Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/fbpcb2p19Hx_3hrg_4KuIqWUiPw.roa
File: fbpcb2p19Hx_3hrg_4KuIqWUiPw.roa (raw, json)
Hash identifier: TfiVNzxR9BSF2RuvJmtnQQ+HWDywFN5iQJKWz/pcuFQ=
Subject key identifier: 7D:BA:5C:6F:6A:75:F4:7C:7F:DE:1A:E0:FF:82:AE:22:A5:94:88:FC
Certificate issuer: /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial: 0194221F2DCF1DD115DC8B1602011E06CC12
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/fbpcb2p19Hx_3hrg_4KuIqWUiPw.roa
Signing time: Wed 01 Jan 2025 13:47:36 +0000
ROA not before: Wed 01 Jan 2025 13:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 45033
IP address blocks: 185.43.128.0/24 maxlen: 24
185.43.130.0/24 maxlen: 24
185.43.131.0/24 maxlen: 24
185.138.196.0/24 maxlen: 24
185.138.197.0/24 maxlen: 24
185.138.198.0/24 maxlen: 24
185.138.199.0/24 maxlen: 24
2a07:f80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:2d:cf:1d:d1:15:dc:8b:16:02:01:1e:06:cc:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Validity
Not Before: Jan 1 13:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7dba5c6f6a75f47c7fde1ae0ff82ae22a59488fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:b5:06:6c:7e:32:c1:92:7d:f5:b3:e2:61:db:
a4:44:b4:27:09:1e:51:09:db:50:0b:ea:df:32:1d:
ab:37:61:a9:c0:1e:31:c8:3c:18:31:64:ce:00:67:
99:fa:16:e6:fc:dc:ea:f9:1e:00:31:46:48:ff:98:
f9:ec:c9:f8:df:93:c0:43:52:76:47:71:5a:b9:9b:
02:5c:e8:e4:0c:08:31:0b:2a:30:e2:e7:bc:58:fc:
da:d0:93:fc:88:43:3b:dd:88:96:29:1e:bc:88:f0:
fc:22:98:09:ce:55:07:c9:46:42:3a:37:1e:18:1d:
0e:f7:b5:ff:28:f8:92:28:8e:37:8b:59:8d:ec:cb:
ed:03:97:75:9c:78:5c:fe:30:11:b7:ad:b3:08:53:
fb:0e:47:97:8c:09:61:da:6c:c5:05:55:07:16:73:
68:74:24:ff:61:f2:c4:24:29:f4:28:2a:9f:c9:25:
09:99:13:b0:5f:35:38:e1:6d:f9:5f:4e:0a:38:d2:
8c:37:69:4a:12:d4:16:c9:30:df:35:a7:55:60:a8:
03:4c:41:01:30:28:bc:e6:59:21:55:b2:d8:11:56:
02:db:fa:1b:5a:06:e4:14:51:1f:bd:43:60:ab:54:
ee:38:c5:d9:b9:28:bd:0e:32:71:ef:75:b8:41:b6:
db:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:BA:5C:6F:6A:75:F4:7C:7F:DE:1A:E0:FF:82:AE:22:A5:94:88:FC
X509v3 Authority Key Identifier:
keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/fbpcb2p19Hx_3hrg_4KuIqWUiPw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.43.128.0/24
185.43.130.0/23
185.138.196.0/22
IPv6:
2a07:f80::/29
Signature Algorithm: sha256WithRSAEncryption
24:b2:cb:af:14:f6:97:74:c4:81:59:8f:1e:34:b3:d9:45:41:
7b:02:26:5a:ba:b7:c0:29:32:04:93:6e:fe:84:74:0b:49:ee:
5a:9c:bc:56:71:50:91:3c:81:81:7c:19:a7:e1:64:bc:ab:08:
4d:6b:dd:af:c1:53:21:25:a3:c2:1f:d0:23:d9:41:10:97:7b:
a7:b2:66:67:3c:74:59:0a:25:77:05:2f:e0:a7:57:ad:4e:d5:
db:96:84:10:20:32:06:80:23:a3:ec:e0:4e:87:4d:8b:1d:8c:
b0:cf:28:57:f6:5e:dc:c4:3e:50:4e:04:43:f9:30:f1:ab:bc:
d4:3a:25:64:98:1f:9c:98:74:4b:c0:de:ff:ed:82:20:3d:10:
81:a0:c6:8a:44:59:e6:e8:4a:e7:64:c7:8c:98:c8:c1:3f:07:
95:5f:96:7c:52:ee:99:2e:fc:b3:12:97:3d:9c:2a:51:dd:b2:
3e:68:e0:b8:4f:33:cd:a9:40:40:7f:db:8f:57:2e:b6:5e:a9:
c5:95:ed:e6:a7:db:73:1a:1b:fd:09:95:24:c3:df:9a:f4:b0:
99:7b:ca:2c:7a:7b:0e:de:05:88:60:49:2e:3a:e9:0d:e3:c2:
b5:c5:56:60:57:96:3b:24:cd:23:01:25:ee:85:95:6b:84:6b:
e5:dc:6b:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQiHy3PHdEV3IsWAgEeBswSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjUwMTAxMTM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJhNWM2ZjZhNzVmNDdjN2ZkZTFhZTBmZjgyYWUyMmE1OTQ4OGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LUGbH4ywZJ99bPiYdukRLQnCR5R
CdtQC+rfMh2rN2GpwB4xyDwYMWTOAGeZ+hbm/Nzq+R4AMUZI/5j57Mn435PAQ1J2
R3FauZsCXOjkDAgxCyow4ue8WPza0JP8iEM73YiWKR68iPD8IpgJzlUHyUZCOjce
GB0O97X/KPiSKI43i1mN7MvtA5d1nHhc/jARt62zCFP7DkeXjAlh2mzFBVUHFnNo
dCT/YfLEJCn0KCqfySUJmROwXzU44W35X04KONKMN2lKEtQWyTDfNadVYKgDTEEB
MCi85lkhVbLYEVYC2/obWgbkFFEfvUNgq1TuOMXZuSi9DjJx73W4QbbbOQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFH26XG9qdfR8f94a4P+CriKllIj8MB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvZmJwY2IycDE5SHhfM2hyZ180S3VJcVdVaVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuSuAAwQB
uSuCAwQCuYrEMA0EAgACMAcDBQMqBw+AMA0GCSqGSIb3DQEBCwUAA4IBAQAkssuv
FPaXdMSBWY8eNLPZRUF7AiZaurfAKTIEk27+hHQLSe5anLxWcVCRPIGBfBmn4WS8
qwhNa92vwVMhJaPCH9Aj2UEQl3unsmZnPHRZCiV3BS/gp1etTtXbloQQIDIGgCOj
7OBOh02LHYywzyhX9l7cxD5QTgRD+TDxq7zUOiVkmB+cmHRLwN7/7YIgPRCBoMaK
RFnm6ErnZMeMmMjBPweVX5Z8Uu6ZLvyzEpc9nCpR3bI+aOC4TzPNqUBAf9uPVy62
XqnFle3mp9tzGhv9CZUkw9+a9LCZe8osensO3gWIYEkuOukN48K1xVZgV5Y7JM0j
ASXuhZVrhGvl3GsZ
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:27:02 2025 by rpki-client