Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/iMsB7th-KO2XaG9wq6hl_7Txwlw.roa
File: iMsB7th-KO2XaG9wq6hl_7Txwlw.roa (raw, json)
Hash identifier: w8Z/s1YHT93zF/vHSQUP20TZP3ywmZ3+2rYKN02f98U=
Subject key identifier: 88:CB:01:EE:D8:7E:28:ED:97:68:6F:70:AB:A8:65:FF:B4:F1:C2:5C
Certificate issuer: /CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Certificate serial: 018572B413CEB3EEB809AC4D3148301F61C5
Authority key identifier: 0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/iMsB7th-KO2XaG9wq6hl_7Txwlw.roa
Signing time: Mon 02 Jan 2023 13:38:02 +0000
ROA not before: Mon 02 Jan 2023 13:38:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51433
IP address blocks: 185.162.217.0/24 maxlen: 27
185.162.218.0/24 maxlen: 27
185.162.219.0/24 maxlen: 27
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:b4:13:ce:b3:ee:b8:09:ac:4d:31:48:30:1f:61:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Validity
Not Before: Jan 2 13:38:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=88cb01eed87e28ed97686f70aba865ffb4f1c25c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:01:a5:83:ee:94:66:99:fd:bd:54:39:73:52:
eb:47:70:1a:ee:57:3f:a7:84:0f:f9:8c:c7:62:70:
f6:b2:79:f4:3f:3f:71:f0:93:1f:2a:f6:fd:40:f5:
95:60:65:4d:2a:0d:49:24:0e:10:bf:6a:d0:2c:b9:
d0:47:78:91:4e:2b:36:d8:cb:41:61:96:1e:a9:3e:
07:cc:ba:4a:52:ad:65:5c:bf:2e:56:1a:88:0e:1d:
f2:6d:42:75:74:26:c1:19:95:f9:02:34:c0:e7:19:
57:15:25:ef:05:b2:86:ff:b2:cb:56:fe:cd:ee:f8:
f3:ec:4f:a9:37:ca:e6:2d:23:16:e2:77:cb:25:a7:
c3:e7:af:3d:20:11:4e:b0:2b:a9:93:d9:3c:22:08:
84:a5:84:52:2b:f4:2c:dc:53:b7:7c:ef:71:97:ff:
49:84:b2:2d:8e:73:13:fd:60:72:6a:b3:2c:ca:c5:
38:47:0d:12:7b:7b:22:86:88:fd:d8:f8:e1:6b:8d:
1b:56:a7:95:7f:a0:2c:1f:86:71:a9:1b:74:40:25:
7e:40:9c:e8:a9:87:69:ca:d7:c1:59:fe:60:9d:4e:
fd:36:d1:57:b4:14:4a:32:fd:ab:e1:2c:4a:c8:e7:
87:6e:ed:7a:7c:2b:de:47:ae:26:f5:7d:04:90:ad:
42:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:CB:01:EE:D8:7E:28:ED:97:68:6F:70:AB:A8:65:FF:B4:F1:C2:5C
X509v3 Authority Key Identifier:
keyid:0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/iMsB7th-KO2XaG9wq6hl_7Txwlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/DNpch0NU2Dgm5DwlNbduINW2GwU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.162.217.0-185.162.219.255
Signature Algorithm: sha256WithRSAEncryption
a8:7f:c5:54:67:0b:b9:ce:24:95:e6:cc:ea:2e:f2:65:06:f5:
66:a3:c5:ac:2e:bb:6b:f8:e5:5b:b3:76:53:41:e3:fa:80:12:
