Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yxogwT4eBYTsy0GcOsWG8JGEV7s.roa
File: yxogwT4eBYTsy0GcOsWG8JGEV7s.roa (raw, json)
Hash identifier: WDvgxT+oa+V4YPmErcZxIbFJUhVstXlBPaR8pUYdMN0=
Subject key identifier: CB:1A:20:C1:3E:1E:05:84:EC:CB:41:9C:3A:C5:86:F0:91:84:57:BB
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 0197568B47A4B7DF1456F7600718312C0115
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yxogwT4eBYTsy0GcOsWG8JGEV7s.roa
Signing time: Mon 09 Jun 2025 21:14:17 +0000
ROA not before: Mon 09 Jun 2025 21:14:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:56:8b:47:a4:b7:df:14:56:f7:60:07:18:31:2c:01:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 9 21:14:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb1a20c13e1e0584eccb419c3ac586f0918457bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:36:12:f1:93:c1:f9:d6:4e:6c:75:c3:3d:39:
86:12:14:d8:0d:d0:2f:0f:0f:90:1d:57:b9:bd:c4:
7a:aa:42:c4:0e:13:f1:a5:51:16:6b:ec:fe:0e:22:
70:cf:df:c8:14:99:ed:d7:12:bf:8f:7e:16:aa:2e:
42:9b:4c:a7:14:38:d8:ec:16:07:23:fb:66:0f:52:
b0:c7:bd:cb:a2:a3:58:56:c9:a8:a4:e7:82:34:8c:
27:7b:8b:c9:e9:71:bb:cd:fd:05:d2:e5:94:d3:5e:
49:8e:32:c3:24:3b:f0:9f:0c:45:29:77:a5:b9:1b:
09:c3:ca:8e:8d:34:c6:7f:25:85:21:76:b8:90:f1:
26:ee:9f:e1:33:b9:ff:29:a3:ff:ee:03:1b:31:0f:
62:54:fe:2d:99:98:94:75:88:12:00:66:d3:20:99:
ec:bf:d4:ee:f2:81:24:1d:60:e3:3d:04:69:40:e5:
22:87:a8:52:b0:1d:36:ef:ee:7e:85:5b:54:84:6f:
41:17:97:a4:8b:53:2e:71:e6:2e:bb:13:5f:a0:e5:
af:b6:aa:ba:1a:75:7c:50:67:ef:75:3a:3b:db:95:
0f:45:14:69:6b:15:35:22:ca:7f:0f:27:40:52:db:
73:e7:1f:7f:9a:f8:05:1c:7a:cc:c8:d4:70:61:dd:
55:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:1A:20:C1:3E:1E:05:84:EC:CB:41:9C:3A:C5:86:F0:91:84:57:BB
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/yxogwT4eBYTsy0GcOsWG8JGEV7s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
16:b3:a3:6c:3e:d8:ac:4c:9b:fb:14:f3:98:74:62:4a:5c:48:
4a:54:ca:9b:24:13:60:67:73:8f:83:55:d9:f2:5d:4c:ba:14:
04:f8:03:31:08:93:58:53:45:1f:eb:e8:22:40:b2:ba:67:a4:
6d:be:9f:33:03:bf:19:ac:a3:a4:b7:93:36:9b:64:d4:aa:b2:
14:a4:b1:b3:33:7d:64:4c:c7:3a:10:92:32:2c:27:aa:fc:24:
e1:18:9d:98:3d:f3:80:25:77:0b:21:49:e6:b4:42:5f:92:85:
43:a5:5a:f9:9a:f2:a6:bc:44:dd:1d:4a:c2:de:e0:37:fd:c2:
11:e0:62:08:25:3e:8e:2a:a0:84:cc:37:e3:2f:5d:16:37:d3:
1a:d5:8a:71:4b:86:b1:d0:a5:a8:2d:d8:de:76:86:26:0d:18:
06:dc:8f:c1:94:32:d0:63:43:e9:01:d5:b9:26:56:c8:0c:b1:
32:0c:ac:82:e4:f1:54:96:5d:d0:fe:82:66:a0:ea:0d:cc:5f:
eb:72:02:d2:af:a0:56:f1:0f:92:c9:ac:4b:41:0c:c1:b9:65:
fc:8a:43:90:71:c1:3a:e2:c2:6e:86:80:c0:a7:93:1f:94:62:
8e:98:bb:01:dd:f8:b9:cc:0c:2c:8d:0a:a3:dd:00:e9:37:67:
2d:bd:bc:26
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdWi0ekt98UVvdgBxgxLAEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA5MjExNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjFhMjBjMTNlMWUwNTg0ZWNjYjQxOWMzYWM1ODZmMDkxODQ1N2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDYS8ZPB+dZObHXDPTmGEhTYDdAv
Dw+QHVe5vcR6qkLEDhPxpVEWa+z+DiJwz9/IFJnt1xK/j34Wqi5Cm0ynFDjY7BYH
I/tmD1Kwx73LoqNYVsmopOeCNIwne4vJ6XG7zf0F0uWU015JjjLDJDvwnwxFKXel
uRsJw8qOjTTGfyWFIXa4kPEm7p/hM7n/KaP/7gMbMQ9iVP4tmZiUdYgSAGbTIJns
v9Tu8oEkHWDjPQRpQOUih6hSsB027+5+hVtUhG9BF5eki1MuceYuuxNfoOWvtqq6
GnV8UGfvdTo725UPRRRpaxU1Isp/DydAUttz5x9/mvgFHHrMyNRwYd1V5QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMsaIME+HgWE7MtBnDrFhvCRhFe7MB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEveXhvZ3dUNGVCWVRzeTBHY09zV0c4SkdFVjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAFrOjbD7YrEyb
+xTzmHRiSlxISlTKmyQTYGdzj4NV2fJdTLoUBPgDMQiTWFNFH+voIkCyumekbb6f
MwO/GayjpLeTNptk1KqyFKSxszN9ZEzHOhCSMiwnqvwk4RidmD3zgCV3CyFJ5rRC
X5KFQ6Va+ZryprxE3R1Kwt7gN/3CEeBiCCU+jiqghMw34y9dFjfTGtWKcUuGsdCl
qC3Y3naGJg0YBtyPwZQy0GND6QHVuSZWyAyxMgysguTxVJZd0P6CZqDqDcxf63IC
0q+gVvEPksmsS0EMwbll/IpDkHHBOuLCboaAwKeTH5Rijpi7Ad34ucwMLI0Ko90A
6TdnLb28Jg==
-----END CERTIFICATE-----
Generated at Mon Jun 16 05:23:41 2025 by rpki-client