Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GNrrskqPlgY-PIIN_cU5Q7mGpYg.roa
File: GNrrskqPlgY-PIIN_cU5Q7mGpYg.roa (raw, json)
Hash identifier: YPB7+SfD2EiZnw18sHPn+cyIjMhkfAmqYzpPdAQ4l5g=
Subject key identifier: 18:DA:EB:B2:4A:8F:96:06:3E:3C:82:0D:FD:C5:39:43:B9:86:A5:88
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 0195C328DE3FD7E8252C58C3D1F008107315
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GNrrskqPlgY-PIIN_cU5Q7mGpYg.roa
Signing time: Sun 23 Mar 2025 13:19:50 +0000
ROA not before: Sun 23 Mar 2025 13:19:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 134666
IP address blocks: 2a0e:b107:30f::/48 maxlen: 48
2a10:2f01:3dc::/48 maxlen: 48
2a10:2f01:3df::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c3:28:de:3f:d7:e8:25:2c:58:c3:d1:f0:08:10:73:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Mar 23 13:19:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=18daebb24a8f96063e3c820dfdc53943b986a588
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:17:72:50:94:c9:05:fc:a1:1a:c8:7a:99:37:
e8:92:98:54:19:2d:d4:84:4b:28:4c:5e:d1:b5:7f:
b4:a1:dd:01:a9:03:91:96:b7:9a:bb:83:25:1b:ab:
86:0c:fe:c1:09:53:68:ed:88:b1:cb:5f:e6:cd:8a:
27:5b:67:84:a4:97:f7:40:f8:db:38:c7:41:9e:d1:
3c:31:16:8e:dc:ac:e0:6d:8d:ea:40:c0:5c:99:d1:
ed:a5:1a:35:28:48:b3:9e:f1:b2:1e:83:9a:ce:55:
4a:e7:5b:0e:b2:af:8e:a2:b0:da:c8:39:46:c1:5d:
b0:fc:76:7a:a0:1b:dc:f1:e6:6f:90:cf:8e:3c:cd:
0e:cf:2a:ea:dc:7d:a0:e3:8e:57:05:1d:a8:fd:1c:
47:52:70:0f:98:8a:c0:77:17:df:a1:06:44:ea:e6:
ef:18:c7:a4:49:6b:57:db:3f:f1:77:19:4d:86:37:
5f:8c:57:b5:ae:37:42:55:6a:c3:ab:71:5b:af:a0:
68:e5:52:94:97:04:f1:52:62:85:c7:ae:6b:70:65:
36:cc:47:fc:81:ea:44:8d:38:1c:5b:10:c7:48:3e:
00:79:ca:dd:47:05:d9:3e:d1:6a:1f:3c:b5:96:fb:
f6:d3:24:a8:30:62:67:4f:32:08:01:8f:d5:1c:e7:
83:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:DA:EB:B2:4A:8F:96:06:3E:3C:82:0D:FD:C5:39:43:B9:86:A5:88
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GNrrskqPlgY-PIIN_cU5Q7mGpYg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:b107:30f::/48
2a10:2f01:3dc::/48
2a10:2f01:3df::/48
Signature Algorithm: sha256WithRSAEncryption
b4:c5:8f:f3:32:d6:3e:79:1e:00:38:93:67:de:e4:ba:05:21:
78:da:22:62:de:d5:77:b5:de:a9:41:79:c1:29:91:f7:f3:4a:
61:39:6e:87:90:08:0f:cd:a5:d6:1b:6b:98:69:72:2e:99:54:
e0:76:97:24:8c:f7:02:59:28:b8:c5:a4:d8:c6:d6:5c:39:95:
5d:8d:1a:7d:27:2c:20:e7:8a:01:2b:22:ce:fa:21:7f:92:84:
51:35:b5:55:25:97:67:ea:4c:a5:e0:4d:51:38:95:44:cf:25:
e5:3a:8f:30:c7:b9:f4:ed:54:39:28:1c:42:55:41:ce:c6:b4:
4a:7c:50:3d:38:5d:40:b2:dc:ca:16:c0:21:c7:51:2e:fc:4d:
ce:3b:cc:c0:16:8a:76:3b:3d:14:68:ae:ba:df:32:1d:64:d9:
a6:7c:82:a9:f9:4d:15:ff:bc:7f:10:85:89:a8:b9:7c:63:13:
87:57:c6:47:83:d0:0a:80:b5:85:8e:4a:90:27:13:63:5a:20:
da:d3:c8:38:94:c6:1e:ba:9a:c3:bc:b0:5e:60:64:3f:85:7a:
fc:15:be:68:0d:42:fe:07:ca:2f:3f:16:a5:4c:95:a4:aa:83:
0d:31:d7:9b:73:52:c2:80:da:6c:c9:09:9e:af:af:58:a6:38:
a8:c5:d5:55
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZXDKN4/1+glLFjD0fAIEHMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMzIzMTMxOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRhZWJiMjRhOGY5NjA2M2UzYzgyMGRmZGM1Mzk0M2I5ODZhNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRdyUJTJBfyhGsh6mTfokphUGS3U
hEsoTF7RtX+0od0BqQORlreau4MlG6uGDP7BCVNo7Yixy1/mzYonW2eEpJf3QPjb
OMdBntE8MRaO3KzgbY3qQMBcmdHtpRo1KEiznvGyHoOazlVK51sOsq+OorDayDlG
wV2w/HZ6oBvc8eZvkM+OPM0Ozyrq3H2g445XBR2o/RxHUnAPmIrAdxffoQZE6ubv
GMekSWtX2z/xdxlNhjdfjFe1rjdCVWrDq3Fbr6Bo5VKUlwTxUmKFx65rcGU2zEf8
gepEjTgcWxDHSD4AecrdRwXZPtFqHzy1lvv20ySoMGJnTzIIAY/VHOeDjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBja67JKj5YGPjyCDf3FOUO5hqWIMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR05ycnNrcVBsZ1ktUElJTl9jVTVRN21HcFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg6xBwMP
AwcAKhAvAQPcAwcAKhAvAQPfMA0GCSqGSIb3DQEBCwUAA4IBAQC0xY/zMtY+eR4A
OJNn3uS6BSF42iJi3tV3td6pQXnBKZH380phOW6HkAgPzaXWG2uYaXIumVTgdpck
jPcCWSi4xaTYxtZcOZVdjRp9Jywg54oBKyLO+iF/koRRNbVVJZdn6kyl4E1ROJVE
zyXlOo8wx7n07VQ5KBxCVUHOxrRKfFA9OF1AstzKFsAhx1Eu/E3OO8zAFop2Oz0U
aK663zIdZNmmfIKp+U0V/7x/EIWJqLl8YxOHV8ZHg9AKgLWFjkqQJxNjWiDa08g4
lMYeuprDvLBeYGQ/hXr8Fb5oDUL+B8ovPxalTJWkqoMNMdebc1LCgNpsyQmer69Y
pjioxdVV
-----END CERTIFICATE-----
Generated at Thu Apr 10 19:35:24 2025 by rpki-client