Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/vbHEsHpUytTKh_QZFp6nxlkLrD8.roa
File: vbHEsHpUytTKh_QZFp6nxlkLrD8.roa (raw, json)
Hash identifier: ecsReIRIHQqJipk2pfgHgSZu76Bn0Hrlh1dWCiPsc4A=
Subject key identifier: BD:B1:C4:B0:7A:54:CA:D4:CA:87:F4:19:16:9E:A7:C6:59:0B:AC:3F
Certificate issuer: /CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Certificate serial: 0192E13DDF79104ECC91EF977566E66452E6
Authority key identifier: C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/vbHEsHpUytTKh_QZFp6nxlkLrD8.roa
Signing time: Thu 31 Oct 2024 06:23:01 +0000
ROA not before: Thu 31 Oct 2024 06:23:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200937
IP address blocks: 185.90.148.0/22 maxlen: 22
185.90.148.0/24 maxlen: 24
185.90.149.0/24 maxlen: 24
185.90.150.0/24 maxlen: 24
185.90.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:e1:3d:df:79:10:4e:cc:91:ef:97:75:66:e6:64:52:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Validity
Not Before: Oct 31 06:23:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bdb1c4b07a54cad4ca87f419169ea7c6590bac3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:98:85:30:20:b3:6b:fb:df:a0:d3:35:81:14:
ad:ac:7d:0b:11:25:0a:99:bf:23:7c:77:7b:11:08:
c0:72:2a:52:74:5c:de:20:49:b1:cf:4b:d5:15:69:
61:08:5d:89:95:03:d2:02:76:73:41:f4:ad:91:d0:
db:46:a4:13:72:ba:2a:eb:7e:11:76:c1:78:cb:cb:
f1:4b:e7:b0:aa:fe:44:5f:64:f0:17:4b:d6:6d:1f:
82:92:0d:98:61:9c:2e:b3:96:45:aa:f6:dd:37:4b:
9f:ab:2e:62:81:18:ea:21:f8:ee:cb:87:8f:30:03:
d0:16:28:0b:e2:51:35:39:d2:fd:a7:0a:a8:3a:53:
96:8d:4c:69:4a:f6:82:f9:83:0c:e3:6d:c6:57:03:
f2:82:e4:a5:d3:cc:ba:d0:13:95:56:ae:ba:c3:cd:
f7:6c:95:76:9f:98:57:6e:8a:c5:01:67:a5:3f:80:
d6:bf:d9:d2:f0:f5:b9:15:46:48:11:30:8e:88:2f:
ea:c2:60:f2:5a:88:85:4f:e7:5b:3c:a0:dc:90:de:
a1:e1:ae:d4:18:8d:db:a2:ee:56:bc:d4:3c:8a:02:
97:b7:11:e5:ba:76:ae:ea:51:3f:0c:19:6f:5d:22:
2b:f4:a2:a8:2f:ae:15:14:6d:df:6c:e8:19:7b:25:
0e:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:B1:C4:B0:7A:54:CA:D4:CA:87:F4:19:16:9E:A7:C6:59:0B:AC:3F
X509v3 Authority Key Identifier:
keyid:C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/vbHEsHpUytTKh_QZFp6nxlkLrD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.90.148.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:23:bf:d0:b7:bd:e8:fc:3c:0e:00:c5:ff:9a:50:53:e5:17:
23:de:fd:52:64:72:b9:91:61:fa:52:ed:99:7d:dd:f0:dc:96:
84:75:4b:df:b6:bf:e8:d1:2c:9d:c8:9e:aa:13:59:5c:e8:b4:
70:13:1c:e9:e9:93:27:8f:90:fe:80:25:cb:1e:bc:c0:eb:e0:
1f:da:14:1f:1e:8e:4b:23:1d:44:b7:18:33:13:3d:d8:62:7d:
48:d0:8b:84:bc:56:f2:13:86:28:af:92:68:e0:7e:b2:40:45:
bb:39:b1:6c:9b:06:d4:6c:e2:e8:0f:51:23:c9:02:91:33:10:
f1:ff:7a:11:5e:d1:9b:3e:88:fd:af:f5:51:1b:96:cb:1d:67:
3c:f9:31:e1:e9:c2:7d:3a:02:d9:7c:fd:8a:fd:72:a8:ae:08:
48:08:88:6c:dc:90:77:50:2c:30:46:5a:80:cb:d3:8a:5d:85:
ca:8c:ca:46:eb:32:4f:b9:31:8c:ae:9e:26:a6:c3:13:99:d5:
a5:a7:60:e3:a1:e7:70:84:42:38:2e:8a:43:50:57:ae:ca:a7:
7a:d3:87:17:d8:a8:b2:f6:a2:0f:a1:32:3c:2e:31:94:58:47:
d1:ed:5e:75:b2:40:2f:2f:81:fb:40:fe:fc:ec:e4:76:0e:d6:
65:a0:08:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLhPd95EE7Mke+XdWbmZFLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZDkxNDYyYzRkYzFkZjZhOGEzYTk3YTFhZWU1N2EwY2Mx
NGVmYmEwHhcNMjQxMDMxMDYyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGIxYzRiMDdhNTRjYWQ0Y2E4N2Y0MTkxNjllYTdjNjU5MGJhYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25iFMCCza/vfoNM1gRStrH0LESUK
mb8jfHd7EQjAcipSdFzeIEmxz0vVFWlhCF2JlQPSAnZzQfStkdDbRqQTcroq634R
dsF4y8vxS+ewqv5EX2TwF0vWbR+Ckg2YYZwus5ZFqvbdN0ufqy5igRjqIfjuy4eP
MAPQFigL4lE1OdL9pwqoOlOWjUxpSvaC+YMM423GVwPyguSl08y60BOVVq66w833
bJV2n5hXborFAWelP4DWv9nS8PW5FUZIETCOiC/qwmDyWoiFT+dbPKDckN6h4a7U
GI3bou5WvNQ8igKXtxHlunau6lE/DBlvXSIr9KKoL64VFG3fbOgZeyUOHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2xxLB6VMrUyof0GRaep8ZZC6w/MB8GA1UdIwQY
MBaAFMfZFGLE3B32qKOpehruV6DMFO+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzIt
MzQ5N2Y3ZTJkZTYyLzEvdmJIRXNIcFV5dFRLaF9RWkZwNm54bGtMckQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzItMzQ5N2Y3ZTJkZTYy
LzEveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVqUMA0G
CSqGSIb3DQEBCwUAA4IBAQCMI7/Qt73o/DwOAMX/mlBT5Rcj3v1SZHK5kWH6Uu2Z
fd3w3JaEdUvftr/o0SydyJ6qE1lc6LRwExzp6ZMnj5D+gCXLHrzA6+Af2hQfHo5L
Ix1EtxgzEz3YYn1I0IuEvFbyE4Yor5Jo4H6yQEW7ObFsmwbUbOLoD1EjyQKRMxDx
/3oRXtGbPoj9r/VRG5bLHWc8+THh6cJ9OgLZfP2K/XKorghICIhs3JB3UCwwRlqA
y9OKXYXKjMpG6zJPuTGMrp4mpsMTmdWlp2DjoedwhEI4LopDUFeuyqd604cX2Kiy
9qIPoTI8LjGUWEfR7V51skAvL4H7QP787OR2DtZloAjD
-----END CERTIFICATE-----
Generated at Wed Apr 16 08:29:35 2025 by rpki-client