Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/08GI8DnW6cxnGw3no5oN7grC_4U.roa
File: 08GI8DnW6cxnGw3no5oN7grC_4U.roa (raw, json)
Hash identifier: tSRs3KGtkXNtrUi1nh9IGRq93X0/W11TyzS16NTF1tc=
Subject key identifier: D3:C1:88:F0:39:D6:E9:CC:67:1B:0D:E7:A3:9A:0D:EE:0A:C2:FF:85
Certificate issuer: /CN=a647893fb5b348e68a66d55a28f278cbf3931df4
Certificate serial: 018C3A484C0E1AFABB9CE1BFCADD20ABB75E
Authority key identifier: A6:47:89:3F:B5:B3:48:E6:8A:66:D5:5A:28:F2:78:CB:F3:93:1D:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/08GI8DnW6cxnGw3no5oN7grC_4U.roa
Signing time: Tue 05 Dec 2023 14:01:05 +0000
ROA not before: Tue 05 Dec 2023 14:01:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31727
IP address blocks: 185.207.132.0/22 maxlen: 22
185.170.152.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:48:4c:0e:1a:fa:bb:9c:e1:bf:ca:dd:20:ab:b7:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a647893fb5b348e68a66d55a28f278cbf3931df4
Validity
Not Before: Dec 5 14:01:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d3c188f039d6e9cc671b0de7a39a0dee0ac2ff85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6e:b3:6d:6a:11:ea:47:dc:fb:29:2c:77:1f:
b9:28:8b:ab:c3:46:8b:2e:02:c9:66:f1:22:9d:c7:
4e:bd:7e:07:a2:46:78:a1:f6:3f:1e:5a:ad:7a:13:
62:87:bd:60:7e:4b:e5:3f:85:9a:a9:d6:bc:04:d5:
e5:bb:98:ae:d8:c8:f0:3e:e9:1e:c5:0c:35:d6:e5:
eb:be:5f:5b:18:12:c6:fe:52:2f:26:02:23:09:69:
66:b5:e2:00:c1:f8:63:73:66:5c:8f:8a:f3:a3:23:
63:8d:e3:37:8e:65:70:10:9e:10:05:bf:05:77:ee:
38:b7:5c:c9:3c:c1:ee:41:7c:8e:5c:25:85:f7:e9:
86:cc:15:2f:36:09:d8:33:1c:66:c5:c3:b9:b6:7a:
8d:d8:b0:a2:cf:b2:6c:14:37:2c:ce:9c:be:1d:76:
d1:8d:22:bf:12:30:30:e7:4f:04:1a:0d:37:c2:5a:
c6:ea:4b:3a:b2:2b:fe:9f:c1:1c:72:ea:58:43:d4:
a2:25:2e:1a:e6:9c:10:4e:b4:9a:5a:76:bb:27:31:
e4:1b:20:b8:b4:b5:b2:18:ed:0b:a9:97:46:6f:55:
b4:89:ef:f8:6a:7f:02:5d:24:2e:5f:3b:52:b9:ea:
36:76:8e:e6:27:ec:47:e2:74:3e:3a:3a:2c:08:de:
87:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:C1:88:F0:39:D6:E9:CC:67:1B:0D:E7:A3:9A:0D:EE:0A:C2:FF:85
X509v3 Authority Key Identifier:
keyid:A6:47:89:3F:B5:B3:48:E6:8A:66:D5:5A:28:F2:78:CB:F3:93:1D:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/08GI8DnW6cxnGw3no5oN7grC_4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.170.152.0/22
185.207.132.0/22
Signature Algorithm: sha256WithRSAEncryption
12:3a:cc:60:72:8e:75:a4:c3:1e:e7:95:8c:2d:3b:82:d8:0d:
