Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yaH_BwkZuy0LcyxZcyHjJ0IHGas.roa
File: yaH_BwkZuy0LcyxZcyHjJ0IHGas.roa (raw, json)
Hash identifier: DbYskGCPXczCzPU11/XpomrgGfvs6/i6K3P277/brTM=
Subject key identifier: C9:A1:FF:07:09:19:BB:2D:0B:73:2C:59:73:21:E3:27:42:07:19:AB
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 0197414A4E48D93A7FA87E7FE74951F14BB2
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yaH_BwkZuy0LcyxZcyHjJ0IHGas.roa
Signing time: Thu 05 Jun 2025 18:11:18 +0000
ROA not before: Thu 05 Jun 2025 18:11:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:41:4a:4e:48:d9:3a:7f:a8:7e:7f:e7:49:51:f1:4b:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 5 18:11:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c9a1ff070919bb2d0b732c597321e327420719ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:b3:1e:b1:ed:4e:e6:40:f3:99:eb:11:1a:fb:
91:f7:03:a5:f9:56:86:c9:b4:27:4b:e6:27:aa:bc:
6b:7e:08:bb:7c:f7:d6:99:c0:d4:66:43:05:66:ae:
94:f3:4a:82:19:d1:b5:22:df:6a:1e:2c:50:77:e9:
81:aa:d7:ae:9e:95:1c:46:91:3c:b7:75:59:a9:95:
85:be:94:c4:2f:55:dd:31:27:f0:2a:69:ef:b3:f4:
5a:7b:20:d1:b2:c1:22:94:92:88:99:07:c6:9f:7e:
c4:d2:26:ce:3e:ae:2e:4e:47:1d:b4:43:c8:06:55:
cf:5b:8c:47:67:e2:fc:75:75:3d:ee:08:7a:2e:e3:
cf:e7:2c:35:e9:c8:44:d7:f0:69:ec:53:fb:83:c5:
a1:f6:7f:84:e2:42:8c:58:ff:c3:e1:76:f9:7c:7c:
57:6d:81:b5:45:56:ab:a4:35:00:7d:1d:28:55:ca:
5d:9d:32:2c:51:81:b4:e8:17:d7:1e:ca:ef:7b:3b:
dd:a5:1d:a3:b8:41:62:c8:3c:ae:32:d7:ca:bb:b8:
98:19:2c:80:43:02:e6:14:88:6b:f7:9b:72:28:c1:
e1:d4:b9:3e:b1:60:0a:50:7c:d4:8b:d4:80:07:85:
b7:dc:38:ac:b8:59:8f:44:60:0e:2d:a1:e5:6d:f1:
8f:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:A1:FF:07:09:19:BB:2D:0B:73:2C:59:73:21:E3:27:42:07:19:AB
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yaH_BwkZuy0LcyxZcyHjJ0IHGas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
18:70:a8:2d:32:fb:72:e8:00:ba:36:3d:57:44:76:8d:ab:d6:
32:b5:6a:ed:ba:dd:22:01:df:48:86:11:4f:5a:2a:21:4c:c2:
0e:bb:ff:a6:8d:f7:16:5d:48:1f:d2:7c:87:36:49:48:04:87:
1c:6c:64:6b:90:b9:67:ea:9a:02:f6:2c:27:ca:54:3f:af:1c:
db:fe:d3:34:a0:d8:8b:af:bf:2e:87:98:fb:92:4c:b5:34:64:
f6:3d:a2:b1:77:c7:72:c8:b1:97:cc:80:51:28:74:c3:b1:9d:
75:7a:df:53:3e:66:2d:fe:4d:a1:d9:c0:7a:db:7d:6d:88:fd:
79:d4:a8:30:00:dc:a1:35:00:84:b4:77:87:40:60:ae:11:70:
54:52:45:47:4f:d7:36:4f:81:34:a1:73:fe:2d:01:38:49:dd:
9b:6c:18:e4:c8:ff:00:2e:b6:97:ac:2f:2f:d7:88:68:63:4a:
04:f9:86:ac:57:30:1d:28:87:b2:ac:c3:98:0e:25:5d:c4:0b:
4a:0f:01:7d:7a:b2:dd:76:ac:17:fa:e6:0b:af:8a:04:1d:81:
bc:a6:e6:6c:bf:6b:e8:52:b7:b0:5e:e5:93:e1:e7:15:b1:f0:
3c:21:f1:f7:c3:c6:fb:04:4c:52:3e:5e:f2:f7:b0:09:88:f5:
e0:57:69:e7
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdBSk5I2Tp/qH5/50lR8UuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA1MTgxMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWExZmYwNzA5MTliYjJkMGI3MzJjNTk3MzIxZTMyNzQyMDcxOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrMese1O5kDzmesRGvuR9wOl+VaG
ybQnS+Ynqrxrfgi7fPfWmcDUZkMFZq6U80qCGdG1It9qHixQd+mBqteunpUcRpE8
t3VZqZWFvpTEL1XdMSfwKmnvs/RaeyDRssEilJKImQfGn37E0ibOPq4uTkcdtEPI
BlXPW4xHZ+L8dXU97gh6LuPP5yw16chE1/Bp7FP7g8Wh9n+E4kKMWP/D4Xb5fHxX
bYG1RVarpDUAfR0oVcpdnTIsUYG06BfXHsrvezvdpR2juEFiyDyuMtfKu7iYGSyA
QwLmFIhr95tyKMHh1Lk+sWAKUHzUi9SAB4W33DisuFmPRGAOLaHlbfGP+wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMmh/wcJGbstC3MsWXMh4ydCBxmrMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEveWFIX0J3a1p1eTBMY3l4WmN5SGpKMElIR2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAGHCoLTL7cugA
ujY9V0R2javWMrVq7brdIgHfSIYRT1oqIUzCDrv/po33Fl1IH9J8hzZJSASHHGxk
a5C5Z+qaAvYsJ8pUP68c2/7TNKDYi6+/LoeY+5JMtTRk9j2isXfHcsixl8yAUSh0
w7GddXrfUz5mLf5NodnAett9bYj9edSoMADcoTUAhLR3h0BgrhFwVFJFR0/XNk+B
NKFz/i0BOEndm2wY5Mj/AC62l6wvL9eIaGNKBPmGrFcwHSiHsqzDmA4lXcQLSg8B
fXqy3XasF/rmC6+KBB2BvKbmbL9r6FK3sF7lk+HnFbHwPCHx98PG+wRMUj5e8vew
CYj14Fdp5w==
-----END CERTIFICATE-----
Generated at Mon Jun 16 05:38:55 2025 by rpki-client