Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/mIH25ivvVLiY8SzmRLiUt6uRWqg.roa
File: mIH25ivvVLiY8SzmRLiUt6uRWqg.roa (raw, json)
Hash identifier: 9I0SO5/+5nvuKD3q2kjdU40cjHEW3x6LlZ4BSVqmuas=
Subject key identifier: 98:81:F6:E6:2B:EF:54:B8:98:F1:2C:E6:44:B8:94:B7:AB:91:5A:A8
Certificate issuer: /CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
Certificate serial: 0C798F70
Authority key identifier: F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/mIH25ivvVLiY8SzmRLiUt6uRWqg.roa
Signing time: Sat 01 Jan 2022 15:55:37 +0000
ROA not before: Sat 01 Jan 2022 15:55:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 185.162.144.0/24 maxlen: 24
185.162.145.0/24 maxlen: 24
185.162.146.0/24 maxlen: 24
185.162.147.0/24 maxlen: 24
185.171.24.0/24 maxlen: 24
185.171.25.0/24 maxlen: 24
185.171.26.0/24 maxlen: 24
185.171.27.0/24 maxlen: 24
185.247.136.0/24 maxlen: 24
185.247.137.0/24 maxlen: 24
185.247.138.0/24 maxlen: 24
185.247.139.0/24 maxlen: 24
45.136.104.0/24 maxlen: 24
45.136.105.0/24 maxlen: 24
185.26.144.0/24 maxlen: 24
185.26.145.0/24 maxlen: 24
185.26.146.0/24 maxlen: 24
185.26.147.0/24 maxlen: 24
185.126.177.0/24 maxlen: 24
185.126.178.0/24 maxlen: 24
185.126.179.0/24 maxlen: 24
185.126.176.0/24 maxlen: 24
45.136.106.0/24 maxlen: 24
45.136.107.0/24 maxlen: 24
185.153.228.0/24 maxlen: 24
185.153.229.0/24 maxlen: 24
185.153.230.0/24 maxlen: 24
185.153.231.0/24 maxlen: 24
2a0d:c480::/29 maxlen: 29
2a04:3880::/30 maxlen: 30
2a0d:a2c0::/29 maxlen: 29
2a06:c380::/29 maxlen: 29
2a0b:6000::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 209293168 (0xc798f70)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
Validity
Not Before: Jan 1 15:55:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9881f6e62bef54b898f12ce644b894b7ab915aa8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:9b:56:9d:13:28:3f:36:3c:16:9e:4e:8a:2a:
29:6f:a7:37:bf:bc:b2:5f:eb:fa:f3:fa:85:f6:9f:
7e:0d:c2:09:21:d9:15:bd:3f:de:1c:3f:33:f4:78:
8b:46:a9:51:a0:90:37:13:db:6d:09:e5:72:7f:8d:
54:ba:2a:a9:49:ce:fd:13:1b:4d:3e:84:0c:ca:b0:
46:5f:15:1a:d2:90:8f:53:a2:aa:56:ef:94:f7:17:
df:3d:74:df:c6:f7:40:31:7c:85:00:8e:65:98:b5:
86:55:4e:31:7b:9c:28:b1:4c:ce:84:d0:e4:c3:e1:
e6:71:84:11:92:5d:27:e1:19:96:8e:37:22:fc:39:
b9:a6:30:78:d2:87:31:9c:17:b6:ba:fb:78:73:02:
8b:d7:91:8a:85:c7:32:2e:54:9d:15:83:8f:f1:fd:
2d:11:31:f6:6a:ea:b3:04:f8:27:5d:f6:6e:9a:ba:
36:b8:80:a1:d8:d3:e3:39:f0:4b:24:b2:86:a7:f4:
b5:c9:14:80:b8:72:c6:bb:21:73:62:2d:0e:01:17:
45:a9:f6:40:26:8a:30:74:ae:6a:e2:96:d0:17:1d:
10:8b:78:49:62:92:74:3c:63:0b:46:7f:c3:31:34:
b6:22:30:f7:7a:cc:a7:f4:dd:3a:88:8d:45:b2:4e:
1e:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:81:F6:E6:2B:EF:54:B8:98:F1:2C:E6:44:B8:94:B7:AB:91:5A:A8
X509v3 Authority Key Identifier:
keyid:F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/mIH25ivvVLiY8SzmRLiUt6uRWqg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-CA6DAS4H-F2b6Qb0xtztYgYisc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.136.104.0/22
