Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/wkArC96yo08vxHpnFGHKynt-xcQ.roa
File: wkArC96yo08vxHpnFGHKynt-xcQ.roa (raw, json)
Hash identifier: t8OjZtLGd9krWnWruVhsRfsaaMqcL7GKh0Th8ZWBACM=
Subject key identifier: C2:40:2B:0B:DE:B2:A3:4F:2F:C4:7A:67:14:61:CA:CA:7B:7E:C5:C4
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019755789EE3D256CACC9DAC9F67A48FF878
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/wkArC96yo08vxHpnFGHKynt-xcQ.roa
Signing time: Mon 09 Jun 2025 16:14:17 +0000
ROA not before: Mon 09 Jun 2025 16:14:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:55:78:9e:e3:d2:56:ca:cc:9d:ac:9f:67:a4:8f:f8:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 9 16:14:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c2402b0bdeb2a34f2fc47a671461caca7b7ec5c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:99:74:6d:8d:f8:16:38:69:c0:04:f5:00:50:
46:2c:ce:25:65:52:c6:ea:4b:67:a8:38:6c:f5:fd:
61:64:fb:78:e2:53:af:b1:74:53:a1:36:2c:27:ca:
57:39:4b:8c:7a:f2:16:5f:72:7d:22:b7:ee:da:5e:
b2:01:51:e7:54:bd:5a:a2:15:1c:6b:37:6f:fe:72:
78:b0:96:69:dc:b1:e2:f6:5f:f2:f6:c0:57:e0:9f:
09:c8:0a:80:16:0a:3b:c8:1b:08:fa:7d:c2:da:7c:
22:c3:21:9b:96:6d:7a:35:7f:b5:3a:c1:94:aa:98:
72:01:54:bd:8d:69:bf:73:0a:04:c3:cd:90:73:d7:
c4:db:41:e6:ed:b5:31:58:e5:19:89:3c:43:22:4d:
ba:ac:63:c5:99:25:d9:8c:5f:9b:28:e1:23:7d:16:
23:84:64:30:16:a5:6c:be:57:95:0a:75:5c:ea:bc:
34:dc:eb:55:bd:c4:bb:dd:d3:be:7e:ac:fd:7a:d0:
95:f3:55:fa:de:31:6a:d6:91:b3:5d:21:e6:f0:70:
1e:f1:2a:59:fb:ab:63:af:4c:f0:d8:0a:7e:32:14:
29:4a:c4:8d:0d:c7:30:ce:94:79:38:06:f8:0a:50:
c1:9c:e8:95:d7:81:dd:12:f4:66:3b:b0:21:80:f6:
5d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:40:2B:0B:DE:B2:A3:4F:2F:C4:7A:67:14:61:CA:CA:7B:7E:C5:C4
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/wkArC96yo08vxHpnFGHKynt-xcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
4d:81:60:a4:58:e6:fb:b8:fc:d5:10:2c:5e:22:a1:70:7e:40:
66:c0:bd:73:b6:d7:8f:f0:a9:8f:37:0d:9c:16:a3:e4:36:40:
f8:fe:ac:cb:af:91:f4:7a:25:8e:54:aa:c3:a2:3e:b0:d6:26:
e7:eb:2d:1a:e1:57:8c:6b:ca:6a:85:2b:d8:28:8c:96:ae:bc:
1b:75:0d:44:85:95:28:72:d5:84:c0:81:bf:9a:25:cf:97:59:
5f:18:f7:0f:8d:c1:91:c7:48:2d:5d:a4:36:fd:26:2f:6e:c2:
e6:a8:e4:5f:04:b5:a2:36:47:33:6a:7b:5f:2f:ac:90:f0:38:
f2:b9:eb:b7:b3:da:2c:28:fc:8a:9c:45:75:c0:e4:1e:65:cf:
fe:ed:8f:ce:0e:8c:0e:2d:88:cc:a9:8c:6f:8e:b7:16:be:1b:
f8:64:28:fa:df:33:e5:17:3d:29:2e:65:63:93:1e:25:04:0e:
48:3c:89:73:e1:c7:61:e7:d8:0c:93:1c:0b:29:bf:4c:a1:19:
d3:92:44:72:c0:af:b0:89:4f:d6:48:3e:87:ab:7b:d8:b6:8e:
29:d0:61:6a:8c:9f:0d:d1:9b:26:46:47:3c:80:d5:9c:66:3d:
5b:99:90:69:93:e9:7d:fb:d3:4a:bc:c3:5a:ba:01:59:05:cb:
85:83:b5:21
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdVeJ7j0lbKzJ2sn2ekj/h4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA5MTYxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQwMmIwYmRlYjJhMzRmMmZjNDdhNjcxNDYxY2FjYTdiN2VjNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5l0bY34FjhpwAT1AFBGLM4lZVLG
6ktnqDhs9f1hZPt44lOvsXRToTYsJ8pXOUuMevIWX3J9Irfu2l6yAVHnVL1aohUc
azdv/nJ4sJZp3LHi9l/y9sBX4J8JyAqAFgo7yBsI+n3C2nwiwyGblm16NX+1OsGU
qphyAVS9jWm/cwoEw82Qc9fE20Hm7bUxWOUZiTxDIk26rGPFmSXZjF+bKOEjfRYj
hGQwFqVsvleVCnVc6rw03OtVvcS73dO+fqz9etCV81X63jFq1pGzXSHm8HAe8SpZ
+6tjr0zw2Ap+MhQpSsSNDccwzpR5OAb4ClDBnOiV14HdEvRmO7AhgPZdJwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMJAKwvesqNPL8R6ZxRhysp7fsXEMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvd2tBckM5NnlvMDh2eEhwbkZHSEt5bnQteGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEATYFgpFjm+7j8
1RAsXiKhcH5AZsC9c7bXj/CpjzcNnBaj5DZA+P6sy6+R9HoljlSqw6I+sNYm5+st
GuFXjGvKaoUr2CiMlq68G3UNRIWVKHLVhMCBv5olz5dZXxj3D43BkcdILV2kNv0m
L27C5qjkXwS1ojZHM2p7Xy+skPA48rnrt7PaLCj8ipxFdcDkHmXP/u2Pzg6MDi2I
zKmMb463Fr4b+GQo+t8z5Rc9KS5lY5MeJQQOSDyJc+HHYefYDJMcCym/TKEZ05JE
csCvsIlP1kg+h6t72LaOKdBhaoyfDdGbJkZHPIDVnGY9W5mQaZPpffvTSrzDWroB
WQXLhYO1IQ==
-----END CERTIFICATE-----
Generated at Mon Jun 16 03:24:16 2025 by rpki-client