Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/tYcEtRXx0LVSdqXQkSuhQwKZYpQ.roa
File: tYcEtRXx0LVSdqXQkSuhQwKZYpQ.roa (raw, json)
Hash identifier: ws+Ndeo9QDDRaBBp76K6BaZ8tzLurgdE/sDj6qGSfJc=
Subject key identifier: B5:87:04:B5:15:F1:D0:B5:52:76:A5:D0:91:2B:A1:43:02:99:62:94
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0188EE9B05D44F7FA6534435581B28E8AA0A
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/tYcEtRXx0LVSdqXQkSuhQwKZYpQ.roa
Signing time: Sat 24 Jun 2023 18:11:56 +0000
ROA not before: Sat 24 Jun 2023 18:11:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.170.0/24 maxlen: 24
185.65.68.0/24 maxlen: 24
194.15.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ee:9b:05:d4:4f:7f:a6:53:44:35:58:1b:28:e8:aa:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jun 24 18:11:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b58704b515f1d0b55276a5d0912ba14302996294
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a5:0d:1a:d7:66:64:45:bf:35:60:94:cb:bb:
e9:2b:7e:70:da:fd:73:35:4a:cf:a6:da:44:4c:e7:
9d:7d:43:3e:9d:18:1f:41:4d:cc:bb:1a:2d:40:d8:
6f:f0:7a:24:73:65:85:9b:c4:da:d2:62:0f:96:bb:
43:8b:c6:23:1f:65:65:d9:21:e9:32:ad:13:4b:8f:
af:08:27:1c:8f:6f:9c:59:45:96:85:e2:79:dc:cd:
55:0a:5a:de:86:df:27:04:ee:b1:5c:7c:97:19:01:
1e:8c:3d:65:0a:5f:bc:2b:1c:8e:fc:e3:56:50:0c:
ea:63:ff:e1:ad:33:37:e3:3e:68:c9:37:84:1f:11:
26:39:62:e6:37:32:08:67:5e:ab:bb:a4:c1:09:17:
07:48:38:09:96:cf:5c:44:66:e3:8a:7e:c7:2f:0e:
c7:53:56:e4:d3:57:e4:8e:b0:82:77:8d:e0:9b:d2:
4e:fb:7f:84:3e:b6:a7:29:34:e3:db:c3:01:b8:85:
d2:6c:a6:6f:6c:89:d4:b7:28:db:a1:01:96:96:88:
9a:0d:dd:a1:b5:72:5e:c1:8b:17:bb:91:88:df:1b:
9e:6e:75:53:ff:1f:7c:3d:01:73:c4:9a:24:58:c1:
11:25:7b:32:96:eb:01:15:a2:59:42:01:d2:2d:dc:
0c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:87:04:B5:15:F1:D0:B5:52:76:A5:D0:91:2B:A1:43:02:99:62:94
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/tYcEtRXx0LVSdqXQkSuhQwKZYpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.170.0/24
185.65.68.0/24
194.15.155.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:2b:8a:f1:7d:3e:de:2f:17:0a:16:9c:02:40:4b:3f:ad:98:
b1:8d:83:9a:d7:51:d7:71:59:bb:4a:f5:2c:5d:45:7a:59:02:
95:05:97:b7:b6:67:80:dc:da:84:14:2a:55:75:ab:7c:2b:9c:
75:4d:81:72:8c:a6:d8:02:51:cb:34:77:3b:3e:ec:5c:55:8e:
f1:f7:c9:8e:2b:fb:69:28:6d:f6:3a:1f:02:5d:53:a5:37:5a:
34:43:26:55:38:d5:16:4d:22:26:ff:27:68:56:8e:1e:11:06:
d4:8f:ce:58:55:5b:3d:95:42:eb:b8:63:ae:d8:c5:38:03:56:
d4:40:cc:d4:4a:4e:de:78:c3:2a:b7:9d:db:74:ff:af:cc:ce:
3b:5b:71:b0:51:04:c6:f0:c8:2c:9e:a4:e4:8c:f7:83:ba:91:
d4:8c:35:eb:a5:73:28:7e:e4:11:74:19:64:25:19:64:f2:4a:
cd:fa:64:59:be:44:e8:f8:fb:66:18:03:e1:bb:5c:4d:d9:5f:
40:b8:ab:37:6f:07:3c:d1:db:31:05:50:3f:da:5e:ce:51:35:
65:d6:fe:bf:de:d2:2f:98:4e:ff:5a:70:a4:5f:13:ed:9c:93:
1c:66:c4:1f:2e:1a:6b:6d:a0:39:bf:27:91:ef:14:a0:09:1a:
84:6a:13:73
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYjumwXUT3+mU0Q1WBso6KoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNjI0MTgxMTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTg3MDRiNTE1ZjFkMGI1NTI3NmE1ZDA5MTJiYTE0MzAyOTk2Mjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaUNGtdmZEW/NWCUy7vpK35w2v1z
NUrPptpETOedfUM+nRgfQU3MuxotQNhv8Hokc2WFm8Ta0mIPlrtDi8YjH2Vl2SHp
Mq0TS4+vCCccj2+cWUWWheJ53M1VClreht8nBO6xXHyXGQEejD1lCl+8KxyO/ONW
UAzqY//hrTM34z5oyTeEHxEmOWLmNzIIZ16ru6TBCRcHSDgJls9cRGbjin7HLw7H
U1bk01fkjrCCd43gm9JO+3+EPranKTTj28MBuIXSbKZvbInUtyjboQGWloiaDd2h
tXJewYsXu5GI3xuebnVT/x98PQFzxJokWMERJXsylusBFaJZQgHSLdwMdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLWHBLUV8dC1Unal0JEroUMCmWKUMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvdFljRXRSWHgwTFZTZHFYUWtTdWhRd0taWXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPraqAwQA
uUFEAwQAwg+bMA0GCSqGSIb3DQEBCwUAA4IBAQB/K4rxfT7eLxcKFpwCQEs/rZix
jYOa11HXcVm7SvUsXUV6WQKVBZe3tmeA3NqEFCpVdat8K5x1TYFyjKbYAlHLNHc7
PuxcVY7x98mOK/tpKG32Oh8CXVOlN1o0QyZVONUWTSIm/ydoVo4eEQbUj85YVVs9
lULruGOu2MU4A1bUQMzUSk7eeMMqt53bdP+vzM47W3GwUQTG8MgsnqTkjPeDupHU
jDXrpXMofuQRdBlkJRlk8krN+mRZvkTo+PtmGAPhu1xN2V9AuKs3bwc80dsxBVA/
2l7OUTVl1v6/3tIvmE7/WnCkXxPtnJMcZsQfLhprbaA5vyeR7xSgCRqEahNz
-----END CERTIFICATE-----
Generated at Mon May 12 19:06:06 2025 by rpki-client