Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/2bdcfe-172a-423e-8057-c924f8630fe4/1/bbDkhRzWUXPtN8rFcnD_aKJ6E9s.roa
File: bbDkhRzWUXPtN8rFcnD_aKJ6E9s.roa (raw, json)
Hash identifier: MT0KHcny9A5qv1OcNILUNQ6xaKFR+WD3Ph3/wj6dk+Q=
Subject key identifier: 6D:B0:E4:85:1C:D6:51:73:ED:37:CA:C5:72:70:FF:68:A2:7A:13:DB
Certificate issuer: /CN=d3bca2b8b27193069902a7c666436edc04ebfbc7
Certificate serial: 0194244588844D6D4AE8BB2ACE4FB6BEA809
Authority key identifier: D3:BC:A2:B8:B2:71:93:06:99:02:A7:C6:66:43:6E:DC:04:EB:FB:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07yiuLJxkwaZAqfGZkNu3ATr-8c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/2bdcfe-172a-423e-8057-c924f8630fe4/1/bbDkhRzWUXPtN8rFcnD_aKJ6E9s.roa
Signing time: Wed 01 Jan 2025 23:48:44 +0000
ROA not before: Wed 01 Jan 2025 23:48:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44477
IP address blocks: 185.33.24.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:88:84:4d:6d:4a:e8:bb:2a:ce:4f:b6:be:a8:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3bca2b8b27193069902a7c666436edc04ebfbc7
Validity
Not Before: Jan 1 23:48:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6db0e4851cd65173ed37cac57270ff68a27a13db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:14:38:74:95:72:6a:a5:5a:0c:5d:cc:c9:23:
d7:57:b4:14:e7:71:1a:39:d2:47:53:ed:03:05:fa:
dc:9f:f4:35:df:32:24:80:38:dd:68:35:f0:a0:9f:
98:88:d1:0f:b7:ae:2a:3d:fe:34:88:ac:c2:92:2d:
35:95:21:fd:bc:ca:07:99:38:3e:1b:a9:30:9e:8b:
75:ca:b2:ae:95:46:1b:28:af:f3:ca:c9:59:20:7f:
3a:8f:86:c6:e9:00:bc:bf:f8:99:79:46:ec:df:f0:
22:a7:3f:cf:39:b1:d7:23:7f:be:ae:52:0e:14:ea:
89:d4:9b:8c:ed:e1:35:a0:a3:d1:a0:82:7b:03:ed:
7b:ba:5e:53:0a:4d:97:5a:fc:3b:cf:cb:a3:5b:83:
28:fa:4c:03:c9:b9:9b:c1:7a:4d:c4:65:af:30:a6:
dd:97:2e:cb:c0:1b:fa:6e:7c:9e:ea:62:6d:ef:99:
44:07:1a:66:56:b5:a3:80:33:97:65:ab:08:c5:f3:
25:45:10:7a:55:56:d3:e0:92:f3:54:ad:4e:bc:ea:
45:ce:5a:86:0a:6c:75:89:a6:8f:a1:2c:f6:6c:31:
47:82:75:08:d3:a0:8d:f1:d0:fe:d2:25:2d:de:3d:
84:32:05:0a:d5:95:ec:af:e3:58:11:67:82:4d:5d:
1b:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:B0:E4:85:1C:D6:51:73:ED:37:CA:C5:72:70:FF:68:A2:7A:13:DB
X509v3 Authority Key Identifier:
keyid:D3:BC:A2:B8:B2:71:93:06:99:02:A7:C6:66:43:6E:DC:04:EB:FB:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07yiuLJxkwaZAqfGZkNu3ATr-8c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/2bdcfe-172a-423e-8057-c924f8630fe4/1/bbDkhRzWUXPtN8rFcnD_aKJ6E9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/2bdcfe-172a-423e-8057-c924f8630fe4/1/07yiuLJxkwaZAqfGZkNu3ATr-8c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.33.24.0/24
