Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/uizPX9Cd9iM0XDNjnbzwUrUvZpg.roa
File: uizPX9Cd9iM0XDNjnbzwUrUvZpg.roa (raw, json)
Hash identifier: 9PoBm2QRNYLCoqJ53URMhuqqRQdfkTYu5mDcyCvlO24=
Subject key identifier: BA:2C:CF:5F:D0:9D:F6:23:34:5C:33:63:9D:BC:F0:52:B5:2F:66:98
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 3805D2DC
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/uizPX9Cd9iM0XDNjnbzwUrUvZpg.roa
Signing time: Sun 20 Feb 2022 11:45:56 +0000
ROA not before: Sun 20 Feb 2022 11:45:56 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51235
IP address blocks: 185.136.182.0/24 maxlen: 24
185.136.183.0/24 maxlen: 24
185.136.180.0/24 maxlen: 24
185.136.181.0/24 maxlen: 24
185.107.244.0/24 maxlen: 24
185.107.245.0/24 maxlen: 24
185.107.246.0/24 maxlen: 24
185.107.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 939905756 (0x3805d2dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Feb 20 11:45:56 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ba2ccf5fd09df623345c33639dbcf052b52f6698
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:cf:be:73:46:09:85:50:47:b8:4b:e7:4a:c4:
9e:a2:19:6c:31:00:6f:74:d2:b5:9b:56:14:f3:ae:
40:ec:30:9e:8b:1a:e0:aa:cd:b9:5f:7d:ed:d5:5f:
08:cc:82:f3:fd:07:37:da:80:05:04:c8:f2:d8:21:
e8:72:e4:7f:0e:27:c1:92:dc:a7:0e:fe:8a:41:23:
98:fd:5d:6b:23:7c:85:20:8a:bb:de:78:52:e4:83:
2c:92:1c:f7:0b:80:da:8a:67:e5:55:2e:9a:4b:83:
bc:65:2a:8c:ad:d8:47:87:02:16:92:50:2d:3a:35:
79:a3:32:0f:28:03:d8:df:b4:8c:99:af:a8:77:89:
0d:b0:58:fd:26:bd:81:a7:10:1e:cd:c9:93:77:f0:
41:42:92:a4:8e:27:9c:0f:2f:77:2b:d6:13:ff:57:
6d:81:6d:2c:4e:2d:da:72:e5:d7:7d:a3:fe:fd:6e:
5a:54:c5:87:1c:7f:c7:b4:91:ec:46:7a:5f:6e:3e:
dc:90:56:d2:14:f4:5a:00:70:3f:c4:e9:d7:0a:d7:
e0:2a:dc:6a:48:e8:cb:07:75:a7:c5:76:36:27:be:
a4:11:de:71:eb:b2:ec:36:36:3e:bd:b8:0b:42:ed:
e7:02:7d:52:bb:e0:f9:9f:12:aa:18:ae:b1:24:dd:
b2:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:2C:CF:5F:D0:9D:F6:23:34:5C:33:63:9D:BC:F0:52:B5:2F:66:98
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/uizPX9Cd9iM0XDNjnbzwUrUvZpg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.107.244.0/22
185.136.180.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:0e:ae:c8:62:fb:7d:56:65:5d:43:84:03:1f:16:9e:c9:73:
e9:37:79:7c:6e:d2:76:09:17:54:22:64:b0:f2:09:c3:3c:4c:
28:89:bb:56:8f:4e:64:da:62:34:50:fb:54:f3:9c:f9:87:b0:
