Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa
File: eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa (raw, json)
Hash identifier: VcAluyxQ8WpOAzJMGs8LDnsv8Z2KWmi3quZRoe9fH3I=
Subject key identifier: 78:71:93:33:0C:7B:53:47:20:0E:90:9A:1D:65:6E:9A:AE:71:E3:24
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 0196E9B4EC908F3E5C4F67FCC055DB312960
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa
Signing time: Mon 19 May 2025 18:01:10 +0000
ROA not before: Mon 19 May 2025 18:01:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200019
IP address blocks: 2a09:af84::/32 maxlen: 32
2a09:cf05::/32 maxlen: 32
2a09:dd03::/32 maxlen: 32
2a09:e705::/32 maxlen: 32
2a09:ef00::/32 maxlen: 32
2a0b:9000::/32 maxlen: 32
2a0b:9003::/32 maxlen: 32
2a0e:5883::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:e9:b4:ec:90:8f:3e:5c:4f:67:fc:c0:55:db:31:29:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: May 19 18:01:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=787193330c7b5347200e909a1d656e9aae71e324
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:c5:d3:ba:32:74:28:a2:e4:ab:10:2e:02:66:
de:c4:a2:83:cf:3b:8c:45:f8:f8:f3:b1:0a:f8:bd:
79:35:6d:09:81:1f:90:9a:7d:67:4a:0e:ab:93:68:
6c:6f:e4:46:0b:b6:2a:6b:75:3b:85:4a:ec:0d:ef:
ca:4d:a2:52:4a:bb:3e:42:44:7f:3f:ee:04:3c:1e:
24:c3:ef:33:09:73:fa:9b:7f:70:0a:f7:62:62:2c:
d4:f5:f2:30:0b:19:7e:af:68:44:fa:be:72:fe:5c:
4b:7a:0c:6c:d2:24:10:b0:4f:8c:19:fd:fe:d5:f2:
3b:e8:09:e6:f0:bd:ad:17:35:78:db:f5:d3:52:c1:
3a:f2:37:2c:03:a0:ef:7b:79:b5:56:27:ef:db:c1:
7f:57:b0:12:3b:02:9a:44:1b:19:54:35:ba:cd:17:
20:48:23:f5:c8:46:4c:5e:cd:e4:9b:fa:bd:3a:23:
93:0d:d0:df:4c:98:10:d8:56:e3:f8:0c:14:b1:bf:
f9:de:12:82:0b:23:30:31:7d:7b:ab:3b:89:46:f8:
8c:e7:12:55:4c:10:3e:9d:e7:65:82:9c:d5:95:a6:
2c:08:35:8a:54:23:c5:55:fc:ec:6b:0f:61:32:c6:
ba:8b:70:75:15:12:a9:67:bb:7f:7b:c2:f0:04:64:
6d:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:71:93:33:0C:7B:53:47:20:0E:90:9A:1D:65:6E:9A:AE:71:E3:24
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/eHGTMwx7U0cgDpCaHWVumq5x4yQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:af84::/32
2a09:cf05::/32
2a09:dd03::/32
2a09:e705::/32
2a09:ef00::/32
2a0b:9000::/32
2a0b:9003::/32
2a0e:5883::/32
Signature Algorithm: sha256WithRSAEncryption
0f:d8:e1:95:66:72:73:c9:b7:4e:90:35:94:4e:e2:57:1f:48:
0e:55:d2:04:3b:c6:4d:a9:d8:1e:3f:05:52:05:ab:c2:cf:2a:
91:d5:a1:44:92:70:0f:4d:7b:bc:4a:20:13:74:c5:5c:f8:8a:
65:29:5c:6b:55:ba:e2:c8:7c:c3:da:c9:3d:cf:6a:53:6e:64:
67:97:bd:cd:67:61:68:ff:54:72:67:00:ec:5d:77:4b:50:5c:
cd:c6:96:05:3a:3d:30:cf:d8:37:4d:1c:14:0e:a9:65:80:2c:
25:84:5c:7c:95:23:23:ed:6a:76:62:97:06:c6:de:90:86:54:
6d:29:3c:47:2a:37:70:e9:b4:3f:a4:65:5e:37:f8:82:6d:45:
97:65:bd:e0:0e:c1:d5:39:35:09:aa:e5:fb:d0:64:21:90:ed:
6f:da:e5:30:6e:ce:b2:ed:b2:de:0c:59:c7:cf:89:e3:9e:62:
e6:55:c4:52:ef:0b:54:3c:2c:83:47:b8:aa:00:bb:b0:ce:d4:
18:9a:6b:8c:ea:4e:fb:7e:89:b7:f1:02:46:31:1f:d0:24:66:
1f:80:7b:d5:7d:f3:04:c5:f0:da:5a:2f:32:4a:d4:f5:35:85:
d8:1c:e0:bd:67:df:20:89:ee:3e:72:ba:ff:43:0c:54:2a:2b:
b7:30:b9:0f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZbptOyQjz5cT2f8wFXbMSlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwNTE5MTgwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODcxOTMzMzBjN2I1MzQ3MjAwZTkwOWExZDY1NmU5YWFlNzFlMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsXTujJ0KKLkqxAuAmbexKKDzzuM
Rfj487EK+L15NW0JgR+Qmn1nSg6rk2hsb+RGC7Yqa3U7hUrsDe/KTaJSSrs+QkR/
P+4EPB4kw+8zCXP6m39wCvdiYizU9fIwCxl+r2hE+r5y/lxLegxs0iQQsE+MGf3+
1fI76Anm8L2tFzV42/XTUsE68jcsA6Dve3m1Vifv28F/V7ASOwKaRBsZVDW6zRcg
SCP1yEZMXs3km/q9OiOTDdDfTJgQ2Fbj+AwUsb/53hKCCyMwMX17qzuJRviM5xJV
TBA+nedlgpzVlaYsCDWKVCPFVfzsaw9hMsa6i3B1FRKpZ7t/e8LwBGRtEwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHhxkzMMe1NHIA6Qmh1lbpquceMkMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZUhHVE13eDdVMGNnRHBDYUhXVnVtcTV4NHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKgmvhAMF
ACoJzwUDBQAqCd0DAwUAKgnnBQMFACoJ7wADBQAqC5AAAwUAKguQAwMFACoOWIMw
DQYJKoZIhvcNAQELBQADggEBAA/Y4ZVmcnPJt06QNZRO4lcfSA5V0gQ7xk2p2B4/
BVIFq8LPKpHVoUSScA9Ne7xKIBN0xVz4imUpXGtVuuLIfMPayT3PalNuZGeXvc1n
YWj/VHJnAOxdd0tQXM3GlgU6PTDP2DdNHBQOqWWALCWEXHyVIyPtanZilwbG3pCG
VG0pPEcqN3DptD+kZV43+IJtRZdlveAOwdU5NQmq5fvQZCGQ7W/a5TBuzrLtst4M
WcfPieOeYuZVxFLvC1Q8LINHuKoAu7DO1Biaa4zqTvt+ibfxAkYxH9AkZh+Ae9V9
8wTF8NpaLzJK1PU1hdgc4L1n3yCJ7j5yuv9DDFQqK7cwuQ8=
-----END CERTIFICATE-----
Generated at Wed Jun 11 11:09:27 2025 by rpki-client