Signature Algorithm: sha256WithRSAEncryption
35:e1:7f:d4:0c:4d:c0:55:5d:9d:df:fd:e5:ee:01:fb:b4:5f:
51:24:8b:d0:a7:83:14:65:ab:a8:f8:6c:95:18:a2:bb:8c:a5:
12:2d:4e:4f:de:78:de:1e:72:6b:0f:7b:fa:0e:ca:cf:b4:23:
4b:e5:a0:8f:bd:a8:6e:2b:8d:40:93:4f:0b:76:dc:5d:cb:8b:
ea:fe:53:fa:ba:a9:df:87:c7:d2:e3:65:07:f8:bb:84:e4:c6:
30:56:5b:61:c0:e7:75:af:ec:fb:14:2f:0b:38:5a:10:f6:3b:
2e:60:47:93:3a:bc:ab:fa:39:02:7f:e3:94:b1:b1:da:65:3a:
1a:21:18:8a:c5:76:6d:e5:57:04:fa:6b:d7:d5:53:fe:25:bb:
b0:91:f7:cb:2b:11:f5:99:97:c7:d5:34:b4:fc:08:b7:37:68:
de:92:d6:76:27:46:21:e8:1a:3f:de:50:2a:38:8a:fd:79:eb:
29:1c:5b:c6:31:ed:91:f1:66:5d:88:62:eb:e8:84:7f:16:2f:
ed:5a:9f:31:ea:73:be:61:83:65:c4:a0:40:2e:c8:6f:e8:26:
4b:3c:33:68:52:d6:0e:d1:c0:ba:34:57:5e:50:3c:0a:d6:74:
e6:ba:6d:29:75:5c:ed:76:95:1e:0d:50:d8:75:b0:86:2f:5d:
7a:15:34:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYiETW1K6Lsqzk+2vqgJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYmNhMmI4YjI3MTkzMDY5OTAyYTdjNjY2NDM2ZWRjMDRl
YmZiYzcwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGIwZTQ4NTFjZDY1MTczZWQzN2NhYzU3MjcwZmY2OGEyN2ExM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxQ4dJVyaqVaDF3MySPXV7QU53Ea
OdJHU+0DBfrcn/Q13zIkgDjdaDXwoJ+YiNEPt64qPf40iKzCki01lSH9vMoHmTg+
G6kwnot1yrKulUYbKK/zyslZIH86j4bG6QC8v/iZeUbs3/Aipz/PObHXI3++rlIO
FOqJ1JuM7eE1oKPRoIJ7A+17ul5TCk2XWvw7z8ujW4Mo+kwDybmbwXpNxGWvMKbd
ly7LwBv6bnye6mJt75lEBxpmVrWjgDOXZasIxfMlRRB6VVbT4JLzVK1OvOpFzlqG
Cmx1iaaPoSz2bDFHgnUI06CN8dD+0iUt3j2EMgUK1ZXsr+NYEWeCTV0bMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2w5IUc1lFz7TfKxXJw/2iiehPbMB8GA1UdIwQY
MBaAFNO8oriycZMGmQKnxmZDbtwE6/vHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDd5aXVMSnhrd2FaQXFmR1prTnUzQVRyLThjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8yYmRjZmUtMTcyYS00MjNlLTgwNTct
YzkyNGY4NjMwZmU0LzEvYmJEa2hSeldVWFB0TjhyRmNuRF9hS0o2RTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8yYmRjZmUtMTcyYS00MjNlLTgwNTctYzkyNGY4NjMwZmU0
LzEvMDd5aXVMSnhrd2FaQXFmR1prTnUzQVRyLThjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSEYMA0G
CSqGSIb3DQEBCwUAA4IBAQA14X/UDE3AVV2d3/3l7gH7tF9RJIvQp4MUZauo+GyV
GKK7jKUSLU5P3njeHnJrD3v6DsrPtCNL5aCPvahuK41Ak08Ldtxdy4vq/lP6uqnf
h8fS42UH+LuE5MYwVlthwOd1r+z7FC8LOFoQ9jsuYEeTOryr+jkCf+OUsbHaZToa
IRiKxXZt5VcE+mvX1VP+JbuwkffLKxH1mZfH1TS0/Ai3N2jektZ2J0Yh6Bo/3lAq
OIr9eespHFvGMe2R8WZdiGLr6IR/Fi/tWp8x6nO+YYNlxKBALshv6CZLPDNoUtYO
0cC6NFdeUDwK1nTmum0pdVztdpUeDVDYdbCGL116FTT+
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:20:58 2025 by rpki-client