Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/_JRhzlCb3T1aQV86khp-M3neApQ.roa
File: _JRhzlCb3T1aQV86khp-M3neApQ.roa (raw, json)
Hash identifier: 481jNSNgbf9EBlH0K9NZaVn0Fzf+qymBzeF+uTb0klY=
Subject key identifier: FC:94:61:CE:50:9B:DD:3D:5A:41:5F:3A:92:1A:7E:33:79:DE:02:94
Certificate issuer: /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial: 0C5FA621
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/_JRhzlCb3T1aQV86khp-M3neApQ.roa
Signing time: Tue 19 Apr 2022 09:31:36 +0000
ROA not before: Tue 19 Apr 2022 09:31:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39650
IP address blocks: 185.161.36.0/22 maxlen: 24
88.135.40.0/21 maxlen: 24
185.229.31.0/24 maxlen: 24
185.229.28.0/24 maxlen: 24
185.229.29.0/24 maxlen: 24
185.229.30.0/24 maxlen: 24
185.164.75.0/24 maxlen: 24
185.164.72.0/22 maxlen: 24
185.164.74.0/24 maxlen: 24
2a0d:6600::/29 maxlen: 29
2a0a:d400::/29 maxlen: 29
2a06:5a40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 207595041 (0xc5fa621)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Validity
Not Before: Apr 19 09:31:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fc9461ce509bdd3d5a415f3a921a7e3379de0294
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e6:b7:fe:5c:4b:6c:e2:4c:67:b5:c3:9d:e9:
83:ce:0f:f1:bc:38:58:c5:f8:00:9d:ff:89:5d:8d:
d8:c5:d8:58:c5:e3:d4:eb:89:62:6d:02:91:5f:19:
42:d5:00:17:f2:69:15:9b:e1:b1:4b:ec:88:72:ba:
07:0b:9d:35:3e:62:9b:74:be:36:c2:2b:d4:21:de:
49:3f:e1:46:85:8f:43:39:0b:97:ca:ae:2c:65:f0:
d1:ed:c1:e9:ed:d1:ff:92:ba:3e:b8:46:e8:13:87:
d2:a0:7d:c8:09:1f:99:16:3d:a7:45:9d:5c:35:b8:
81:d1:fd:2a:c0:e5:1f:a9:41:a7:a7:10:f2:52:fa:
92:fb:b3:62:24:e2:85:bf:6b:ed:ec:f5:65:aa:2b:
cb:c5:f8:f3:0b:8a:ba:b8:8e:d3:59:1d:e7:74:a1:
2c:30:d9:af:e1:84:08:bd:91:1b:87:cf:25:c8:5e:
29:72:8f:b2:75:38:c8:87:fa:d5:fd:b7:71:90:c9:
f3:ed:6d:24:e7:b2:63:17:60:cd:12:56:d4:df:63:
0d:f6:8d:50:80:00:74:64:bb:65:73:61:30:c5:92:
f9:f9:b3:9c:ca:54:2a:74:9c:e0:f7:c8:71:4a:2e:
65:7b:1c:0b:47:52:21:de:a4:76:6e:08:ef:f4:91:
39:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:94:61:CE:50:9B:DD:3D:5A:41:5F:3A:92:1A:7E:33:79:DE:02:94
X509v3 Authority Key Identifier:
keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/_JRhzlCb3T1aQV86khp-M3neApQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.135.40.0/21
185.161.36.0/22
185.164.72.0/22
185.229.28.0/22
IPv6:
2a06:5a40::/29
2a0a:d400::/29
2a0d:6600::/29
Signature Algorithm: sha256WithRSAEncryption
1a:9c:81:14:e1:64:8a:b9:48:5a:56:92:60:47:cd:fa:2b:a3:
