Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/tK4cZWGlUcFqja4VxvhBpf1gmFg.roa
File: tK4cZWGlUcFqja4VxvhBpf1gmFg.roa (raw, json)
Hash identifier: Kp8cv+Il4It8n4tjjzlhcHpIbe4y8ojMovCoOlj2byM=
Subject key identifier: B4:AE:1C:65:61:A5:51:C1:6A:8D:AE:15:C6:F8:41:A5:FD:60:98:58
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 01824585F5A5C90A0C4A13D2F43DCBBE186B
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/tK4cZWGlUcFqja4VxvhBpf1gmFg.roa
Signing time: Thu 28 Jul 2022 15:56:23 +0000
ROA not before: Thu 28 Jul 2022 15:56:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 266820
IP address blocks: 149.154.184.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:45:85:f5:a5:c9:0a:0c:4a:13:d2:f4:3d:cb:be:18:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jul 28 15:56:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b4ae1c6561a551c16a8dae15c6f841a5fd609858
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:4e:e5:05:21:5d:21:5c:5d:f7:d1:93:3c:42:
57:00:8a:03:cf:f4:d2:5d:77:ff:58:c1:fc:18:d3:
7b:eb:05:72:18:4b:bd:b8:09:e7:ef:46:6c:17:0e:
ff:ad:d0:cb:bd:dd:92:e3:44:9b:a6:bd:25:ca:ed:
23:df:da:2c:f2:44:69:93:e8:33:57:8d:d5:de:cd:
36:51:e2:00:55:f1:a5:2f:ed:76:82:fe:cc:a5:8c:
39:fa:ca:39:5a:79:b9:27:e0:7d:6e:9a:5f:1a:50:
28:23:2a:a6:76:a7:f4:f6:7a:3c:56:42:11:d4:cb:
31:40:33:ae:17:2c:c2:d1:e8:a0:9b:cc:fa:ee:f6:
4f:98:e4:98:4a:4e:c5:d2:bd:95:0b:95:63:12:b0:
95:37:2f:8e:15:b8:5c:88:f4:10:c1:3a:b6:52:b3:
00:2f:f3:d5:33:6b:1c:75:bc:dd:2d:9c:68:31:00:
7e:dd:f3:b8:04:1d:ea:c9:04:08:cc:43:b0:95:14:
48:38:7f:65:cf:64:77:cb:a0:7a:6b:06:10:5d:4c:
ec:3b:07:25:2a:01:fa:f1:0e:ef:c1:e6:de:67:fa:
6a:17:c3:b0:4e:1a:e8:75:14:4c:0b:15:8a:d7:ca:
28:b8:d3:6f:ce:94:3a:ba:ff:e7:0e:b8:12:e2:f5:
2b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:AE:1C:65:61:A5:51:C1:6A:8D:AE:15:C6:F8:41:A5:FD:60:98:58
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/tK4cZWGlUcFqja4VxvhBpf1gmFg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.154.184.0/22
Signature Algorithm: sha256WithRSAEncryption
8e:29:ca:f0:62:01:5a:13:62:e4:01:dc:1d:21:65:b0:b8:e6:
20:74:98:9f:95:a8:e0:03:b4:fc:d4:69:b4:3c:f1:83:41:11:
07:c6:93:9f:6a:ba:7f:f4:91:c2:22:d1:8d:9b:d0:da:40:28:
02:be:5b:30:73:e2:d4:5d:a9:3b:f9:27:4a:b7:11:0e:2a:cf:
d7:ae:91:d5:bc:e3:c5:36:e1:6d:c2:4f:e1:b0:8f:e2:00:90:
5c:a4:b3:3e:bb:9c:d2:a4:f9:da:eb:c4:df:c8:8f:c0:87:cc:
c3:1d:8d:31:63:ae:14:39:74:5e:3c:be:1a:a9:11:0a:44:c8:
3c:0e:9d:52:9c:71:b6:e4:f0:98:43:34:f8:2e:2c:b3:2b:32:
18:65:05:06:0c:e6:d5:b1:d9:f5:d3:6d:45:1b:4f:65:a8:6a:
d5:7c:5d:64:04:e2:a4:da:20:e4:0f:87:4f:ad:ae:13:c8:e1:
fa:90:5e:7e:31:5c:8a:43:ca:a4:a8:44:eb:f5:66:11:ce:c2:
6e:8a:ac:58:7a:d7:7c:77:69:b7:91:60:f3:fd:64:cf:10:95:
e3:cc:81:3c:cd:9c:d1:27:34:c6:71:d3:ce:6a:29:d6:71:d1:
74:ee:95:03:57:eb:61:72:6b:0f:b6:e6:a4:5c:7e:0e:57:a5:
68:8e:18:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYJFhfWlyQoMShPS9D3LvhhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjIwNzI4MTU1NjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFlMWM2NTYxYTU1MWMxNmE4ZGFlMTVjNmY4NDFhNWZkNjA5ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU7lBSFdIVxd99GTPEJXAIoDz/TS
XXf/WMH8GNN76wVyGEu9uAnn70ZsFw7/rdDLvd2S40Sbpr0lyu0j39os8kRpk+gz
V43V3s02UeIAVfGlL+12gv7MpYw5+so5Wnm5J+B9bppfGlAoIyqmdqf09no8VkIR
1MsxQDOuFyzC0eigm8z67vZPmOSYSk7F0r2VC5VjErCVNy+OFbhciPQQwTq2UrMA
L/PVM2scdbzdLZxoMQB+3fO4BB3qyQQIzEOwlRRIOH9lz2R3y6B6awYQXUzsOwcl
KgH68Q7vwebeZ/pqF8OwThrodRRMCxWK18oouNNvzpQ6uv/nDrgS4vUrpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSuHGVhpVHBao2uFcb4QaX9YJhYMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvdEs0Y1pXR2xVY0ZxamE0Vnh2aEJwZjFnbUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClZq4MA0G
CSqGSIb3DQEBCwUAA4IBAQCOKcrwYgFaE2LkAdwdIWWwuOYgdJiflajgA7T81Gm0
PPGDQREHxpOfarp/9JHCItGNm9DaQCgCvlswc+LUXak7+SdKtxEOKs/XrpHVvOPF
NuFtwk/hsI/iAJBcpLM+u5zSpPna68TfyI/Ah8zDHY0xY64UOXRePL4aqREKRMg8
Dp1SnHG25PCYQzT4LiyzKzIYZQUGDObVsdn1021FG09lqGrVfF1kBOKk2iDkD4dP
ra4TyOH6kF5+MVyKQ8qkqETr9WYRzsJuiqxYetd8d2m3kWDz/WTPEJXjzIE8zZzR
JzTGcdPOainWcdF07pUDV+thcmsPtuakXH4OV6Vojhhu
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:24:52 2025 by rpki-client