f5:af:0c:4a:15:49:62:04:29:ae:dd:85:15:3f:07:b7:95:57:
6b:85:80:b2:ec:c0:92:03:3d:6f:c4:e6:ee:ee:ef:81:47:52:
c8:49:0a:2a:65:1d:90:93:c3:8b:7f:a2:dd:35:13:57:f0:f9:
2b:02:d0:78:d2:56:35:6a:fd:16:88:fc:bc:b4:d2:3e:31:94:
cc:b8:fa:f9:f8:7e:5d:85:e0:b9:3c:42:66:78:d2:60:69:ef:
75:f1:4c:a3:89:19:d2:d1:93:4b:ca:a3:c1:84:e5:8d:ff:b7:
ec:60:b9:f4:fd:c6:0a:e8:db:91:2d:e5:f6:5f:0a:7c:fb:12:
2b:cd:ca:3a:b3:99:d8:27:23:d9:fd:eb:f7:f9:cf:67:94:81:
b5:d7:1d:25:2e:cd:fc:1d:b4:2f:1e:75:e5:95:ab:9e:2c:ea:
16:39:66:ce:46:bd:f7:53:c9:da:e5:de:4c:23:bb:63:b4:5c:
b1:15:e4:bb:0b:6c:78:56:c5:08:5a:0b:83:8a:0a:08:27:29:
64:e1:cc:42
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEOAXS3DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YTM5MmRmYzZiYTJkMzE4NmQzMjY5YzcwOTFiNzAxOTgxNTM0NWQzMB4XDTIyMDIy
MDExNDU1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmEyY2NmNWZkMDlk
ZjYyMzM0NWMzMzYzOWRiY2YwNTJiNTJmNjY5ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJXPvnNGCYVQR7hL50rEnqIZbDEAb3TStZtWFPOuQOwwnosa
4KrNuV997dVfCMyC8/0HN9qABQTI8tgh6HLkfw4nwZLcpw7+ikEjmP1dayN8hSCK
u954UuSDLJIc9wuA2opn5VUumkuDvGUqjK3YR4cCFpJQLTo1eaMyDygD2N+0jJmv
qHeJDbBY/Sa9gacQHs3Jk3fwQUKSpI4nnA8vdyvWE/9XbYFtLE4t2nLl132j/v1u
WlTFhxx/x7SR7EZ6X24+3JBW0hT0WgBwP8Tp1wrX4Crcakjoywd1p8V2Nie+pBHe
ceuy7DY2Pr24C0Lt5wJ9Urvg+Z8SqhiusSTdsr0CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBS6LM9f0J32IzRcM2OdvPBStS9mmDAfBgNVHSMEGDAWgBQaOS38a6LTGG0y
accJG3AZgVNF0zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dqa3RfR3VpMHhodE1tbkhDUnR3R1lGVFJkTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWUvMzJkODVkLWE3MTctNGQ2OC04MmE2LTJmMzY1ZjIyYTE4Yy8x
L3VpelBYOUNkOWlNMFhETmpuYnp3VXJVdlpwZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUv
MzJkODVkLWE3MTctNGQ2OC04MmE2LTJmMzY1ZjIyYTE4Yy8xL0dqa3RfR3VpMHho
dE1tbkhDUnR3R1lGVFJkTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArlr9AMEArmItDANBgkqhkiG9w0B
AQsFAAOCAQEATA6uyGL7fVZlXUOEAx8Wnslz6Td5fG7SdgkXVCJksPIJwzxMKIm7
Vo9OZNpiNFD7VPOc+Yew9a8MShVJYgQprt2FFT8Ht5VXa4WAsuzAkgM9b8Tm7u7v
gUdSyEkKKmUdkJPDi3+i3TUTV/D5KwLQeNJWNWr9Foj8vLTSPjGUzLj6+fh+XYXg
uTxCZnjSYGnvdfFMo4kZ0tGTS8qjwYTljf+37GC59P3GCujbkS3l9l8KfPsSK83K
OrOZ2Ccj2f3r9/nPZ5SBtdcdJS7N/B20Lx515ZWrnizqFjlmzka991PJ2uXeTCO7
Y7RcsRXkuwtseFbFCFoLg4oKCCcpZOHMQg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:10:25 2025 by rpki-client