88:b9:a1:86:bc:ad:cc:7c:a2:2d:f4:0a:01:f7:76:c7:5b:c5:
2c:2a:53:e0:60:b1:75:23:57:7c:b6:47:e5:01:a0:88:0e:5c:
78:24:81:8d:dd:25:fc:dc:a1:11:34:f1:8e:67:73:6e:2b:17:
e2:66:9e:22:a4:af:da:ba:d8:71:48:00:47:a3:f8:40:15:ab:
96:3e:2f:0a:ea:5f:1b:3c:8f:f2:c8:2c:d3:0a:e0:03:5b:ec:
7e:da:80:74:57:87:65:d3:4f:7a:fa:0c:69:e2:9c:84:ec:28:
3c:65:1e:ba:d2:6d:81:56:d9:0a:c5:d5:46:63:82:68:7e:09:
ce:4e:6d:2d:9b:0c:7d:74:7a:27:08:9e:43:1c:8f:40:ec:ac:
0b:da:f9:f2:5a:01:c9:38:b9:30:6d:68:18:a1:33:96:b4:20:
24:0d:af:8d:b6:b8:2a:52:ed:f3:b0:3e:96:12:9e:a9:65:ec:
82:90:e6:a2:4e:1c:09:94:cf:45:0e:85:23:cd:35:23:ad:40:
d6:26:08:f5:a9:21:e8:9d:19:39:f8:c6:c3:08:35:35:f2:9e:
3b:1c:85:2b:1e:da:28:fb:8b:e9:f0:e2:95:3f:e8:a2:a7:89:
58:55:66:96
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEDF+mITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MGUzODFiNmU3NmNiOTUyMGU4ZDhmNTY3NzZlY2EwZmUxNzZjYzQwMB4XDTIyMDQx
OTA5MzEzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmM5NDYxY2U1MDli
ZGQzZDVhNDE1ZjNhOTIxYTdlMzM3OWRlMDI5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALnmt/5cS2ziTGe1w53pg84P8bw4WMX4AJ3/iV2N2MXYWMXj
1OuJYm0CkV8ZQtUAF/JpFZvhsUvsiHK6BwudNT5im3S+NsIr1CHeST/hRoWPQzkL
l8quLGXw0e3B6e3R/5K6PrhG6BOH0qB9yAkfmRY9p0WdXDW4gdH9KsDlH6lBp6cQ
8lL6kvuzYiTihb9r7ez1Zaory8X48wuKuriO01kd53ShLDDZr+GECL2RG4fPJche
KXKPsnU4yIf61f23cZDJ8+1tJOeyYxdgzRJW1N9jDfaNUIAAdGS7ZXNhMMWS+fmz
nMpUKnSc4PfIcUouZXscC0dSId6kdm4I7/SROVECAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBT8lGHOUJvdPVpBXzqSGn4zed4ClDAfBgNVHSMEGDAWgBSg44G252y5Ug6N
j1Z3bsoP4XbMQDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29PT0J0dWRzdVZJT2pZOVdkMjdLRC1GMnpFQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvOGU2ZjA4LTMwZjAtNDZkZC1hN2ExLWE5YzM4NDEyOGQ0Mi8x
L19KUmh6bENiM1QxYVFWODZraHAtTTNuZUFwUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
OGU2ZjA4LTMwZjAtNDZkZC1hN2ExLWE5YzM4NDEyOGQ0Mi8xL29PT0J0dWRzdVZJ
T2pZOVdkMjdLRC1GMnpFQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wHgQCAAEwGAMEA1iHKAMEArmhJAMEArmkSAMEArnl
HDAbBAIAAjAVAwUDKgZaQAMFAyoK1AADBQMqDWYAMA0GCSqGSIb3DQEBCwUAA4IB
AQAanIEU4WSKuUhaVpJgR836K6OIuaGGvK3MfKIt9AoB93bHW8UsKlPgYLF1I1d8
tkflAaCIDlx4JIGN3SX83KERNPGOZ3NuKxfiZp4ipK/authxSABHo/hAFauWPi8K
6l8bPI/yyCzTCuADW+x+2oB0V4dl0096+gxp4pyE7Cg8ZR660m2BVtkKxdVGY4Jo
fgnOTm0tmwx9dHonCJ5DHI9A7KwL2vnyWgHJOLkwbWgYoTOWtCAkDa+NtrgqUu3z
sD6WEp6pZeyCkOaiThwJlM9FDoUjzTUjrUDWJgj1qSHonRk5+MbDCDU18p47HIUr
Htoo+4vp8OKVP+iip4lYVWaW
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:38:29 2025 by rpki-client