Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/U8DmAcSDVvFp5o0uU9yFAfZA0ME.roa
File: U8DmAcSDVvFp5o0uU9yFAfZA0ME.roa (raw, json)
Hash identifier: mRQW/6nwSQa/zJo1XFkXzds0yZRrmtGmPWXCt8C163o=
Subject key identifier: 53:C0:E6:01:C4:83:56:F1:69:E6:8D:2E:53:DC:85:01:F6:40:D0:C1
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 01856DC1E708E3D2A01A1D88BA1DECF2EE6E
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/U8DmAcSDVvFp5o0uU9yFAfZA0ME.roa
Signing time: Sun 01 Jan 2023 14:35:02 +0000
ROA not before: Sun 01 Jan 2023 14:35:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204791
IP address blocks: 185.135.182.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:e7:08:e3:d2:a0:1a:1d:88:ba:1d:ec:f2:ee:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 14:35:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=53c0e601c48356f169e68d2e53dc8501f640d0c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f6:d0:9f:d4:c9:27:cc:d3:b4:fb:e9:2b:cf:
ce:d4:30:28:5d:c3:02:03:11:c3:89:69:5f:46:c9:
b9:35:78:59:4f:92:5b:1b:d2:12:5d:cc:cf:07:da:
89:9c:ea:d3:fd:29:6c:e8:fc:19:9d:64:46:9c:b0:
8c:a4:10:a9:c9:3e:a5:3b:d9:a8:f7:0c:c0:1b:c0:
f3:a0:d0:0f:fa:85:c2:6d:14:fa:66:2e:5a:7a:57:
c6:a8:34:2e:fa:2a:55:7f:3a:e4:b0:81:7f:27:2d:
25:83:94:c8:6a:23:11:67:59:e0:3e:ad:6d:0b:a2:
f4:bb:ea:4f:e6:54:20:07:04:2b:cc:30:ce:e6:38:
34:19:ea:88:c6:f1:1a:2f:77:d8:d4:16:26:71:3d:
33:db:c8:16:6f:74:6b:10:e2:93:7f:22:32:93:83:
24:c6:fb:37:63:d9:07:99:87:c6:8d:f5:bc:ee:6c:
bd:8f:06:84:33:ac:fc:da:46:75:c1:76:dc:58:50:
17:75:95:37:a5:b9:30:f2:53:f9:1a:11:5e:ca:20:
9a:33:97:80:31:1f:fa:1d:ff:63:f8:76:fc:10:27:
c4:59:cb:26:20:46:6d:55:71:b7:55:13:29:04:4a:
a2:c4:45:7e:e1:18:fd:7c:b3:53:66:2c:56:7c:6f:
9b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:C0:E6:01:C4:83:56:F1:69:E6:8D:2E:53:DC:85:01:F6:40:D0:C1
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/U8DmAcSDVvFp5o0uU9yFAfZA0ME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.182.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:24:4f:81:e9:cf:a5:3a:e1:03:7a:9d:de:11:d7:08:50:be:
e6:3a:32:bf:ea:c2:be:84:c9:32:17:b5:27:2c:40:ae:a9:44:
0c:18:a1:a3:79:b9:48:0a:94:65:7c:dc:3a:ae:ef:6f:84:b1:
37:df:61:46:f0:19:4e:7d:16:3a:10:b6:de:10:48:e0:e4:80:
37:9f:d6:ab:c8:fd:c3:eb:71:1e:6f:dc:a2:2c:95:de:d8:99:
21:e0:98:86:ff:32:c6:70:0c:03:d7:59:26:5c:ee:47:d3:a4:
cf:45:91:20:c0:4c:db:cc:59:89:7c:01:93:5a:94:bf:a9:2d:
04:d3:12:9c:43:5a:ee:1a:87:0c:24:83:e5:a7:38:53:fa:c8:
7b:e3:6c:5b:e2:fb:b9:aa:1e:bf:31:5d:6a:3c:76:58:93:ad:
5e:60:51:84:37:95:b3:6c:3a:4f:c1:1e:f8:91:f6:aa:5e:a1:
c6:06:75:22:52:9b:67:e0:ed:07:d5:ef:2e:38:d2:4d:9d:0b:
17:9b:71:cf:9a:85:52:0c:c9:9c:e7:44:8f:72:b8:84:44:19:
a5:17:e6:93:1f:4a:a6:85:62:f7:35:33:1c:69:81:2e:b5:47:
95:80:b1:83:c8:17:0c:4c:2d:74:95:78:a2:b3:03:e2:22:db:
35:1d:19:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtwecI49KgGh2Iuh3s8u5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjMwMTAxMTQzNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2MwZTYwMWM0ODM1NmYxNjllNjhkMmU1M2RjODUwMWY2NDBkMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fbQn9TJJ8zTtPvpK8/O1DAoXcMC
AxHDiWlfRsm5NXhZT5JbG9ISXczPB9qJnOrT/Sls6PwZnWRGnLCMpBCpyT6lO9mo
9wzAG8DzoNAP+oXCbRT6Zi5aelfGqDQu+ipVfzrksIF/Jy0lg5TIaiMRZ1ngPq1t
C6L0u+pP5lQgBwQrzDDO5jg0GeqIxvEaL3fY1BYmcT0z28gWb3RrEOKTfyIyk4Mk
xvs3Y9kHmYfGjfW87my9jwaEM6z82kZ1wXbcWFAXdZU3pbkw8lP5GhFeyiCaM5eA
MR/6Hf9j+Hb8ECfEWcsmIEZtVXG3VRMpBEqixEV+4Rj9fLNTZixWfG+bMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPA5gHEg1bxaeaNLlPchQH2QNDBMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvVThEbUFjU0RWdkZwNW8wdVU5eUZBZlpBME1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYe2MA0G
CSqGSIb3DQEBCwUAA4IBAQClJE+B6c+lOuEDep3eEdcIUL7mOjK/6sK+hMkyF7Un
LECuqUQMGKGjeblICpRlfNw6ru9vhLE332FG8BlOfRY6ELbeEEjg5IA3n9aryP3D
63Eeb9yiLJXe2Jkh4JiG/zLGcAwD11kmXO5H06TPRZEgwEzbzFmJfAGTWpS/qS0E
0xKcQ1ruGocMJIPlpzhT+sh742xb4vu5qh6/MV1qPHZYk61eYFGEN5WzbDpPwR74
kfaqXqHGBnUiUptn4O0H1e8uONJNnQsXm3HPmoVSDMmc50SPcriERBmlF+aTH0qm
hWL3NTMcaYEutUeVgLGDyBcMTC10lXiiswPiIts1HRnx
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:32:25 2025 by rpki-client