Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/vSRXBiJQKCoTc3ChyphurSNuT-o.roa
File: vSRXBiJQKCoTc3ChyphurSNuT-o.roa (raw, json)
Hash identifier: dWdbENuJ49m2k4vppXtkQIZP2RFholLSaizqom17fl8=
Subject key identifier: BD:24:57:06:22:50:28:2A:13:73:70:A1:CA:98:6E:AD:23:6E:4F:EA
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 09FF30F5
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/vSRXBiJQKCoTc3ChyphurSNuT-o.roa
Signing time: Sat 01 Jan 2022 11:56:01 +0000
ROA not before: Sat 01 Jan 2022 11:56:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207459
IP address blocks: 185.132.124.0/24 maxlen: 24
213.226.118.0/24 maxlen: 24
2a10:3302::/32 maxlen: 32
2a10:3305::/32 maxlen: 32
2a10:3301::/32 maxlen: 32
2a10:3306::/32 maxlen: 32
2a10:3304::/32 maxlen: 32
2a10:3303::/32 maxlen: 32
2a10:3307::/32 maxlen: 32
2a10:3300::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 167719157 (0x9ff30f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 1 11:56:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bd2457062250282a137370a1ca986ead236e4fea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:ad:39:97:f1:38:b4:d2:d0:06:70:f6:54:5a:
0c:22:4c:84:17:79:f7:7d:20:85:72:ec:56:87:c1:
fd:a0:8f:15:13:da:56:ba:6d:18:c8:fa:64:d4:49:
f1:60:ca:24:96:8a:f0:fc:bf:b8:ee:12:82:b3:df:
03:b5:c2:80:5a:c6:b0:b9:b0:1f:38:95:cf:64:de:
95:16:36:2a:ef:52:4c:8a:7f:55:17:72:4f:c2:08:
b1:ac:ed:b1:16:51:eb:f4:e2:a2:ec:5c:08:5b:0e:
07:9b:de:87:b4:5d:2d:c4:9b:47:ae:36:97:3f:fe:
de:6f:63:95:b9:58:fc:4e:dd:23:b7:45:e3:97:c8:
1e:89:e7:a2:2a:5e:c4:89:fa:6a:6f:97:d1:fc:a3:
32:d1:d7:ee:99:a4:12:5b:6b:f1:5f:56:93:94:06:
ba:96:22:13:e6:fa:57:20:85:ec:2c:aa:30:a9:0f:
64:39:95:d0:c3:64:ae:40:66:f5:57:28:23:30:d1:
03:ea:ca:94:e7:a0:d5:1c:70:c3:2b:25:15:4e:f5:
03:c2:3a:86:b1:a9:d9:83:c8:da:07:f1:08:82:94:
72:cc:b9:16:98:45:9f:f2:44:1b:41:b1:a6:f1:54:
b0:8c:e1:17:7a:ee:80:7e:d7:6b:d4:c7:6a:5e:5d:
f1:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:24:57:06:22:50:28:2A:13:73:70:A1:CA:98:6E:AD:23:6E:4F:EA
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/vSRXBiJQKCoTc3ChyphurSNuT-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.132.124.0/24
213.226.118.0/24
IPv6:
2a10:3300::/29
Signature Algorithm: sha256WithRSAEncryption
85:b3:8f:d3:11:4d:47:a7:9a:c5:88:74:13:0c:2b:f8:a0:21:
12:8e:b4:ea:79:7c:3b:53:8e:24:23:7d:fa:a5:6f:d8:1d:66:
63:67:bc:9c:af:ac:93:5a:62:fd:51:90:8d:cb:bf:d5:27:62:
43:0d:43:58:cf:32:e0:49:d3:fc:59:db:fd:a7:29:f9:84:6e:
96:c7:f7:5f:77:a6:fe:1d:5d:43:a6:8a:25:bf:76:cf:a1:61:
3e:24:2d:6a:63:11:28:7f:5b:8c:04:3a:70:20:f6:b5:87:c9:
0d:63:0c:78:55:8f:b4:bc:f5:65:0f:6e:7e:44:96:fd:82:9b:
4f:c9:35:6f:4b:5d:b1:8b:36:95:c5:07:2c:65:d2:5d:fe:1b:
bd:e5:4f:0a:79:be:16:17:0f:37:e2:e1:50:ab:f6:cf:6c:87:
20:76:8a:a2:a1:a5:36:ef:c6:ae:fd:7f:d7:fe:f6:0b:7c:5d:
6c:5d:91:8f:ac:fc:62:bc:2e:e2:cb:a8:97:8f:b8:01:31:7f:
4b:34:ba:f4:24:45:ef:90:06:b9:cc:20:0e:27:c4:d1:eb:ad:
4d:0e:4b:08:0e:12:34:71:d6:09:be:4b:a1:96:b8:99:c2:bd:
a5:73:2c:58:ac:b6:bb:98:df:3c:25:59:24:3c:75:44:55:20:
c8:7b:41:97
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIECf8w9TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZGIzNDc3NGIwMTk3OTI4NGZkOWU3NTRmZWE2OGZhM2M2MTc4M2QwMB4XDTIyMDEw
MTExNTYwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmQyNDU3MDYyMjUw
MjgyYTEzNzM3MGExY2E5ODZlYWQyMzZlNGZlYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOGtOZfxOLTS0AZw9lRaDCJMhBd5930ghXLsVofB/aCPFRPa
VrptGMj6ZNRJ8WDKJJaK8Py/uO4SgrPfA7XCgFrGsLmwHziVz2TelRY2Ku9STIp/
VRdyT8IIsaztsRZR6/TiouxcCFsOB5veh7RdLcSbR642lz/+3m9jlblY/E7dI7dF
45fIHonnoipexIn6am+X0fyjMtHX7pmkEltr8V9Wk5QGupYiE+b6VyCF7CyqMKkP
ZDmV0MNkrkBm9VcoIzDRA+rKlOeg1RxwwyslFU71A8I6hrGp2YPI2gfxCIKUcsy5
FphFn/JEG0GxpvFUsIzhF3rugH7Xa9THal5d8a8CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBS9JFcGIlAoKhNzcKHKmG6tI25P6jAfBgNVHSMEGDAWgBSNs0d0sBl5KE/Z
51T+po+jxheD0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2piTkhkTEFaZVNoUDJlZFVfcWFQbzhZWGc5QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvNzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8x
L3ZTUlhCaUpRS0NvVGMzQ2h5cGh1clNOdVQtby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
NzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8xL2piTkhkTEFaZVNo
UDJlZFVfcWFQbzhZWGc5QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEALmEfAMEANXidjANBAIAAjAHAwUD
KhAzADANBgkqhkiG9w0BAQsFAAOCAQEAhbOP0xFNR6eaxYh0Ewwr+KAhEo606nl8
O1OOJCN9+qVv2B1mY2e8nK+sk1pi/VGQjcu/1SdiQw1DWM8y4EnT/Fnb/acp+YRu
lsf3X3em/h1dQ6aKJb92z6FhPiQtamMRKH9bjAQ6cCD2tYfJDWMMeFWPtLz1ZQ9u
fkSW/YKbT8k1b0tdsYs2lcUHLGXSXf4bveVPCnm+FhcPN+LhUKv2z2yHIHaKoqGl
Nu/Grv1/1/72C3xdbF2Rj6z8Yrwu4suol4+4ATF/SzS69CRF75AGucwgDifE0eut
TQ5LCA4SNHHWCb5LoZa4mcK9pXMsWKy2u5jfPCVZJDx1RFUgyHtBlw==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:25:32 2025 by rpki-client