32:cf:5a:00:06:87:8f:ef:18:4e:93:4d:fe:59:44:fd:ba:dc:
8e:97:69:18:e2:49:f9:23:24:19:84:e4:7d:f0:6a:7e:11:cf:
4f:04:b9:ba:71:27:fd:85:e2:a2:de:7f:c9:b8:98:e9:6c:17:
79:7f:46:8f:00:9c:87:8b:49:97:2d:5c:0c:c7:12:4c:4c:9a:
41:29:c3:09:81:f6:24:9f:cf:75:a7:98:08:3e:f1:58:ef:bc:
72:13:86:2e:68:05:f0:33:3e:0d:fc:c9:3a:0a:a4:de:e4:95:
c6:8f:81:f3:da:9a:6b:7a:ee:6f:96:a1:04:7e:af:14:bd:7c:
27:9c:4a:75:84:c9:be:ce:28:92:d9:46:b4:21:7a:16:bc:01:
54:01:f7:6e:d4:f5:c5:59:96:bf:60:8a:fe:77:93:08:bc:da:
ea:9f:80:e8:63:1c:7f:41:37:6c:0f:3c:9e:4b:f5:0f:ca:a5:
6e:6e:4e:c7:2e:e8:6c:16:31:87:15:46:29:17:6f:c4:b1:37:
d4:2b:71:6d:e1:91:e1:24:86:8d:b4:d5:02:18:1b:a0:ac:88:
b9:ac:aa:8c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVytBPOs+64CaxNMUgwH2HFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZGE1Yzg3NDM1NGQ4MzgyNmU0M2MyNTM1Yjc2ZTIwZDVi
NjFiMDUwHhcNMjMwMTAyMTMzODAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGNiMDFlZWQ4N2UyOGVkOTc2ODZmNzBhYmE4NjVmZmI0ZjFjMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gGlg+6UZpn9vVQ5c1LrR3Aa7lc/
p4QP+YzHYnD2snn0Pz9x8JMfKvb9QPWVYGVNKg1JJA4Qv2rQLLnQR3iRTis22MtB
YZYeqT4HzLpKUq1lXL8uVhqIDh3ybUJ1dCbBGZX5AjTA5xlXFSXvBbKG/7LLVv7N
7vjz7E+pN8rmLSMW4nfLJafD5689IBFOsCupk9k8IgiEpYRSK/Qs3FO3fO9xl/9J
hLItjnMT/WByarMsysU4Rw0Se3sihoj92Pjha40bVqeVf6AsH4ZxqRt0QCV+QJzo
qYdpytfBWf5gnU79NtFXtBRKMv2r4SxKyOeHbu16fCveR64m9X0EkK1CAQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIjLAe7Yfijtl2hvcKuoZf+08cJcMB8GA1UdIwQY
MBaAFAzaXIdDVNg4JuQ8JTW3biDVthsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE5wY2gwTlUyRGdtNUR3bE5iZHVJTlcyR3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85MjMzMmYtMDNlMC00MTE2LWI2ZjMt
YzgyZjQyNGI2ZDBkLzEvaU1zQjd0aC1LTzJYYUc5d3E2aGxfN1R4d2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85MjMzMmYtMDNlMC00MTE2LWI2ZjMtYzgyZjQyNGI2ZDBk
LzEvRE5wY2gwTlUyRGdtNUR3bE5iZHVJTlcyR3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5otkD
BAK5otgwDQYJKoZIhvcNAQELBQADggEBAKh/xVRnC7nOJJXmzOou8mUG9Wajxawu
u2v45VuzdlNB4/qAEjLPWgAGh4/vGE6TTf5ZRP263I6XaRjiSfkjJBmE5H3wan4R
z08EubpxJ/2F4qLef8m4mOlsF3l/Ro8AnIeLSZctXAzHEkxMmkEpwwmB9iSfz3Wn
mAg+8VjvvHIThi5oBfAzPg38yToKpN7klcaPgfPammt67m+WoQR+rxS9fCecSnWE
yb7OKJLZRrQheha8AVQB927U9cVZlr9giv53kwi82uqfgOhjHH9BN2wPPJ5L9Q/K
pW5uTscu6GwWMYcVRikXb8SxN9QrcW3hkeEkho201QIYG6CsiLmsqow=
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:54:59 2025 by rpki-client