Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/PKHEnQCDLKXV_WcnMmlIEsiV_iQ.roa
File: PKHEnQCDLKXV_WcnMmlIEsiV_iQ.roa (raw, json)
Hash identifier: lYVQ7Vyo7mFyOamMp/bd9RivsKJdOymMdWD+rlYEvMo=
Subject key identifier: 3C:A1:C4:9D:00:83:2C:A5:D5:FD:67:27:32:69:48:12:C8:95:FE:24
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 01850F3952C35B93321B63D19A5A64C2081B
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/PKHEnQCDLKXV_WcnMmlIEsiV_iQ.roa
Signing time: Wed 14 Dec 2022 06:01:33 +0000
ROA not before: Wed 14 Dec 2022 06:01:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204791
IP address blocks: 185.135.182.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:0f:39:52:c3:5b:93:32:1b:63:d1:9a:5a:64:c2:08:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Dec 14 06:01:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3ca1c49d00832ca5d5fd672732694812c895fe24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:06:37:8b:1a:79:f1:be:73:72:cb:ef:18:e7:
65:63:23:fa:5e:d6:9a:54:16:14:31:cf:68:63:89:
d3:5f:e1:ab:3e:bd:08:b9:ba:29:42:70:8b:4f:b4:
e2:93:c3:ba:87:11:af:1c:c1:41:8a:1e:92:c1:1c:
05:74:fd:ea:16:cf:97:96:8d:b8:ac:b6:de:bb:8e:
7d:ef:1e:6b:88:10:b7:3e:56:d7:46:d9:14:6b:fc:
50:e7:3d:3d:cb:ce:ba:81:f1:6a:a6:44:24:30:d1:
bd:5f:fb:13:17:fc:33:75:2f:0e:29:d2:74:e5:bf:
65:cd:25:8b:78:4f:5e:cb:61:fc:32:7e:12:08:35:
ba:b7:0c:1b:0d:b7:6f:a0:9f:40:34:29:04:85:35:
83:1c:5e:9e:1b:be:95:b8:74:65:3a:71:37:25:a3:
55:81:8d:c7:5d:eb:6f:01:d9:5a:0f:9e:15:48:72:
54:6e:36:5c:f9:cf:bd:a7:ed:02:50:af:e4:36:e6:
93:60:54:28:38:a4:10:d0:0e:93:57:d6:97:7c:5b:
34:b8:7c:e0:4e:62:90:f8:af:76:99:83:b5:20:99:
2e:07:56:9c:d3:00:5a:ee:d5:93:92:41:ed:86:0b:
08:69:6d:1f:be:3b:f0:5d:fc:dc:22:48:e9:4d:ab:
88:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:A1:C4:9D:00:83:2C:A5:D5:FD:67:27:32:69:48:12:C8:95:FE:24
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/PKHEnQCDLKXV_WcnMmlIEsiV_iQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.182.0/24
Signature Algorithm: sha256WithRSAEncryption
00:22:b7:47:37:85:f7:fd:0c:69:c7:71:8c:1b:9e:b9:57:41:
bc:45:e4:4f:4b:63:35:4b:67:d6:21:be:eb:ff:b4:2f:01:51:
3e:e2:c9:b0:b6:81:6a:74:30:0e:27:ad:ea:89:b3:b7:f4:94:
08:a5:0a:ea:27:b8:f3:7a:0d:94:a6:a3:e2:62:99:02:27:ef:
f4:af:80:48:36:97:07:fd:6c:d4:c6:26:0c:af:25:fe:c1:6e:
fc:c7:01:9d:3b:88:d9:5d:1e:9b:c5:32:29:5e:54:57:69:57:
08:a3:bc:b3:20:ae:d4:cb:aa:49:39:79:4b:bb:60:a5:32:12:
f9:fa:08:3f:df:4a:dd:4a:6f:9d:6a:b1:74:a6:e5:0e:8f:cf:
56:ad:a9:8f:2a:a7:eb:7d:5d:e6:e7:97:61:78:b2:08:cf:0b:
6f:4f:dc:00:d1:6c:50:55:10:94:d6:c5:53:39:b0:48:39:a1:
72:3a:bb:69:97:42:03:aa:31:07:82:57:d1:a6:c1:ef:f1:2d:
14:13:93:fd:c2:72:0a:6e:b7:5f:e7:83:d7:f4:c6:8c:e7:94:
fb:f7:f7:8e:95:a0:1c:ae:9e:46:c2:62:02:72:6d:71:96:e2:
5f:b4:18:1e:9e:66:e8:f2:ab:91:42:8d:9a:ec:49:be:ba:12:
a0:ad:3e:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUPOVLDW5MyG2PRmlpkwggbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjIxMjE0MDYwMTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ExYzQ5ZDAwODMyY2E1ZDVmZDY3MjczMjY5NDgxMmM4OTVmZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAY3ixp58b5zcsvvGOdlYyP6Xtaa
VBYUMc9oY4nTX+GrPr0IubopQnCLT7Tik8O6hxGvHMFBih6SwRwFdP3qFs+Xlo24
rLbeu4597x5riBC3PlbXRtkUa/xQ5z09y866gfFqpkQkMNG9X/sTF/wzdS8OKdJ0
5b9lzSWLeE9ey2H8Mn4SCDW6twwbDbdvoJ9ANCkEhTWDHF6eG76VuHRlOnE3JaNV
gY3HXetvAdlaD54VSHJUbjZc+c+9p+0CUK/kNuaTYFQoOKQQ0A6TV9aXfFs0uHzg
TmKQ+K92mYO1IJkuB1ac0wBa7tWTkkHthgsIaW0fvjvwXfzcIkjpTauIwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyhxJ0Agyyl1f1nJzJpSBLIlf4kMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvUEtIRW5RQ0RMS1hWX1djbk1tbElFc2lWX2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYe2MA0G
CSqGSIb3DQEBCwUAA4IBAQAAIrdHN4X3/Qxpx3GMG565V0G8ReRPS2M1S2fWIb7r
/7QvAVE+4smwtoFqdDAOJ63qibO39JQIpQrqJ7jzeg2UpqPiYpkCJ+/0r4BINpcH
/WzUxiYMryX+wW78xwGdO4jZXR6bxTIpXlRXaVcIo7yzIK7Uy6pJOXlLu2ClMhL5
+gg/30rdSm+darF0puUOj89WramPKqfrfV3m55dheLIIzwtvT9wA0WxQVRCU1sVT
ObBIOaFyOrtpl0IDqjEHglfRpsHv8S0UE5P9wnIKbrdf54PX9MaM55T79/eOlaAc
rp5GwmICcm1xluJftBgenmbo8quRQo2a7Em+uhKgrT7i
-----END CERTIFICATE-----
Generated at Tue Apr 8 20:48:45 2025 by rpki-client