185.26.144.0/22
185.126.176.0/22
185.153.228.0/22
185.162.144.0/22
185.171.24.0/22
185.247.136.0/22
IPv6:
2a04:3880::/30
2a06:c380::/29
2a0b:6000::/29
2a0d:a2c0::/29
2a0d:c480::/29
Signature Algorithm: sha256WithRSAEncryption
64:d2:91:bb:80:b6:28:80:a8:c1:7f:a0:8a:0b:84:91:18:a9:
dc:88:01:6b:fc:c3:04:aa:a0:6a:e1:13:be:f8:ed:e3:9f:46:
86:8a:d9:3f:4c:3b:64:50:cf:6a:5f:df:23:6c:bc:d9:25:13:
f2:33:24:74:c8:54:5c:2e:17:ca:c7:f2:cb:87:59:70:c2:9d:
7b:99:1d:5f:1e:d8:27:50:61:3c:54:56:1b:0e:59:45:b0:ff:
9c:be:4f:2e:b7:48:f3:7c:56:2b:41:ba:ae:fd:68:df:67:82:
b6:fd:05:67:4b:98:70:6e:f2:50:12:8f:a9:e7:75:09:47:80:
ab:81:86:46:3d:62:0c:23:0d:cc:f9:06:0b:f1:4a:a1:d5:89:
83:b3:7a:84:8b:37:a3:4c:a3:e5:46:dd:12:55:d2:5e:1e:54:
a0:32:1d:a8:f1:4c:f2:92:7c:99:bf:5f:48:83:4a:97:9c:8d:
d3:46:ec:8d:6e:6b:a7:bb:e2:4b:5f:c2:2d:c1:fa:12:54:94:
76:3f:e1:6f:3d:4a:fd:a8:97:38:90:87:c4:48:34:24:87:16:
fa:7d:10:36:af:6c:94:3d:67:c0:35:5b:cb:a7:ee:fc:d9:29:
57:5c:e1:7e:f6:0e:44:55:1e:59:00:dd:3b:d2:75:63:37:01:
ae:42:87:68
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIEDHmPcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ODIwM2EwYzA0YjgxZmUxNzY2ZmE0MWJkMzFiNzNiNTg4MTg4YWM3MB4XDTIyMDEw
MTE1NTUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTg4MWY2ZTYyYmVm
NTRiODk4ZjEyY2U2NDRiODk0YjdhYjkxNWFhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALObVp0TKD82PBaeTooqKW+nN7+8sl/r+vP6hfaffg3CCSHZ
Fb0/3hw/M/R4i0apUaCQNxPbbQnlcn+NVLoqqUnO/RMbTT6EDMqwRl8VGtKQj1Oi
qlbvlPcX3z1038b3QDF8hQCOZZi1hlVOMXucKLFMzoTQ5MPh5nGEEZJdJ+EZlo43
Ivw5uaYweNKHMZwXtrr7eHMCi9eRioXHMi5UnRWDj/H9LREx9mrqswT4J132bpq6
NriAodjT4znwSySyhqf0tckUgLhyxrshc2ItDgEXRan2QCaKMHSuauKW0BcdEIt4
SWKSdDxjC0Z/wzE0tiIw93rMp/TdOoiNRbJOHg8CAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBSYgfbmK+9UuJjxLOZEuJS3q5FaqDAfBgNVHSMEGDAWgBT4IDoMBLgf4XZv
pBvTG3O1iBiKxzAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtQ0E2REFTNEgtRjJiNlFiMHh0enRZZ1lpc2MuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzViL2UxNGNhMy1kYThlLTRiNTgtODYzYS0zMzg5NjIwYzFiZDcv
MS9tSUgyNWl2dlZMaVk4U3ptUkxpVXQ2dVJXcWcucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVi
L2UxNGNhMy1kYThlLTRiNTgtODYzYS0zMzg5NjIwYzFiZDcvMS8xLUNBNkRBUzRI
LUYyYjZRYjB4dHp0WWdZaXNjLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MG4GCCsGAQUFBwEHAQH/BF8wXTAwBAIAATAqAwQCLYhoAwQCuRqQAwQCuX6wAwQC
uZnkAwQCuaKQAwQCuasYAwQCufeIMCkEAgACMCMDBQIqBDiAAwUDKgbDgAMFAyoL
YAADBQMqDaLAAwUDKg3EgDANBgkqhkiG9w0BAQsFAAOCAQEAZNKRu4C2KICowX+g
iguEkRip3IgBa/zDBKqgauETvvjt459GhorZP0w7ZFDPal/fI2y82SUT8jMkdMhU
XC4Xysfyy4dZcMKde5kdXx7YJ1BhPFRWGw5ZRbD/nL5PLrdI83xWK0G6rv1o32eC
tv0FZ0uYcG7yUBKPqed1CUeAq4GGRj1iDCMNzPkGC/FKodWJg7N6hIs3o0yj5Ubd
ElXSXh5UoDIdqPFM8pJ8mb9fSINKl5yN00bsjW5rp7viS1/CLcH6ElSUdj/hbz1K
/aiXOJCHxEg0JIcW+n0QNq9slD1nwDVby6fu/NkpV1zhfvYORFUeWQDdO9J1YzcB
rkKHaA==
-----END CERTIFICATE-----
Generated at Mon Apr 7 17:05:42 2025 by rpki-client