Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/8a3bb5-9d95-4953-9388-031f407b3263/1/P4H-USxdX8paqqc5vUCjCPteQ10.roa
File: P4H-USxdX8paqqc5vUCjCPteQ10.roa (raw, json)
Hash identifier: RUKC58n+H3u6CbZuKe7grfw3EeWvKz+vXEAG57qC5LQ=
Subject key identifier: 3F:81:FE:51:2C:5D:5F:CA:5A:AA:A7:39:BD:40:A3:08:FB:5E:43:5D
Certificate issuer: /CN=bc127864cd43048550ed1699c584b5c14d80e098
Certificate serial: 019421B1D1161129F237D2207E895FAD7B8A
Authority key identifier: BC:12:78:64:CD:43:04:85:50:ED:16:99:C5:84:B5:C1:4D:80:E0:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vBJ4ZM1DBIVQ7RaZxYS1wU2A4Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/8a3bb5-9d95-4953-9388-031f407b3263/1/P4H-USxdX8paqqc5vUCjCPteQ10.roa
Signing time: Wed 01 Jan 2025 11:48:09 +0000
ROA not before: Wed 01 Jan 2025 11:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205831
IP address blocks: 185.210.208.0/22 maxlen: 22
185.210.210.0/24 maxlen: 24
2a0b:2c0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:d1:16:11:29:f2:37:d2:20:7e:89:5f:ad:7b:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc127864cd43048550ed1699c584b5c14d80e098
Validity
Not Before: Jan 1 11:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f81fe512c5d5fca5aaaa739bd40a308fb5e435d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:34:94:3c:c4:6e:6b:1d:01:6b:ba:39:b2:ca:
85:a7:fa:37:dc:35:eb:37:ff:d8:4c:7a:44:ed:56:
7d:bf:d3:53:35:88:d4:82:41:cf:fb:51:56:75:84:
07:9d:73:35:b5:52:50:94:1e:0d:b0:88:3d:2a:da:
d9:76:bf:98:f4:db:4e:9f:e5:be:ef:28:ec:be:92:
1d:8f:43:bf:13:ed:ae:5d:13:f0:ec:a1:7a:83:8f:
e9:6f:36:63:fd:c4:46:07:77:11:b5:e3:20:84:14:
ce:57:9f:aa:d0:70:b5:57:21:4c:bd:8c:6a:09:3c:
d8:f1:fc:eb:a3:28:4c:de:0f:49:d7:86:57:a0:94:
7d:96:50:3a:5a:30:26:49:ad:06:05:3e:e4:cf:35:
b0:c7:1a:fd:0b:b0:05:90:fd:e0:71:8a:5f:5c:84:
6b:8b:98:d3:0a:29:d0:7b:b7:34:e1:83:cb:ab:de:
7c:5f:9a:3c:5d:c2:5d:71:54:07:60:34:de:5f:26:
5e:d8:8c:5b:71:9f:59:ba:8f:8f:2e:6d:ef:22:fb:
a9:83:d5:77:76:c0:e8:8d:1e:5e:7a:04:43:9a:a1:
c9:33:5d:fd:5c:59:97:10:47:bf:d3:f4:6b:53:87:
d2:24:2e:54:dc:c7:ef:65:a3:99:20:a2:e6:0b:0f:
5c:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:81:FE:51:2C:5D:5F:CA:5A:AA:A7:39:BD:40:A3:08:FB:5E:43:5D
X509v3 Authority Key Identifier:
keyid:BC:12:78:64:CD:43:04:85:50:ED:16:99:C5:84:B5:C1:4D:80:E0:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vBJ4ZM1DBIVQ7RaZxYS1wU2A4Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/8a3bb5-9d95-4953-9388-031f407b3263/1/P4H-USxdX8paqqc5vUCjCPteQ10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/8a3bb5-9d95-4953-9388-031f407b3263/1/vBJ4ZM1DBIVQ7RaZxYS1wU2A4Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.210.208.0/22
