Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/AM027EuTwOUbAc4ipDgJxm8-5v4.roa
File: AM027EuTwOUbAc4ipDgJxm8-5v4.roa (raw, json)
Hash identifier: Gtsa6FKUvYyt1CrgcEFxxALLCqpgEYF6ZIMf6DFqO20=
Subject key identifier: 00:CD:36:EC:4B:93:C0:E5:1B:01:CE:22:A4:38:09:C6:6F:3E:E6:FE
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 019424B3F8984C77C6733F2C867ED695AE6C
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/AM027EuTwOUbAc4ipDgJxm8-5v4.roa
Signing time: Thu 02 Jan 2025 01:49:21 +0000
ROA not before: Thu 02 Jan 2025 01:49:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47256
IP address blocks: 185.138.202.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:f8:98:4c:77:c6:73:3f:2c:86:7e:d6:95:ae:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 2 01:49:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=00cd36ec4b93c0e51b01ce22a43809c66f3ee6fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:18:aa:84:78:69:92:3a:26:d8:ab:0f:11:71:
7f:d1:e0:ef:1e:8a:43:8b:ba:98:4a:25:6a:c0:07:
68:51:37:a5:ed:04:0d:3e:4d:1a:19:d6:a1:7a:65:
04:2f:1c:60:b0:8c:e1:99:2c:26:84:9b:83:1f:69:
40:39:ac:a1:c2:2e:b8:fe:e4:12:d8:a3:12:aa:db:
c6:65:8a:ac:fa:de:7d:0b:7d:62:d4:ae:d0:c3:6b:
eb:92:0f:cc:d1:9c:25:b0:2d:09:13:e7:e0:71:b2:
fb:ad:4c:e6:c1:4c:6a:1f:7d:7d:46:93:1a:cf:bc:
d5:85:8b:21:44:f0:07:36:0c:0e:cb:27:ab:0b:86:
f0:1f:97:84:37:4f:71:f8:ed:22:85:86:af:57:f9:
be:f6:aa:27:13:79:3b:c2:ed:48:f9:c3:ef:26:e8:
c1:84:57:e7:38:fe:c8:b4:ad:56:bc:82:0b:9c:a5:
7c:cd:29:a8:e2:f6:15:64:85:d3:86:d0:86:19:e1:
c2:cd:e2:33:df:68:a9:61:20:28:8f:de:cf:b7:a7:
dc:df:9a:24:d1:ee:37:10:a8:f8:62:81:80:3b:28:
af:0e:02:4f:9f:d4:11:02:f6:fd:fe:b1:d2:9a:d1:
d8:48:e2:85:88:f2:64:8b:f2:b1:88:79:bb:9f:f7:
e8:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:CD:36:EC:4B:93:C0:E5:1B:01:CE:22:A4:38:09:C6:6F:3E:E6:FE
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/AM027EuTwOUbAc4ipDgJxm8-5v4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.138.202.0/23
Signature Algorithm: sha256WithRSAEncryption
a5:20:b3:d3:49:18:cc:82:13:89:b2:17:b8:0f:a8:2c:52:91:
2b:54:4b:23:dd:6d:12:5f:4b:79:8f:5b:ca:77:b6:36:ba:d3:
07:2f:1c:11:cb:90:41:42:6c:a8:c8:a9:d7:8b:25:3f:e0:09:
53:e4:e3:63:d8:69:fb:0a:d1:2e:76:15:1d:2f:2e:4e:90:5d:
13:f9:6f:2a:d6:f2:9b:64:d5:b5:a0:f4:91:9b:20:6f:60:3f:
44:4d:41:46:bd:97:56:b3:d1:62:79:d6:54:02:fa:18:3f:bc:
bf:c4:40:2b:da:c7:e4:a6:66:56:4c:f2:7b:7d:ef:6d:1b:91:
bd:e2:0b:9f:f5:9f:04:d9:b9:97:24:96:0a:e3:6f:2c:da:b1:
a3:c9:db:b4:8d:0c:2e:99:69:6b:36:ee:9c:fb:f5:38:96:71:
b9:0c:59:7f:39:68:96:d1:d1:08:e2:32:44:e4:59:cc:4f:ee:
79:8e:65:e2:28:b9:d0:be:7c:f3:5f:ca:39:40:89:ff:2a:d2:
6d:b1:96:2c:cd:1a:b9:db:87:72:30:0d:0f:c9:cb:4b:e6:a4:
3e:68:7d:3d:8b:d5:2f:fa:af:23:b2:54:27:12:45:9f:94:47:
8f:86:39:fe:27:85:87:a3:29:c9:b3:be:8b:34:a4:ff:2a:f3:
f5:34:de:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/iYTHfGcz8shn7Wla5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjUwMTAyMDE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGNkMzZlYzRiOTNjMGU1MWIwMWNlMjJhNDM4MDljNjZmM2VlNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxiqhHhpkjom2KsPEXF/0eDvHopD
i7qYSiVqwAdoUTel7QQNPk0aGdahemUELxxgsIzhmSwmhJuDH2lAOayhwi64/uQS
2KMSqtvGZYqs+t59C31i1K7Qw2vrkg/M0ZwlsC0JE+fgcbL7rUzmwUxqH319RpMa
z7zVhYshRPAHNgwOyyerC4bwH5eEN09x+O0ihYavV/m+9qonE3k7wu1I+cPvJujB
hFfnOP7ItK1WvIILnKV8zSmo4vYVZIXThtCGGeHCzeIz32ipYSAoj97Pt6fc35ok
0e43EKj4YoGAOyivDgJPn9QRAvb9/rHSmtHYSOKFiPJki/KxiHm7n/foPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADNNuxLk8DlGwHOIqQ4CcZvPub+MB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvQU0wMjdFdVR3T1ViQWM0aXBEZ0p4bTgtNXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYrKMA0G
CSqGSIb3DQEBCwUAA4IBAQClILPTSRjMghOJshe4D6gsUpErVEsj3W0SX0t5j1vK
d7Y2utMHLxwRy5BBQmyoyKnXiyU/4AlT5ONj2Gn7CtEudhUdLy5OkF0T+W8q1vKb
ZNW1oPSRmyBvYD9ETUFGvZdWs9FiedZUAvoYP7y/xEAr2sfkpmZWTPJ7fe9tG5G9
4guf9Z8E2bmXJJYK428s2rGjydu0jQwumWlrNu6c+/U4lnG5DFl/OWiW0dEI4jJE
5FnMT+55jmXiKLnQvnzzX8o5QIn/KtJtsZYszRq524dyMA0PyctL5qQ+aH09i9Uv
+q8jslQnEkWflEePhjn+J4WHoynJs76LNKT/KvP1NN42
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:50:42 2025 by rpki-client