Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yqEXtPxDP8tCXsIhctRip0fPrKQ.roa
File: yqEXtPxDP8tCXsIhctRip0fPrKQ.roa (raw, json)
Hash identifier: boQjfeGz3nWi8AOxal5P8xYSFGL4VydA5ZImAptHNCY=
Subject key identifier: CA:A1:17:B4:FC:43:3F:CB:42:5E:C2:21:72:D4:62:A7:47:CF:AC:A4
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019750F62456643EAF254E1658DA161233FB
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yqEXtPxDP8tCXsIhctRip0fPrKQ.roa
Signing time: Sun 08 Jun 2025 19:13:17 +0000
ROA not before: Sun 08 Jun 2025 19:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:50:f6:24:56:64:3e:af:25:4e:16:58:da:16:12:33:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 8 19:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=caa117b4fc433fcb425ec22172d462a747cfaca4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0f:34:e7:d1:92:21:13:2f:f7:da:71:e7:44:
f8:8a:b2:70:15:e6:fe:9e:34:9f:13:c1:9c:88:e8:
a2:00:4a:10:9f:ff:57:ac:86:8d:8a:ba:ec:f3:38:
3e:a7:3c:13:d6:6d:09:ed:ab:84:d0:29:59:b7:c7:
df:10:71:aa:e9:35:c5:02:8f:52:9d:80:ec:b5:c3:
35:af:9f:57:8f:bd:29:a3:66:e6:8d:43:4e:80:af:
24:a2:9b:82:8d:32:4d:b7:03:9b:c7:4e:30:0d:4c:
c9:f9:5a:b8:75:03:7f:76:a7:28:8f:ce:46:1c:62:
87:86:f7:69:01:0d:9e:05:c7:95:bb:71:b0:f3:20:
10:c5:60:2b:77:bf:f2:a9:f1:3b:8c:68:ff:0e:38:
9b:ac:c0:97:0b:2a:9a:ab:98:9b:52:eb:ae:e6:a3:
b9:01:a7:0b:0e:d2:f3:e0:a3:52:b9:01:b1:48:54:
d2:15:50:c4:d4:de:43:55:03:06:6b:b6:6c:8a:df:
a2:00:e3:1e:2f:bd:f4:73:9e:88:2f:22:52:7b:f8:
fe:9b:f5:72:0c:1f:c5:b3:78:3d:36:4d:87:9c:d6:
51:a8:0d:b1:ac:a8:1e:dd:c1:7e:6b:58:2e:a3:d5:
d3:60:b4:f3:cc:00:ea:6e:0a:d7:9e:26:e5:29:8f:
a4:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:A1:17:B4:FC:43:3F:CB:42:5E:C2:21:72:D4:62:A7:47:CF:AC:A4
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yqEXtPxDP8tCXsIhctRip0fPrKQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
ac:22:0f:3f:5a:6a:a2:97:64:25:cd:db:a6:30:1a:48:84:41:
08:4f:af:f8:be:19:5f:c5:9f:77:2f:65:ce:46:0a:9a:32:74:
c9:ff:b9:c8:1b:68:c5:67:85:bc:ef:2e:61:5d:7a:f0:54:8e:
a6:4e:95:8a:b0:75:a4:0f:81:78:17:f2:78:de:9f:29:5f:ef:
49:97:ec:d0:95:1a:d4:a2:0f:b5:73:2b:f0:b5:09:42:63:e8:
c9:73:cc:b9:a9:0b:f3:f2:53:2a:34:08:3f:d0:bb:7d:5b:d7:
0c:48:12:5e:00:9b:73:95:7d:96:1d:33:5f:8b:1d:57:1f:19:
b9:37:08:12:5d:39:81:1e:f0:ba:02:2e:de:c8:c8:51:f8:09:
4c:7b:b6:dd:3e:62:bf:c3:c5:8d:78:f0:84:53:b1:67:91:78:
d9:22:dc:37:38:74:db:9f:86:5f:59:cd:cc:17:6e:7d:a1:59:
0c:3e:14:42:88:07:d0:af:b0:df:aa:52:f0:19:56:b2:4d:4e:
f5:46:d5:e3:0c:ef:8e:2a:5e:07:06:9e:43:cc:b7:93:ad:f0:
2b:68:eb:ec:cf:4c:00:1d:f3:41:11:5c:59:47:9d:07:0f:ac:
0d:41:df:77:f5:e8:74:72:c3:cc:0c:06:48:9a:de:62:e6:88:
97:7f:a2:b5
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdQ9iRWZD6vJU4WWNoWEjP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA4MTkxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWExMTdiNGZjNDMzZmNiNDI1ZWMyMjE3MmQ0NjJhNzQ3Y2ZhY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg8059GSIRMv99px50T4irJwFeb+
njSfE8GciOiiAEoQn/9XrIaNirrs8zg+pzwT1m0J7auE0ClZt8ffEHGq6TXFAo9S
nYDstcM1r59Xj70po2bmjUNOgK8kopuCjTJNtwObx04wDUzJ+Vq4dQN/dqcoj85G
HGKHhvdpAQ2eBceVu3Gw8yAQxWArd7/yqfE7jGj/DjibrMCXCyqaq5ibUuuu5qO5
AacLDtLz4KNSuQGxSFTSFVDE1N5DVQMGa7Zsit+iAOMeL730c56ILyJSe/j+m/Vy
DB/Fs3g9Nk2HnNZRqA2xrKge3cF+a1guo9XTYLTzzADqbgrXniblKY+kpwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMqhF7T8Qz/LQl7CIXLUYqdHz6ykMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEveXFFWHRQeERQOHRDWHNJaGN0UmlwMGZQcktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEArCIPP1pqopdk
Jc3bpjAaSIRBCE+v+L4ZX8Wfdy9lzkYKmjJ0yf+5yBtoxWeFvO8uYV168FSOpk6V
irB1pA+BeBfyeN6fKV/vSZfs0JUa1KIPtXMr8LUJQmPoyXPMuakL8/JTKjQIP9C7
fVvXDEgSXgCbc5V9lh0zX4sdVx8ZuTcIEl05gR7wugIu3sjIUfgJTHu23T5iv8PF
jXjwhFOxZ5F42SLcNzh025+GX1nNzBdufaFZDD4UQogH0K+w36pS8BlWsk1O9UbV
4wzvjipeBwaeQ8y3k63wK2jr7M9MAB3zQRFcWUedBw+sDUHfd/XodHLDzAwGSJre
YuaIl3+itQ==
-----END CERTIFICATE-----
Generated at Mon Jun 16 05:36:48 2025 by rpki-client