Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/j16eJI-BPzO_qDIN28dNczdu3bk.roa
File: j16eJI-BPzO_qDIN28dNczdu3bk.roa (raw, json)
Hash identifier: O7Yl2ShyqbaZlxiPWSSRxwgBevwH++bsi6tEyW3NKps=
Subject key identifier: 8F:5E:9E:24:8F:81:3F:33:BF:A8:32:0D:DB:C7:4D:73:37:6E:DD:B9
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 097DC24C
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/j16eJI-BPzO_qDIN28dNczdu3bk.roa
Signing time: Sat 01 Jan 2022 13:07:19 +0000
ROA not before: Sat 01 Jan 2022 13:07:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208397
IP address blocks: 185.138.200.0/23 maxlen: 23
185.138.202.0/23 maxlen: 23
185.141.42.0/23 maxlen: 23
185.141.40.0/23 maxlen: 23
185.135.182.0/23 maxlen: 23
185.135.180.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 159236684 (0x97dc24c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 13:07:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8f5e9e248f813f33bfa8320ddbc74d73376eddb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:68:ad:e5:67:76:16:64:db:13:4b:1b:6b:f8:
58:de:40:fb:ed:29:b0:33:4d:c9:9d:3b:b5:ce:2c:
26:ba:34:5a:59:ab:24:13:13:90:02:87:c9:a0:da:
e6:6c:e3:99:0a:05:d5:08:6f:de:26:1f:b7:4b:a3:
1c:0d:f6:7d:1d:9c:26:07:0c:c3:5c:74:36:b8:5f:
4e:47:24:30:6d:59:34:a1:c7:df:d7:32:95:42:31:
40:00:60:79:bb:aa:4e:6f:f0:46:85:4f:31:cb:f8:
c8:47:3d:ab:b6:85:d0:57:1d:b0:0b:df:a7:f5:e3:
e4:e1:a1:b1:ca:af:47:0a:29:4c:ff:cf:70:cd:26:
f3:b9:83:96:79:e0:38:c6:9e:8f:77:bb:cc:6b:73:
cd:ff:d5:4b:47:3f:77:4e:e0:b0:a8:7e:28:d9:c6:
90:63:16:31:45:c0:e6:c9:0d:dd:56:87:f8:98:2f:
ac:8b:cf:0e:6e:48:67:7e:6e:22:2b:cd:15:10:55:
5a:e7:37:29:9b:5d:21:4b:a9:fa:7a:31:b7:2d:48:
60:0b:64:39:cb:74:bb:fa:49:18:14:58:8f:18:49:
5d:dc:46:30:9e:b2:3d:f9:17:3d:07:97:5a:6d:8b:
5e:10:16:49:31:20:51:ad:05:2e:ca:df:1b:dd:4f:
ad:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:5E:9E:24:8F:81:3F:33:BF:A8:32:0D:DB:C7:4D:73:37:6E:DD:B9
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/j16eJI-BPzO_qDIN28dNczdu3bk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.180.0/22
185.138.200.0/22
185.141.40.0/22
Signature Algorithm: sha256WithRSAEncryption
57:ed:91:a4:7b:5b:c7:62:2e:28:bc:48:5c:0a:d2:5f:5b:63:
b7:4e:3d:f3:57:96:fd:34:80:89:6b:e4:b1:cb:3a:43:ab:57:
f5:a4:cb:0b:f7:ad:f3:13:04:26:82:57:e5:be:5c:46:2f:ba:
ad:4b:2f:48:e4:43:e3:61:9b:7f:17:c3:05:ae:0d:3c:3b:b2:
4a:9c:20:15:ba:a6:e6:b7:1c:c8:4e:b6:89:c0:0b:6b:ec:d4:
76:34:b1:fb:a6:e3:2e:59:12:bf:50:56:4b:8d:7a:b8:b4:d2:
df:e3:17:9d:2e:8d:d7:af:a3:12:13:79:35:74:a7:71:b0:d5:
9b:54:94:db:43:84:4d:64:2b:34:7c:7b:c3:f3:56:5f:7f:07:
9c:4b:91:3c:9c:df:2d:4e:40:35:e9:52:65:be:d8:10:2b:34:
dc:41:ec:f5:e5:f9:97:15:db:be:79:4b:3a:10:ee:52:69:51:
dd:fa:85:cd:19:79:2b:b2:c5:69:1f:fd:06:8b:86:ad:04:a2:
7e:a1:c4:97:96:b8:f0:81:3b:9f:71:c6:e4:73:54:1d:a3:26:
ae:01:ce:96:a8:b6:41:d8:5d:80:65:fd:b2:31:8a:36:3f:d8:
cc:c6:48:90:01:a4:ae:70:5e:98:94:f5:9a:f2:20:38:8e:ec:
63:49:ea:0a
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIECX3CTDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTJlY2U5YzlhMzI0ZDQ1YzM1Zjk1NTlmMzI5ZDg4NjlkYWI1M2JhMB4XDTIyMDEw
MTEzMDcxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGY1ZTllMjQ4Zjgx
M2YzM2JmYTgzMjBkZGJjNzRkNzMzNzZlZGRiOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKVoreVndhZk2xNLG2v4WN5A++0psDNNyZ07tc4sJro0Wlmr
JBMTkAKHyaDa5mzjmQoF1Qhv3iYft0ujHA32fR2cJgcMw1x0NrhfTkckMG1ZNKHH
39cylUIxQABgebuqTm/wRoVPMcv4yEc9q7aF0FcdsAvfp/Xj5OGhscqvRwopTP/P
cM0m87mDlnngOMaej3e7zGtzzf/VS0c/d07gsKh+KNnGkGMWMUXA5skN3VaH+Jgv
rIvPDm5IZ35uIivNFRBVWuc3KZtdIUup+noxty1IYAtkOct0u/pJGBRYjxhJXdxG
MJ6yPfkXPQeXWm2LXhAWSTEgUa0FLsrfG91Prf8CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSPXp4kj4E/M7+oMg3bx01zN27duTAfBgNVHSMEGDAWgBSFLs6cmjJNRcNf
lVnzKdiGnatTujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hTN09uSm95VFVYRFg1Vlo4eW5ZaHAyclU3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8x
L2oxNmVKSS1CUHpPX3FESU4yOGROY3pkdTNiay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
ZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8xL2hTN09uSm95VFVY
RFg1Vlo4eW5ZaHAyclU3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEArmHtAMEArmKyAMEArmNKDANBgkq
hkiG9w0BAQsFAAOCAQEAV+2RpHtbx2IuKLxIXArSX1tjt04981eW/TSAiWvkscs6
Q6tX9aTLC/et8xMEJoJX5b5cRi+6rUsvSORD42GbfxfDBa4NPDuySpwgFbqm5rcc
yE62icALa+zUdjSx+6bjLlkSv1BWS416uLTS3+MXnS6N16+jEhN5NXSncbDVm1SU
20OETWQrNHx7w/NWX38HnEuRPJzfLU5ANelSZb7YECs03EHs9eX5lxXbvnlLOhDu
UmlR3fqFzRl5K7LFaR/9BouGrQSifqHEl5a48IE7n3HG5HNUHaMmrgHOlqi2Qdhd
gGX9sjGKNj/YzMZIkAGkrnBemJT1mvIgOI7sY0nqCg==
-----END CERTIFICATE-----
Generated at Tue Apr 8 19:56:58 2025 by rpki-client