22:0e:38:cb:46:0a:01:2b:28:4f:6e:96:45:a0:1a:d2:81:e2:
16:15:d0:fe:44:bf:f8:7c:b4:fd:e4:12:ef:a1:b0:5c:3a:c2:
ad:b5:f5:8a:29:72:9c:63:8e:c8:98:16:37:d3:bc:7a:1d:35:
87:5d:6d:c8:d6:5b:a8:4e:d5:05:51:ef:2f:97:40:85:db:db:
43:3e:67:77:ae:fa:2e:fb:26:b5:0d:8f:d3:66:32:f5:a2:57:
20:4a:41:fc:91:e0:89:91:d2:bc:25:47:16:bc:ee:c3:d1:d5:
8e:f2:ca:e9:28:da:91:74:af:a8:29:34:b8:e0:14:69:c6:35:
05:30:d1:9a:8a:59:da:d0:9a:56:37:1c:82:ad:c8:c5:f7:61:
06:9f:82:53:5a:55:68:8b:d8:70:86:80:77:0b:95:42:05:0e:
91:88:22:50:19:25:fc:51:c0:b8:58:8e:87:f1:93:2f:28:40:
4b:e8:ea:9f:a8:4f:b0:76:b0:43:48:cd:0c:72:bf:cd:1a:1c:
ed:42:f1:24:a8:2b:2f:5b:ec:71:a2:a2:bf:27:9c:2a:ac:de:
18:34:49:06:61:82:bb:b4:d6:09:fd:21:04:50:99:50:dc:9d:
3b:c7:d6:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYw6SEwOGvq7nOG/yt0gq7deMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NDc4OTNmYjViMzQ4ZTY4YTY2ZDU1YTI4ZjI3OGNiZjM5
MzFkZjQwHhcNMjMxMjA1MTQwMTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2MxODhmMDM5ZDZlOWNjNjcxYjBkZTdhMzlhMGRlZTBhYzJmZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv26zbWoR6kfc+yksdx+5KIurw0aL
LgLJZvEincdOvX4HokZ4ofY/HlqtehNih71gfkvlP4Waqda8BNXlu5iu2MjwPuke
xQw11uXrvl9bGBLG/lIvJgIjCWlmteIAwfhjc2Zcj4rzoyNjjeM3jmVwEJ4QBb8F
d+44t1zJPMHuQXyOXCWF9+mGzBUvNgnYMxxmxcO5tnqN2LCiz7JsFDcszpy+HXbR
jSK/EjAw508EGg03wlrG6ks6siv+n8EccupYQ9SiJS4a5pwQTrSaWna7JzHkGyC4
tLWyGO0LqZdGb1W0ie/4an8CXSQuXztSueo2do7mJ+xH4nQ+OjosCN6HTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNPBiPA51unMZxsN56OaDe4Kwv+FMB8GA1UdIwQY
MBaAFKZHiT+1s0jmimbVWijyeMvzkx30MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGtlSlA3V3pTT2FLWnRWYUtQSjR5X09USGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kYThjYjEtMWJmYy00M2ZkLWEwZDIt
ZDYyNDQ5NmRkY2M4LzEvMDhHSThEblc2Y3huR3czbm81b043Z3JDXzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kYThjYjEtMWJmYy00M2ZkLWEwZDItZDYyNDQ5NmRkY2M4
LzEvcGtlSlA3V3pTT2FLWnRWYUtQSjR5X09USGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuaqYAwQC
uc+EMA0GCSqGSIb3DQEBCwUAA4IBAQASOsxgco51pMMe55WMLTuC2A0iDjjLRgoB
KyhPbpZFoBrSgeIWFdD+RL/4fLT95BLvobBcOsKttfWKKXKcY47ImBY307x6HTWH
XW3I1luoTtUFUe8vl0CF29tDPmd3rvou+ya1DY/TZjL1olcgSkH8keCJkdK8JUcW
vO7D0dWO8srpKNqRdK+oKTS44BRpxjUFMNGailna0JpWNxyCrcjF92EGn4JTWlVo
i9hwhoB3C5VCBQ6RiCJQGSX8UcC4WI6H8ZMvKEBL6OqfqE+wdrBDSM0Mcr/NGhzt
QvEkqCsvW+xxoqK/J5wqrN4YNEkGYYK7tNYJ/SEEUJlQ3J07x9Zd
-----END CERTIFICATE-----
Generated at Sun May 11 20:18:39 2025 by rpki-client