Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/kmc0TAm1zByDrl22AQ21Otg76mI.roa
File: kmc0TAm1zByDrl22AQ21Otg76mI.roa (raw, json)
Hash identifier: JZ4iET++LFFwJ9j+m8lQ+cqroh1tHpd6oorWL2nFQTQ=
Subject key identifier: 92:67:34:4C:09:B5:CC:1C:83:AE:5D:B6:01:0D:B5:3A:D8:3B:EA:62
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01856D4AAB709F30428F2A1591BE808E5279
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/kmc0TAm1zByDrl22AQ21Otg76mI.roa
Signing time: Sun 01 Jan 2023 12:24:48 +0000
ROA not before: Sun 01 Jan 2023 12:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49581
IP address blocks: 87.117.150.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:ab:70:9f:30:42:8f:2a:15:91:be:80:8e:52:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 12:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9267344c09b5cc1c83ae5db6010db53ad83bea62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:ca:e7:65:c4:d3:3b:cf:3a:32:e9:0c:e1:e3:
bb:c6:7f:c0:5e:0d:40:80:ef:dd:82:07:0d:89:eb:
70:d0:96:ab:9b:87:a9:39:53:75:24:cf:d3:64:a3:
21:a9:a2:0a:b3:28:6c:c4:9a:22:20:94:2e:cc:01:
fb:17:dd:65:95:7c:4c:da:f6:2c:bc:78:44:67:2a:
2b:38:a9:d5:0a:30:d6:ec:df:55:1a:c0:a8:66:31:
fb:e3:b1:72:f4:0e:95:3b:75:ff:26:21:89:01:3c:
92:5d:67:18:41:92:4a:ca:b1:29:af:87:b8:00:24:
61:13:14:e4:f1:2f:1e:35:37:f6:08:b3:7d:92:85:
80:cd:12:bd:3b:89:97:d5:a7:82:17:92:4a:ee:47:
4b:86:21:32:8d:b5:6b:35:82:ea:aa:65:1a:07:6f:
46:ca:b5:8f:77:0f:14:93:87:82:b8:99:8d:43:ea:
7d:41:51:82:d6:67:59:72:92:cf:08:e3:0b:c2:b1:
2d:9c:04:d2:ec:85:ae:cb:cf:13:07:d6:53:fc:fc:
14:8d:f8:5d:8c:84:dd:62:5b:44:87:4c:ce:a9:1e:
a3:71:ec:26:e3:18:05:7c:b1:45:6c:e0:53:bc:20:
ca:19:94:e7:1b:34:75:4f:f2:de:02:75:d3:b1:8e:
d9:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:67:34:4C:09:B5:CC:1C:83:AE:5D:B6:01:0D:B5:3A:D8:3B:EA:62
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/kmc0TAm1zByDrl22AQ21Otg76mI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.117.150.0/24
Signature Algorithm: sha256WithRSAEncryption
56:70:3e:2a:87:9d:33:50:19:6d:45:df:2d:ad:f7:0c:7c:a2:
89:ed:19:03:e4:56:f0:fa:70:8e:f6:48:9c:b2:b2:28:08:96:
fc:df:21:a9:9a:6b:f3:b7:15:f1:71:92:f8:19:c6:75:5e:2f:
e0:45:43:9d:b0:37:eb:ae:05:48:4c:c1:eb:1f:02:10:5c:6c:
61:9d:c3:25:64:ab:31:1c:44:02:b8:53:18:62:75:1c:35:7c:
38:db:bb:0a:0d:92:94:13:ba:f9:a4:5b:48:d9:9d:25:a8:01:
05:99:6c:1d:10:b9:fd:05:24:89:88:6e:24:a9:6a:91:73:10:
61:be:64:c3:31:e5:f9:99:4a:6a:bf:f4:d3:10:77:ea:61:b1:
35:0d:02:6b:34:00:f7:45:f3:f9:f8:93:d2:87:d8:c5:db:f6:
27:bb:15:6d:8a:10:9b:6e:3c:1b:bf:34:52:75:0e:a8:1a:0c:
12:dd:f2:bf:89:b0:22:74:c5:f7:f3:9e:7f:ca:d9:55:c7:4e:
8b:d3:9f:b4:97:1b:8e:ee:aa:23:bb:19:10:82:f6:88:e3:b3:
ef:a7:49:ab:7b:ea:00:df:c5:49:a9:65:9b:57:76:2d:30:4f:
9f:00:49:f0:77:65:0f:b6:97:c3:ad:ac:e8:47:65:07:c6:a8:
1f:58:f9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtSqtwnzBCjyoVkb6AjlJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMTAxMTIyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY3MzQ0YzA5YjVjYzFjODNhZTVkYjYwMTBkYjUzYWQ4M2JlYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MrnZcTTO886MukM4eO7xn/AXg1A
gO/dggcNietw0Jarm4epOVN1JM/TZKMhqaIKsyhsxJoiIJQuzAH7F91llXxM2vYs
vHhEZyorOKnVCjDW7N9VGsCoZjH747Fy9A6VO3X/JiGJATySXWcYQZJKyrEpr4e4
ACRhExTk8S8eNTf2CLN9koWAzRK9O4mX1aeCF5JK7kdLhiEyjbVrNYLqqmUaB29G
yrWPdw8Uk4eCuJmNQ+p9QVGC1mdZcpLPCOMLwrEtnATS7IWuy88TB9ZT/PwUjfhd
jITdYltEh0zOqR6jcewm4xgFfLFFbOBTvCDKGZTnGzR1T/LeAnXTsY7Z6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJnNEwJtcwcg65dtgENtTrYO+piMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEva21jMFRBbTF6QnlEcmwyMkFRMjFPdGc3Nm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3WWMA0G
CSqGSIb3DQEBCwUAA4IBAQBWcD4qh50zUBltRd8trfcMfKKJ7RkD5Fbw+nCO9kic
srIoCJb83yGpmmvztxXxcZL4GcZ1Xi/gRUOdsDfrrgVITMHrHwIQXGxhncMlZKsx
HEQCuFMYYnUcNXw427sKDZKUE7r5pFtI2Z0lqAEFmWwdELn9BSSJiG4kqWqRcxBh
vmTDMeX5mUpqv/TTEHfqYbE1DQJrNAD3RfP5+JPSh9jF2/YnuxVtihCbbjwbvzRS
dQ6oGgwS3fK/ibAidMX3855/ytlVx06L05+0lxuO7qojuxkQgvaI47Pvp0mre+oA
38VJqWWbV3YtME+fAEnwd2UPtpfDrazoR2UHxqgfWPlj
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:44:20 2025 by rpki-client