IPv6:
2a0b:2c0::/29
Signature Algorithm: sha256WithRSAEncryption
9c:1b:4d:ca:48:2a:bf:ea:c1:0d:0f:0c:80:b7:5b:0a:32:72:
80:69:cc:13:ad:2e:b4:f5:c6:23:2a:4c:5a:b5:fa:5d:8f:02:
7d:c0:b0:73:77:70:21:09:37:f5:08:dd:b2:40:a0:d6:0b:57:
b9:ae:29:ea:0f:0e:48:c6:95:4f:09:0a:b5:ed:01:11:6a:86:
0c:94:a8:a7:1d:0e:bf:04:5e:2f:29:21:7c:45:2c:10:84:03:
22:be:fd:9e:22:fb:ad:ad:84:d4:b9:7a:ac:23:47:fb:4f:3e:
77:81:d1:99:8d:89:1b:55:03:04:2f:17:ef:0b:fe:a2:71:57:
07:1f:7e:0d:1c:c8:dc:a7:ec:6e:ec:5a:7f:43:3c:03:d2:1b:
a4:d3:e9:6e:6c:73:eb:87:fe:f8:fe:cd:de:4c:9e:a2:e5:ab:
6f:f3:9f:da:aa:32:24:7a:91:2f:ee:26:fc:ad:79:80:a5:a9:
70:94:f1:a2:68:bc:b9:11:32:3e:b7:87:35:0b:4e:40:0a:a9:
14:85:6f:41:e6:30:78:01:66:42:62:a2:85:92:a4:e3:21:f3:
eb:fb:4c:19:4b:da:df:e8:50:d6:cf:32:a3:9f:64:27:c7:d0:
ea:80:37:1b:97:76:78:1a:a5:a1:b8:78:bc:79:ca:c8:4e:92:
3b:bd:e4:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsdEWESnyN9IgfolfrXuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMTI3ODY0Y2Q0MzA0ODU1MGVkMTY5OWM1ODRiNWMxNGQ4
MGUwOTgwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgxZmU1MTJjNWQ1ZmNhNWFhYWE3MzliZDQwYTMwOGZiNWU0MzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujSUPMRuax0Ba7o5ssqFp/o33DXr
N//YTHpE7VZ9v9NTNYjUgkHP+1FWdYQHnXM1tVJQlB4NsIg9KtrZdr+Y9NtOn+W+
7yjsvpIdj0O/E+2uXRPw7KF6g4/pbzZj/cRGB3cRteMghBTOV5+q0HC1VyFMvYxq
CTzY8fzroyhM3g9J14ZXoJR9llA6WjAmSa0GBT7kzzWwxxr9C7AFkP3gcYpfXIRr
i5jTCinQe7c04YPLq958X5o8XcJdcVQHYDTeXyZe2IxbcZ9Zuo+PLm3vIvupg9V3
dsDojR5eegRDmqHJM139XFmXEEe/0/RrU4fSJC5U3MfvZaOZIKLmCw9cGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD+B/lEsXV/KWqqnOb1Aowj7XkNdMB8GA1UdIwQY
MBaAFLwSeGTNQwSFUO0WmcWEtcFNgOCYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkJKNFpNMURCSVZRN1JhWnhZUzF3VTJBNEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC84YTNiYjUtOWQ5NS00OTUzLTkzODgt
MDMxZjQwN2IzMjYzLzEvUDRILVVTeGRYOHBhcXFjNXZVQ2pDUHRlUTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC84YTNiYjUtOWQ5NS00OTUzLTkzODgtMDMxZjQwN2IzMjYz
LzEvdkJKNFpNMURCSVZRN1JhWnhZUzF3VTJBNEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudLQMA0E
AgACMAcDBQMqCwLAMA0GCSqGSIb3DQEBCwUAA4IBAQCcG03KSCq/6sENDwyAt1sK
MnKAacwTrS609cYjKkxatfpdjwJ9wLBzd3AhCTf1CN2yQKDWC1e5rinqDw5IxpVP
CQq17QERaoYMlKinHQ6/BF4vKSF8RSwQhAMivv2eIvutrYTUuXqsI0f7Tz53gdGZ
jYkbVQMELxfvC/6icVcHH34NHMjcp+xu7Fp/QzwD0huk0+lubHPrh/74/s3eTJ6i
5atv85/aqjIkepEv7ib8rXmApalwlPGiaLy5ETI+t4c1C05ACqkUhW9B5jB4AWZC
YqKFkqTjIfPr+0wZS9rf6FDWzzKjn2Qnx9DqgDcbl3Z4GqWhuHi8ecrITpI7veQp
-----END CERTIFICATE-----
Generated at Fri Apr 25 04:04:37 2025 by rpki-client