Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/VLbar1V4Yok8hwFw7MzAgWgBvVE.roa
File: VLbar1V4Yok8hwFw7MzAgWgBvVE.roa (raw, json)
Hash identifier: C07fj1EyXpMZGheDXNpgh0L3vLLjZD8vHNcw7yoDwgo=
Subject key identifier: 54:B6:DA:AF:55:78:62:89:3C:87:01:70:EC:CC:C0:81:68:01:BD:51
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018573E861D2B104E1D38B1E123A269A96E7
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/VLbar1V4Yok8hwFw7MzAgWgBvVE.roa
Signing time: Mon 02 Jan 2023 19:14:47 +0000
ROA not before: Mon 02 Jan 2023 19:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 185.161.64.0/24 maxlen: 24
185.161.65.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:e8:61:d2:b1:04:e1:d3:8b:1e:12:3a:26:9a:96:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 2 19:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=54b6daaf557862893c870170ecccc0816801bd51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:e9:fd:e3:ac:56:bb:29:c1:3c:c1:f4:87:57:
8b:e7:ff:6b:28:83:4c:48:74:e4:86:d4:fe:78:09:
61:08:79:c6:d2:b0:9c:bd:f9:4d:98:af:2a:eb:b6:
62:6f:17:d9:4c:d1:69:87:d7:03:ae:c2:c4:32:17:
f9:64:41:8c:94:af:40:d3:16:69:bb:e8:6a:79:17:
54:9f:cb:2a:67:c2:2d:3a:00:cf:cd:fb:17:c8:db:
c9:b0:39:8b:e0:5a:eb:6c:cb:3a:ee:fe:3b:0f:41:
84:ce:9b:bb:51:d9:51:1d:0b:57:9f:d4:d7:fd:05:
10:9a:44:18:ff:70:87:16:41:dd:69:e3:ba:f4:b3:
87:ee:bc:b0:35:5b:e9:e0:c6:3c:dc:e7:23:ae:46:
91:07:70:6a:f8:a5:9b:38:6e:c5:9d:93:82:bc:a5:
4c:ba:f1:2e:94:51:d5:62:2f:8a:be:ce:18:3a:cc:
78:79:61:0c:86:3f:ad:40:b8:7b:25:14:df:65:dc:
a0:1b:d6:a5:75:d2:ed:26:04:05:36:fe:fa:e4:10:
3e:5a:ab:00:80:6c:43:52:9d:25:22:9b:47:81:69:
70:1d:06:ab:6a:c6:7d:01:d5:23:ba:8a:89:c7:7f:
d1:28:ff:c8:1a:27:4b:a3:59:d7:5e:ce:b3:14:d4:
66:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:B6:DA:AF:55:78:62:89:3C:87:01:70:EC:CC:C0:81:68:01:BD:51
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/VLbar1V4Yok8hwFw7MzAgWgBvVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.64.0/23
Signature Algorithm: sha256WithRSAEncryption
1c:64:b6:99:9a:d8:c7:eb:fb:e5:0b:35:63:ee:c3:7e:05:91:
5b:74:1a:75:4b:dd:32:0b:c6:aa:89:58:65:a3:3d:85:b2:67:
76:57:58:43:8e:95:a1:a8:a6:33:78:ab:7f:a1:b7:4e:14:8f:
5f:78:7b:f0:97:f4:1a:91:83:03:a9:5d:09:d1:cc:cc:c7:43:
aa:2d:1d:f7:89:50:29:a6:39:0e:00:0d:6f:e9:69:89:73:6e:
48:bd:10:04:0f:26:79:9c:93:34:9c:eb:bd:00:48:9c:74:d4:
8b:44:f8:6f:16:61:22:2b:47:18:8d:7f:37:ee:db:6e:1c:89:
d8:d0:8a:70:ee:8e:2a:6a:56:59:39:fd:7b:0f:f4:48:80:d6:
07:27:fd:46:f1:c8:ed:1d:cd:a1:f1:c5:96:53:ec:d9:74:60:
e3:c1:f2:1a:49:c6:58:ff:94:32:df:c6:8d:b8:f1:0c:d3:4c:
b4:06:9c:7b:bc:6f:2d:2c:d2:5b:03:11:73:7c:9a:13:ae:fe:
5a:42:9f:0d:75:00:09:ba:49:9b:eb:b6:70:42:b5:95:df:c5:
80:c1:5d:53:d0:da:53:a7:e5:16:70:83:84:92:99:c8:ce:98:
44:1d:6c:93:53:18:ca:7f:71:ae:82:d0:0c:f9:cb:a3:44:dd:
d9:4a:4b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVz6GHSsQTh04seEjommpbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMwMTAyMTkxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGI2ZGFhZjU1Nzg2Mjg5M2M4NzAxNzBlY2NjYzA4MTY4MDFiZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+n946xWuynBPMH0h1eL5/9rKINM
SHTkhtT+eAlhCHnG0rCcvflNmK8q67ZibxfZTNFph9cDrsLEMhf5ZEGMlK9A0xZp
u+hqeRdUn8sqZ8ItOgDPzfsXyNvJsDmL4FrrbMs67v47D0GEzpu7UdlRHQtXn9TX
/QUQmkQY/3CHFkHdaeO69LOH7rywNVvp4MY83OcjrkaRB3Bq+KWbOG7FnZOCvKVM
uvEulFHVYi+Kvs4YOsx4eWEMhj+tQLh7JRTfZdygG9alddLtJgQFNv765BA+WqsA
gGxDUp0lIptHgWlwHQarasZ9AdUjuoqJx3/RKP/IGidLo1nXXs6zFNRmvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFS22q9VeGKJPIcBcOzMwIFoAb1RMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvVkxiYXIxVjRZb2s4aHdGdzdNekFnV2dCdlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaFAMA0G
CSqGSIb3DQEBCwUAA4IBAQAcZLaZmtjH6/vlCzVj7sN+BZFbdBp1S90yC8aqiVhl
oz2Fsmd2V1hDjpWhqKYzeKt/obdOFI9feHvwl/QakYMDqV0J0czMx0OqLR33iVAp
pjkOAA1v6WmJc25IvRAEDyZ5nJM0nOu9AEicdNSLRPhvFmEiK0cYjX837ttuHInY
0Ipw7o4qalZZOf17D/RIgNYHJ/1G8cjtHc2h8cWWU+zZdGDjwfIaScZY/5Qy38aN
uPEM00y0Bpx7vG8tLNJbAxFzfJoTrv5aQp8NdQAJukmb67ZwQrWV38WAwV1T0NpT
p+UWcIOEkpnIzphEHWyTUxjKf3GugtAM+cujRN3ZSkvq
-----END CERTIFICATE-----
Generated at Mon May 12 22:59:12 2025 by rpki-client