Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/hkmQH-83zbYgbeFajt_G5vLUDB4.roa
File: hkmQH-83zbYgbeFajt_G5vLUDB4.roa (raw, json)
Hash identifier: gB0UcPN+esB++4aqp9cznO6G7WYynK4/0uUbdmlbv78=
Subject key identifier: 86:49:90:1F:EF:37:CD:B6:20:6D:E1:5A:8E:DF:C6:E6:F2:D4:0C:1E
Certificate issuer: /CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
Certificate serial: 01941F8C5DEE64930A66C8B65A86D5C31B13
Authority key identifier: 00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/hkmQH-83zbYgbeFajt_G5vLUDB4.roa
Signing time: Wed 01 Jan 2025 01:48:00 +0000
ROA not before: Wed 01 Jan 2025 01:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9051
IP address blocks: 185.40.208.0/22 maxlen: 24
2a04:86c0::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:5d:ee:64:93:0a:66:c8:b6:5a:86:d5:c3:1b:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
Validity
Not Before: Jan 1 01:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8649901fef37cdb6206de15a8edfc6e6f2d40c1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d1:aa:a7:41:f8:4f:bb:cd:7c:b9:66:32:20:
d7:f3:b3:60:30:e2:1f:c7:1c:64:85:87:ad:32:90:
b9:ca:21:78:d3:22:fd:91:ee:7b:b6:11:49:29:cd:
3e:5e:58:a3:a5:8b:d4:45:61:aa:3d:24:3e:8d:f1:
2c:93:09:6d:cf:24:d4:0f:b9:69:46:13:e8:62:71:
78:76:5c:f1:9f:1b:a6:c8:c7:3d:c3:5a:e1:67:79:
6f:87:96:7b:41:fa:ce:f0:ba:17:06:a4:33:de:10:
85:03:c0:34:77:ea:ca:d3:6f:bd:dc:a2:ac:fb:69:
07:0c:05:27:73:98:7a:bc:7a:bb:c2:55:2a:66:c9:
d5:80:fd:f7:f7:9f:6f:42:1d:f4:66:b2:65:94:98:
8a:e6:96:ed:5a:c2:ef:ae:ce:20:62:ce:7f:96:8c:
38:3f:68:af:c2:5a:c3:37:d1:da:47:ab:01:5d:88:
93:45:32:a1:55:14:84:13:b0:56:3f:76:11:40:12:
74:06:5b:95:03:c7:4f:74:71:0d:03:90:5e:0d:43:
37:06:39:86:f2:ba:6f:11:62:95:a4:f3:bb:d2:2c:
38:11:6d:98:41:c9:12:d7:18:c4:62:99:da:28:91:
30:4c:c2:f0:2a:ff:74:0f:14:28:2e:eb:79:f3:9d:
b6:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:49:90:1F:EF:37:CD:B6:20:6D:E1:5A:8E:DF:C6:E6:F2:D4:0C:1E
X509v3 Authority Key Identifier:
keyid:00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/hkmQH-83zbYgbeFajt_G5vLUDB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.40.208.0/22
IPv6:
2a04:86c0::/29
Signature Algorithm: sha256WithRSAEncryption
ac:da:f2:88:9b:c3:d9:a2:48:f5:e3:f2:26:e9:23:1c:7c:3a:
c6:47:f0:d3:d3:fe:22:82:52:4f:e5:dd:1d:15:3d:fc:87:80:
4f:26:91:a6:cb:59:0f:b1:1c:98:7a:09:57:49:cc:1e:26:59:
0d:de:b8:9b:1a:36:8c:4c:14:80:73:8f:ac:4e:91:69:ec:89:
8a:e1:cc:2f:5b:62:ae:71:ef:75:1c:8f:9f:24:f1:62:67:75:
a1:96:e8:5d:c1:a4:53:8f:8d:fb:b7:bb:f4:2c:99:2a:69:03:
90:30:0c:9e:ba:0a:85:4a:30:45:32:4d:43:59:0e:14:1d:06:
f5:36:a9:26:f0:05:67:0f:56:49:a4:42:58:86:3e:a2:68:e1:
1f:2c:3b:72:e6:16:42:42:b1:a9:6c:6a:dd:78:dc:d6:5a:65:
2a:6c:6a:2d:88:16:ba:1e:ea:87:fa:b2:78:1c:ce:49:82:19:
7a:a4:15:b0:9e:08:26:5f:d9:f0:65:10:ba:3f:82:4b:55:f7:
3b:67:ee:81:53:ea:f7:65:4d:0f:1d:0c:90:05:1b:c1:c1:5b:
5c:a7:aa:04:cb:37:f7:f1:72:1e:a2:2e:e9:d8:df:24:90:dd:
05:63:31:42:bb:0f:84:b4:64:f4:95:b3:c6:9a:aa:6c:37:94:
5e:6f:9e:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjF3uZJMKZsi2WobVwxsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWY5ZGRhMzA3Y2I1MjUzODVlZjkwZjUwNmQwZDU3YmI5
ZDJiZjIwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ5OTAxZmVmMzdjZGI2MjA2ZGUxNWE4ZWRmYzZlNmYyZDQwYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NGqp0H4T7vNfLlmMiDX87NgMOIf
xxxkhYetMpC5yiF40yL9ke57thFJKc0+XlijpYvURWGqPSQ+jfEskwltzyTUD7lp
RhPoYnF4dlzxnxumyMc9w1rhZ3lvh5Z7QfrO8LoXBqQz3hCFA8A0d+rK02+93KKs
+2kHDAUnc5h6vHq7wlUqZsnVgP33959vQh30ZrJllJiK5pbtWsLvrs4gYs5/low4
P2ivwlrDN9HaR6sBXYiTRTKhVRSEE7BWP3YRQBJ0BluVA8dPdHENA5BeDUM3BjmG
8rpvEWKVpPO70iw4EW2YQckS1xjEYpnaKJEwTMLwKv90DxQoLut58522IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIZJkB/vN822IG3hWo7fxuby1AweMB8GA1UdIwQY
MBaAFACvndowfLUlOF75D1BtDVe7nSvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTkt
OTBlYWNlOWUwNTllLzEvaGttUUgtODN6YllnYmVGYWp0X0c1dkxVREI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTktOTBlYWNlOWUwNTll
LzEvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSjQMA0E
AgACMAcDBQMqBIbAMA0GCSqGSIb3DQEBCwUAA4IBAQCs2vKIm8PZokj14/Im6SMc
fDrGR/DT0/4iglJP5d0dFT38h4BPJpGmy1kPsRyYeglXScweJlkN3ribGjaMTBSA
c4+sTpFp7ImK4cwvW2Kuce91HI+fJPFiZ3WhluhdwaRTj437t7v0LJkqaQOQMAye
ugqFSjBFMk1DWQ4UHQb1Nqkm8AVnD1ZJpEJYhj6iaOEfLDty5hZCQrGpbGrdeNzW
WmUqbGotiBa6HuqH+rJ4HM5Jghl6pBWwnggmX9nwZRC6P4JLVfc7Z+6BU+r3ZU0P
HQyQBRvBwVtcp6oEyzf38XIeoi7p2N8kkN0FYzFCuw+EtGT0lbPGmqpsN5Reb57Y
-----END CERTIFICATE-----
Generated at Fri Apr 25 03:26:56 2025 by rpki-client