Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/9aNUmEK1IgzXGz6LjR_S1BBD9cw.roa
File: 9aNUmEK1IgzXGz6LjR_S1BBD9cw.roa (raw, json)
Hash identifier: vhkPXB+B8ThjGV27Ak3en0JwWEnvVkP3ibBIICc0FpU=
Subject key identifier: F5:A3:54:98:42:B5:22:0C:D7:1B:3E:8B:8D:1F:D2:D4:10:43:F5:CC
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018CC500CFD5204623342ADDBD17F2032735
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/9aNUmEK1IgzXGz6LjR_S1BBD9cw.roa
Signing time: Mon 01 Jan 2024 12:30:13 +0000
ROA not before: Mon 01 Jan 2024 12:30:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212776
IP address blocks: 185.161.67.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:cf:d5:20:46:23:34:2a:dd:bd:17:f2:03:27:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 1 12:30:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f5a3549842b5220cd71b3e8b8d1fd2d41043f5cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:ea:50:b2:2c:64:91:91:8a:84:b7:14:d7:c6:
d8:82:7b:6d:5d:f2:bd:cd:13:2f:0c:7e:fc:0e:7c:
d9:97:04:e4:d9:f1:7e:bf:4c:2d:f6:eb:ba:fa:ad:
f9:95:d8:f8:28:b5:d9:c4:13:76:72:81:c4:99:3f:
8b:ee:49:05:15:6f:28:8a:63:dc:88:a2:d5:a4:17:
09:2b:96:be:17:24:9f:3e:ab:7c:56:b9:80:59:38:
a5:0c:e7:d9:c4:8a:2b:c5:44:8c:43:b4:37:ce:0b:
ae:92:6c:37:76:1d:c2:5c:62:af:90:f1:44:b9:d7:
4f:f3:a4:d0:4c:65:e7:3e:8f:9f:cb:1c:e1:ec:db:
e0:14:6d:86:29:48:cc:6f:c8:2e:1a:25:ad:83:84:
40:67:dd:b6:74:0c:08:76:81:fc:41:48:d2:4e:69:
9d:b3:d8:40:60:af:58:db:2f:2a:9e:f5:1e:bf:1d:
6d:05:48:7d:c0:bf:54:12:88:4d:e5:8f:44:5d:fe:
c5:90:4a:cd:95:5e:5d:09:2e:b3:62:63:2e:b6:68:
cb:09:25:81:d3:9e:5f:23:9e:3a:f9:80:91:61:ee:
62:4e:94:38:14:e3:56:49:3f:c3:91:e0:bb:8b:a8:
80:7a:6a:86:6c:2c:b6:c2:b7:7f:1b:de:d1:7b:0f:
83:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:A3:54:98:42:B5:22:0C:D7:1B:3E:8B:8D:1F:D2:D4:10:43:F5:CC
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/9aNUmEK1IgzXGz6LjR_S1BBD9cw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.67.0/24
Signature Algorithm: sha256WithRSAEncryption
52:74:b9:e3:23:d3:0e:c4:19:12:b6:de:7e:68:6b:6f:d2:a5:
08:ab:6c:6c:1f:cd:18:8a:56:17:1c:cb:74:cc:61:1c:52:82:
ea:1d:74:81:e3:b8:e0:6e:0e:ac:43:48:ed:64:5b:b7:3a:c3:
3b:e2:54:b2:34:ca:ee:aa:d3:6d:39:8d:c6:d4:9e:80:ae:1e:
8a:fc:37:8c:e7:20:2b:59:73:10:36:41:d7:7a:78:47:79:e6:
0e:a0:83:99:4d:7b:8c:1c:71:90:0a:59:04:2a:db:cd:b6:f3:
91:2e:b6:9c:b3:14:9a:c0:7f:15:19:fb:d2:55:6f:41:e4:83:
cc:01:92:3f:3f:ad:18:df:a2:ba:ce:0a:fa:3b:7d:3b:4c:bd:
07:65:28:59:b0:4f:3f:3f:38:75:a7:ee:90:f5:49:d2:b3:82:
1e:d0:da:3d:e1:52:0d:2e:7b:cf:d6:51:11:39:14:29:34:83:
e4:c4:67:cb:bf:50:cb:cf:87:75:40:f3:5f:ed:fe:eb:49:fc:
70:99:e9:98:1b:8d:b3:ea:1f:97:d3:fb:26:fb:a1:45:13:fd:
da:76:c4:75:51:d1:ea:29:b2:fd:ac:41:87:03:83:60:05:c8:
19:d1:06:29:15:1b:cc:6d:34:9d:18:c2:11:f0:3d:eb:db:e7:
3d:49:8b:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAM/VIEYjNCrdvRfyAyc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWEzNTQ5ODQyYjUyMjBjZDcxYjNlOGI4ZDFmZDJkNDEwNDNmNWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+pQsixkkZGKhLcU18bYgnttXfK9
zRMvDH78DnzZlwTk2fF+v0wt9uu6+q35ldj4KLXZxBN2coHEmT+L7kkFFW8oimPc
iKLVpBcJK5a+FySfPqt8VrmAWTilDOfZxIorxUSMQ7Q3zguukmw3dh3CXGKvkPFE
uddP86TQTGXnPo+fyxzh7NvgFG2GKUjMb8guGiWtg4RAZ922dAwIdoH8QUjSTmmd
s9hAYK9Y2y8qnvUevx1tBUh9wL9UEohN5Y9EXf7FkErNlV5dCS6zYmMutmjLCSWB
055fI546+YCRYe5iTpQ4FONWST/DkeC7i6iAemqGbCy2wrd/G97Rew+DswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWjVJhCtSIM1xs+i40f0tQQQ/XMMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvOWFOVW1FSzFJZ3pYR3o2TGpSX1MxQkJEOWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaFDMA0G
CSqGSIb3DQEBCwUAA4IBAQBSdLnjI9MOxBkStt5+aGtv0qUIq2xsH80YilYXHMt0
zGEcUoLqHXSB47jgbg6sQ0jtZFu3OsM74lSyNMruqtNtOY3G1J6Arh6K/DeM5yAr
WXMQNkHXenhHeeYOoIOZTXuMHHGQClkEKtvNtvORLracsxSawH8VGfvSVW9B5IPM
AZI/P60Y36K6zgr6O307TL0HZShZsE8/Pzh1p+6Q9UnSs4Ie0No94VINLnvP1lER
ORQpNIPkxGfLv1DLz4d1QPNf7f7rSfxwmemYG42z6h+X0/sm+6FFE/3adsR1UdHq
KbL9rEGHA4NgBcgZ0QYpFRvMbTSdGMIR8D3r2+c9SYu+
-----END CERTIFICATE-----
Generated at Tue May 13 08:17:18 2025 by rpki-client