Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/bHZNOEuYjuexPpGY0ATDNmRN8Zc.roa
File: bHZNOEuYjuexPpGY0ATDNmRN8Zc.roa (raw, json)
Hash identifier: Q2NVVIfC7GfTIYhXd69qblpXXoVzL3Z4LLNqd9pJMv4=
Subject key identifier: 6C:76:4D:38:4B:98:8E:E7:B1:3E:91:98:D0:04:C3:36:64:4D:F1:97
Certificate issuer: /CN=47b80caa97c13147d680c80976f8a4b15cade04f
Certificate serial: 019420D5B41C710AB793F44224DC0045EAF2
Authority key identifier: 47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/bHZNOEuYjuexPpGY0ATDNmRN8Zc.roa
Signing time: Wed 01 Jan 2025 07:47:43 +0000
ROA not before: Wed 01 Jan 2025 07:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 185.161.122.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:b4:1c:71:0a:b7:93:f4:42:24:dc:00:45:ea:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47b80caa97c13147d680c80976f8a4b15cade04f
Validity
Not Before: Jan 1 07:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6c764d384b988ee7b13e9198d004c336644df197
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:9d:30:74:af:ca:bd:73:73:31:86:96:83:26:
b8:b1:4b:86:1a:75:a5:fd:1b:68:77:c4:70:69:8f:
55:f8:4b:56:35:38:02:8f:7a:4a:83:b4:3c:1d:97:
ef:f8:9a:fd:28:f1:d1:49:4d:c1:65:be:2e:20:0a:
17:da:1e:e4:b0:04:ef:92:e4:c6:de:95:e5:87:ac:
ca:84:e6:9e:1b:f3:6a:3a:6b:16:24:24:f2:c2:d1:
18:21:aa:b7:7b:91:66:35:4f:a7:77:9f:3b:72:4f:
4e:e9:a3:b4:b8:3e:13:bb:a7:06:45:fc:c7:a0:69:
a5:e9:fc:3d:17:7b:59:9a:06:94:46:cd:49:8a:64:
81:53:71:cf:b7:c1:74:5d:98:2e:20:e8:d8:f8:5b:
f6:ba:1d:a0:31:95:5b:04:6a:48:dd:79:9f:2c:f5:
5d:d6:09:1a:c1:d7:73:0d:e1:56:b3:1e:41:ad:12:
35:dd:e1:1c:8b:9a:da:cd:cb:ae:bd:17:7f:28:87:
55:6e:a8:ed:9b:96:da:ed:7d:46:96:9b:39:a7:48:
f9:57:55:69:08:9a:d5:13:44:19:88:b6:66:a8:b2:
d2:f8:15:67:8d:dd:35:e6:9a:0b:20:34:df:e8:98:
12:90:e2:ae:32:55:b8:a7:83:b2:4d:e5:2c:f6:72:
06:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:76:4D:38:4B:98:8E:E7:B1:3E:91:98:D0:04:C3:36:64:4D:F1:97
X509v3 Authority Key Identifier:
keyid:47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/bHZNOEuYjuexPpGY0ATDNmRN8Zc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.122.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:cf:c5:f6:03:9b:a1:8e:ab:9c:ae:9b:8b:c1:47:bb:3c:0d:
63:4f:ef:87:de:fc:bd:0d:ab:bb:f4:0a:ed:5a:64:9d:be:53:
aa:be:a4:4c:57:a3:7e:63:8b:4b:26:92:5b:4e:86:48:33:c2:
f4:3d:d6:eb:ad:80:d4:14:74:fd:b1:94:46:70:11:ac:9f:79:
67:17:74:7e:2b:55:5a:f1:1e:92:b8:a6:17:78:c6:ac:f9:60:
14:4a:6f:66:18:01:b7:7f:7c:76:fe:d9:13:91:31:d3:6e:c9:
1c:ce:9f:5e:5c:fa:a3:89:1b:4d:87:56:63:51:f9:27:31:da:
ff:b9:b7:8e:5c:70:2a:f6:93:a1:82:49:a5:11:aa:db:ab:f8:
42:c0:c9:65:0e:be:10:2f:54:ee:9c:78:ab:20:e5:0f:13:5b:
c7:6d:af:9d:ef:da:4a:85:20:8d:57:65:e6:55:04:81:1d:6c:
f1:97:3a:68:fd:f6:b4:49:da:00:4f:1a:0a:01:85:7b:53:29:
4c:a1:70:92:f8:26:2d:fd:df:e9:00:e5:e0:42:5c:4a:58:fe:
de:1e:3d:40:ea:1d:03:de:1b:01:4c:a9:ad:31:8f:b6:18:95:
fc:b8:a3:dc:c1:3f:d8:33:95:67:36:6d:51:c7:9b:99:0d:05:
c5:16:6d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bQccQq3k/RCJNwAReryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YjgwY2FhOTdjMTMxNDdkNjgwYzgwOTc2ZjhhNGIxNWNh
ZGUwNGYwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc2NGQzODRiOTg4ZWU3YjEzZTkxOThkMDA0YzMzNjY0NGRmMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt50wdK/KvXNzMYaWgya4sUuGGnWl
/Rtod8RwaY9V+EtWNTgCj3pKg7Q8HZfv+Jr9KPHRSU3BZb4uIAoX2h7ksATvkuTG
3pXlh6zKhOaeG/NqOmsWJCTywtEYIaq3e5FmNU+nd587ck9O6aO0uD4Tu6cGRfzH
oGml6fw9F3tZmgaURs1JimSBU3HPt8F0XZguIOjY+Fv2uh2gMZVbBGpI3XmfLPVd
1gkawddzDeFWsx5BrRI13eEci5razcuuvRd/KIdVbqjtm5ba7X1Glps5p0j5V1Vp
CJrVE0QZiLZmqLLS+BVnjd015poLIDTf6JgSkOKuMlW4p4OyTeUs9nIGuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGx2TThLmI7nsT6RmNAEwzZkTfGXMB8GA1UdIwQY
MBaAFEe4DKqXwTFH1oDICXb4pLFcreBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAt
MTBlMjRlOWQwZmE3LzEvYkhaTk9FdVlqdWV4UHBHWTBBVERObVJOOFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAtMTBlMjRlOWQwZmE3
LzEvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF6MA0G
CSqGSIb3DQEBCwUAA4IBAQChz8X2A5uhjqucrpuLwUe7PA1jT++H3vy9Dau79Art
WmSdvlOqvqRMV6N+Y4tLJpJbToZIM8L0PdbrrYDUFHT9sZRGcBGsn3lnF3R+K1Va
8R6SuKYXeMas+WAUSm9mGAG3f3x2/tkTkTHTbskczp9eXPqjiRtNh1ZjUfknMdr/
ubeOXHAq9pOhgkmlEarbq/hCwMllDr4QL1TunHirIOUPE1vHba+d79pKhSCNV2Xm
VQSBHWzxlzpo/fa0SdoATxoKAYV7UylMoXCS+CYt/d/pAOXgQlxKWP7eHj1A6h0D
3hsBTKmtMY+2GJX8uKPcwT/YM5VnNm1Rx5uZDQXFFm1q
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:52:18 2025 by rpki-client