Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/MfSWXJ1cqI6DVuUrXU5mT14jMXk.roa
File: MfSWXJ1cqI6DVuUrXU5mT14jMXk.roa (raw, json)
Hash identifier: Z6aeMRAUmbRf6SXdK6EpwudVJXOMn59AhU+LWR4QSro=
Subject key identifier: 31:F4:96:5C:9D:5C:A8:8E:83:56:E5:2B:5D:4E:66:4F:5E:23:31:79
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 097C6FCF
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/MfSWXJ1cqI6DVuUrXU5mT14jMXk.roa
Signing time: Sat 01 Jan 2022 13:07:18 +0000
ROA not before: Sat 01 Jan 2022 13:07:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200420
IP address blocks: 212.110.157.0/24 maxlen: 24
185.76.82.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 159150031 (0x97c6fcf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 13:07:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=31f4965c9d5ca88e8356e52b5d4e664f5e233179
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b2:5a:d9:c1:c7:12:21:5d:10:48:94:d4:f9:
19:bc:d1:a7:66:1c:82:71:7a:f9:b7:26:a0:57:ae:
46:34:9e:c4:c2:e4:5d:b7:35:79:09:ce:6b:d8:ff:
52:b3:e5:2e:a7:7b:74:8a:d8:c4:23:1d:ce:44:74:
28:f9:f5:32:c8:1b:0d:2b:d6:76:18:d2:1c:74:9a:
fa:45:9e:0d:90:1e:8f:7d:b3:cf:41:ed:17:12:ae:
8a:9a:2f:28:85:54:a7:ad:98:bb:46:b4:3b:30:24:
78:96:b2:73:9f:65:a3:51:0f:c2:96:ae:82:03:bf:
f4:aa:9b:ff:63:7f:de:6e:b2:66:fd:16:ea:e9:30:
2e:c6:50:e9:b9:ee:44:8b:ba:e7:2c:de:9d:53:43:
d9:3c:cf:a1:98:c8:ce:fb:53:c9:31:6d:56:ec:d9:
9b:14:ce:35:13:f5:46:00:dd:6b:c4:83:29:d1:49:
99:cd:87:ae:bc:9c:68:0d:de:ca:26:f4:35:93:08:
20:c0:f7:c1:55:69:a0:fb:5f:f2:7d:25:ca:81:37:
c8:69:ed:5b:e8:6b:33:f6:52:21:0b:eb:4e:0b:63:
ea:6d:ac:3f:ba:ed:41:1e:76:51:5c:f9:39:46:49:
e6:2c:ad:f8:65:58:cf:65:72:eb:20:73:4d:c0:93:
5a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:F4:96:5C:9D:5C:A8:8E:83:56:E5:2B:5D:4E:66:4F:5E:23:31:79
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/MfSWXJ1cqI6DVuUrXU5mT14jMXk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.76.82.0/24
212.110.157.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:f1:1f:64:1a:65:33:20:4d:b1:f3:72:53:2e:94:e5:4d:b7:
c0:1a:b6:e0:28:ef:f0:28:5f:b5:ed:e5:a1:93:c3:32:67:9a:
32:9c:38:5d:51:72:56:69:c1:7e:76:f5:cc:dd:fb:7d:2e:a0:
8c:52:bb:fe:e6:26:9f:91:26:b5:e8:13:0e:8d:59:79:ab:ed:
38:30:e7:05:7e:b8:11:18:00:3e:ea:67:25:b7:29:98:80:22:
94:ff:76:b3:6e:ff:5f:68:b3:83:17:a9:98:56:ad:14:48:eb:
58:5f:97:94:6d:4d:ca:00:08:be:e0:6d:01:43:38:fc:f6:f0:
dc:da:5b:3f:7d:50:d8:f4:92:4f:ba:20:bd:4b:af:19:89:10:
a5:a9:84:8c:3e:5c:2f:77:ba:80:39:40:16:11:22:cb:34:95:
ca:1b:e4:e8:29:87:df:69:a1:09:e8:74:d9:5e:ad:fd:70:e7:
83:a4:23:0d:40:e7:98:7a:1d:d8:48:88:6b:a4:3e:f0:f4:0b:
6f:f9:b5:75:ff:38:32:40:91:9a:b8:9d:f2:9f:08:81:b5:ec:
f1:73:26:67:23:c7:ff:0c:de:6c:b8:0f:e6:1c:e1:c5:30:b6:
bf:fe:45:c0:f3:5e:af:c6:2c:d2:25:e9:35:da:df:06:74:86:
38:4b:cb:84
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECXxvzzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTJlY2U5YzlhMzI0ZDQ1YzM1Zjk1NTlmMzI5ZDg4NjlkYWI1M2JhMB4XDTIyMDEw
MTEzMDcxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzFmNDk2NWM5ZDVj
YTg4ZTgzNTZlNTJiNWQ0ZTY2NGY1ZTIzMzE3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALayWtnBxxIhXRBIlNT5GbzRp2YcgnF6+bcmoFeuRjSexMLk
Xbc1eQnOa9j/UrPlLqd7dIrYxCMdzkR0KPn1MsgbDSvWdhjSHHSa+kWeDZAej32z
z0HtFxKuipovKIVUp62Yu0a0OzAkeJayc59lo1EPwpauggO/9Kqb/2N/3m6yZv0W
6ukwLsZQ6bnuRIu65yzenVND2TzPoZjIzvtTyTFtVuzZmxTONRP1RgDda8SDKdFJ
mc2HrrycaA3eyib0NZMIIMD3wVVpoPtf8n0lyoE3yGntW+hrM/ZSIQvrTgtj6m2s
P7rtQR52UVz5OUZJ5iyt+GVYz2Vy6yBzTcCTWmECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQx9JZcnVyojoNW5StdTmZPXiMxeTAfBgNVHSMEGDAWgBSFLs6cmjJNRcNf
lVnzKdiGnatTujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hTN09uSm95VFVYRFg1Vlo4eW5ZaHAyclU3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8x
L01mU1dYSjFjcUk2RFZ1VXJYVTVtVDE0ak1Yay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
ZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8xL2hTN09uSm95VFVY
RFg1Vlo4eW5ZaHAyclU3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALlMUgMEANRunTANBgkqhkiG9w0B
AQsFAAOCAQEAS/EfZBplMyBNsfNyUy6U5U23wBq24Cjv8Chfte3loZPDMmeaMpw4
XVFyVmnBfnb1zN37fS6gjFK7/uYmn5EmtegTDo1ZeavtODDnBX64ERgAPupnJbcp
mIAilP92s27/X2izgxepmFatFEjrWF+XlG1NygAIvuBtAUM4/Pbw3NpbP31Q2PSS
T7ogvUuvGYkQpamEjD5cL3e6gDlAFhEiyzSVyhvk6CmH32mhCeh02V6t/XDng6Qj
DUDnmHod2EiIa6Q+8PQLb/m1df84MkCRmrid8p8IgbXs8XMmZyPH/wzebLgP5hzh
xTC2v/5FwPNer8Ys0iXpNdrfBnSGOEvLhA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:53:10 2025 by rpki-client