d:d2:29:a4:2c:3d:c9:4d:51:8e:28:4e:
57:ee:d8:33:79:22:0a:d4:3f:e9:b4:0c:5a:cd:c6:
6f:67:72:21:17:4c:8e:68:37:10:a5:6f:15:d9:d8:
1c:15:24:c7:cf:0a:b1:82:60:f2:e0:0d:7f:41:1b:
e9:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:25:B5:FC:CD:7B:A2:07:D2:95:DA:02:B9:E6:6D:9D:9C:3D:77:AF
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/rSW1_M17ogfSldoCueZtnZw9d68.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
61:7f:c6:20:a1:91:f9:aa:8e:90:5e:3e:3d:00:1a:92:a8:53:
7b:a6:19:a9:ed:1c:f3:64:de:27:40:7b:32:7e:a3:d9:4f:04:
b3:65:95:8f:23:03:09:43:91:a3:3e:e8:c5:79:67:20:53:8b:
0b:78:cd:35:f3:b7:2b:8f:eb:89:12:6b:ca:84:3f:34:13:f0:
18:7c:9d:71:a1:05:24:9d:20:59:98:4d:1a:96:59:83:a7:9a:
0f:12:03:d4:c1:a0:a6:a4:37:82:41:12:a0:19:89:95:64:bd:
5c:70:af:cb:d6:ae:53:b4:33:fd:10:82:4b:14:9a:59:41:37:
c2:12:3f:8b:5b:b6:5c:1b:f8:6d:a9:31:a4:7e:ae:79:a0:86:
91:86:f7:da:57:89:ec:eb:53:6d:5e:bc:56:e7:c8:eb:fc:b3:
37:98:73:99:00:4d:9b:cf:e2:fb:cb:67:9f:dd:83:0e:1d:fa:
ed:96:1c:56:38:0e:af:bc:11:e7:28:6b:5c:6d:ae:e6:6f:3f:
20:ca:f8:96:54:d2:ff:fa:f2:90:a9:54:7c:a3:4c:21:ff:fa:
db:04:3d:29:25:2d:42:85:57:be:4a:c9:28:98:cb:e2:5f:eb:
0f:61:f9:31:17:14:4f:98:89:17:54:d2:10:cc:b9:29:3d:db:
44:27:de:5e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdPB8H6W9Ivul0lkT44dnCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA4MTAxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDI1YjVmY2NkN2JhMjA3ZDI5NWRhMDJiOWU2NmQ5ZDljM2Q3N2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweVwP7uH/ppYdvKi+m1Ogie0P4Tg
I8pMfUsP5STz9j/YfFPV9sBq0JJ8GZcEoaCEvt5ndRMSu/r+7Ry/S++IFqpAm4cR
9YnCfT557DRtDGa/HKas2pU/MbZoaftspCBXXZqU0s1UAdcFRNOAG42ajwJyjaF1
+OdsHazX4ejRFD7yu9oGEpmwHKHXkK53anrvIe/O/9P8hrjT7w+a2YZWtF+sNK2E
71iE0JShXTGlKG6Gpwd0Oh5sOeZHTh0gRv/GQzO+97JN0imkLD3JTVGOKE5X7tgz
eSIK1D/ptAxazcZvZ3IhF0yOaDcQpW8V2dgcFSTHzwqxgmDy4A1/QRvp+QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFK0ltfzNe6IH0pXaArnmbZ2cPXevMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvclNXMV9NMTdvZ2ZTbGRvQ3VlWnRuWnc5ZDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAYX/GIKGR+aqO
kF4+PQAakqhTe6YZqe0c82TeJ0B7Mn6j2U8Es2WVjyMDCUORoz7oxXlnIFOLC3jN
NfO3K4/riRJryoQ/NBPwGHydcaEFJJ0gWZhNGpZZg6eaDxID1MGgpqQ3gkESoBmJ
lWS9XHCvy9auU7Qz/RCCSxSaWUE3whI/i1u2XBv4bakxpH6ueaCGkYb32leJ7OtT
bV68VufI6/yzN5hzmQBNm8/i+8tnn92DDh367ZYcVjgOr7wR5yhrXG2u5m8/IMr4
llTS//rykKlUfKNMIf/62wQ9KSUtQoVXvkrJKJjL4l/rD2H5MRcUT5iJF1TSEMy5
KT3bRCfeXg==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:17:45 2025 by rpki-client