Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/Hd-FpI9ySMtdOC6onXoDMYWbYp4.roa
File: Hd-FpI9ySMtdOC6onXoDMYWbYp4.roa (raw, json)
Hash identifier: lbpRJLZItrNN6pIhqKSqDA0GqAoJrVtlutMCoxliw/o=
Subject key identifier: 1D:DF:85:A4:8F:72:48:CB:5D:38:2E:A8:9D:7A:03:31:85:9B:62:9E
Certificate issuer: /CN=864abd435f899d570a8e5fb83bdad1153455dee0
Certificate serial: 340131A0
Authority key identifier: 86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/Hd-FpI9ySMtdOC6onXoDMYWbYp4.roa
Signing time: Sat 01 Jan 2022 14:57:16 +0000
ROA not before: Sat 01 Jan 2022 14:57:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 38924
IP address blocks: 95.87.0.0/18 maxlen: 24
185.35.176.0/22 maxlen: 24
2a00:fc40::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 872493472 (0x340131a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=864abd435f899d570a8e5fb83bdad1153455dee0
Validity
Not Before: Jan 1 14:57:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1ddf85a48f7248cb5d382ea89d7a0331859b629e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ab:f7:2e:3d:5a:32:6b:70:75:7f:66:3c:cf:
9f:8f:d5:f0:a7:97:1a:17:d0:ad:85:97:e2:d8:f5:
ac:11:90:7f:3a:2f:5e:1b:aa:52:78:4a:40:9d:2f:
75:9f:34:3d:08:ef:f6:c0:3f:ed:ee:fb:3b:27:53:
05:90:9b:69:9b:1a:38:74:f0:72:83:b9:7a:38:a8:
15:8f:81:0a:84:a9:9d:cc:58:ad:95:58:eb:55:82:
37:b6:27:f7:e7:4f:fe:20:02:7b:09:79:77:06:7c:
ef:50:0d:78:36:e9:e2:ed:a6:39:1a:f1:fe:c2:94:
86:9b:25:ab:dd:4e:0b:25:c5:cd:90:b5:51:1c:33:
ff:ee:1f:fd:5b:56:3a:b2:e4:bd:ac:28:50:0b:c0:
a6:65:6f:5a:46:2b:da:6d:68:cb:b5:ea:5e:f7:6d:
b5:72:2a:dd:f8:63:7f:2f:9c:73:08:b1:e6:81:ce:
2d:3a:67:57:32:60:b5:30:13:9f:8a:6b:53:22:28:
f4:03:1b:e1:8b:f4:5b:c3:2c:6b:28:15:8d:1b:b2:
56:c3:c5:a8:e9:d1:2b:fb:37:4e:6e:3a:90:e9:2b:
b4:a0:48:39:ba:1f:69:ee:11:bf:67:5f:61:49:a1:
1e:d6:11:fc:a0:85:45:d0:23:7a:64:b5:30:ed:5c:
6d:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:DF:85:A4:8F:72:48:CB:5D:38:2E:A8:9D:7A:03:31:85:9B:62:9E
X509v3 Authority Key Identifier:
keyid:86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/Hd-FpI9ySMtdOC6onXoDMYWbYp4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.87.0.0/18
185.35.176.0/22
IPv6:
2a00:fc40::/32
Signature Algorithm: sha256WithRSAEncryption
57:dd:91:33:13:47:fc:78:ee:81:7d:38:14:69:ae:23:1d:0c:
f5:08:98:cd:ef:e6:01:a7:15:70:1e:19:fe:24:d3:30:32:93:
fb:3a:93:66:54:2f:32:e1:dc:3b:e6:8c:31:8a:fc:e0:4b:07:
f6:e8:64:49:76:d6:8b:c1:17:7a:77:08:f9:f2:2e:e9:c2:f6:
0a:34:af:6b:c2:e1:71:4e:60:ee:9d:63:ce:6c:22:7c:af:27:
b3:33:c0:04:4e:e2:7b:da:1e:36:a0:ae:be:1a:90:d7:ae:d7:
39:33:28:0b:65:59:df:62:d6:f5:c0:51:bf:9c:97:2e:73:7e:
a6:4b:34:2b:d4:8a:9b:11:3d:21:ac:e6:02:b6:12:b4:0f:54:
89:eb:ae:de:d8:f3:07:cb:8e:b3:7f:61:3e:42:d7:eb:ce:a6:
79:ce:73:cd:a2:71:79:31:cb:22:b7:cf:3d:fa:f1:7b:88:6d:
1d:3d:4f:1c:7b:1d:69:32:d9:b1:13:28:b6:28:e1:f2:47:4c:
4f:2b:92:0c:be:77:0f:e8:79:ef:89:6e:9a:cd:83:9a:ea:6c:
fe:6f:e6:81:eb:f3:b2:9e:e9:e9:6f:7a:64:0e:44:89:54:88:
ce:e3:c8:39:67:f4:f2:3b:75:88:23:e6:e3:d2:77:5d:51:45:
cf:eb:d2:78
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIENAExoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NjRhYmQ0MzVmODk5ZDU3MGE4ZTVmYjgzYmRhZDExNTM0NTVkZWUwMB4XDTIyMDEw
MTE0NTcxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWRkZjg1YTQ4Zjcy
NDhjYjVkMzgyZWE4OWQ3YTAzMzE4NTliNjI5ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqr9y49WjJrcHV/ZjzPn4/V8KeXGhfQrYWX4tj1rBGQfzov
XhuqUnhKQJ0vdZ80PQjv9sA/7e77OydTBZCbaZsaOHTwcoO5ejioFY+BCoSpncxY
rZVY61WCN7Yn9+dP/iACewl5dwZ871ANeDbp4u2mORrx/sKUhpslq91OCyXFzZC1
URwz/+4f/VtWOrLkvawoUAvApmVvWkYr2m1oy7XqXvdttXIq3fhjfy+ccwix5oHO
LTpnVzJgtTATn4prUyIo9AMb4Yv0W8MsaygVjRuyVsPFqOnRK/s3Tm46kOkrtKBI
Obofae4Rv2dfYUmhHtYR/KCFRdAjemS1MO1cbXsCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQd34Wkj3JIy104LqidegMxhZtinjAfBgNVHSMEGDAWgBSGSr1DX4mdVwqO
X7g72tEVNFXe4DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hrcTlRMS1KblZjS2psLTRPOXJSRlRSVjN1QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmEvM2YxMzNmLTFjODEtNGE0Yi1hMjU1LTNlMzY0NjU5MWFhMC8x
L0hkLUZwSTl5U010ZE9DNm9uWG9ETVlXYllwNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEv
M2YxMzNmLTFjODEtNGE0Yi1hMjU1LTNlMzY0NjU5MWFhMC8xL2hrcTlRMS1KblZj
S2psLTRPOXJSRlRSVjN1QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBl9XAAMEArkjsDANBAIAAjAHAwUA
KgD8QDANBgkqhkiG9w0BAQsFAAOCAQEAV92RMxNH/HjugX04FGmuIx0M9QiYze/m
AacVcB4Z/iTTMDKT+zqTZlQvMuHcO+aMMYr84EsH9uhkSXbWi8EXencI+fIu6cL2
CjSva8LhcU5g7p1jzmwifK8nszPABE7ie9oeNqCuvhqQ167XOTMoC2VZ32LW9cBR
v5yXLnN+pks0K9SKmxE9IazmArYStA9Uieuu3tjzB8uOs39hPkLX686mec5zzaJx
eTHLIrfPPfrxe4htHT1PHHsdaTLZsRMotijh8kdMTyuSDL53D+h574lums2Dmups
/m/mgevzsp7p6W96ZA5EiVSIzuPIOWf08jt1iCPm49J3XVFFz+vSeA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:57:12 2025 by rpki-client