Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-hHbcm3Mk5M8Vf-0MxPY3JDEhpg.roa
File: 1-hHbcm3Mk5M8Vf-0MxPY3JDEhpg.roa (raw, json)
Hash identifier: Pe0TS+rLlFsHlJQ9k2VX6U0v3SxHrzAGiexaofTicn0=
Subject key identifier: FA:11:DB:72:6D:CC:93:93:3C:55:FF:B4:33:13:D8:DC:90:C4:86:98
Certificate issuer: /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial: 01856B8A265BA23AD95F6E66F3FF93261657
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-hHbcm3Mk5M8Vf-0MxPY3JDEhpg.roa
Signing time: Sun 01 Jan 2023 04:14:53 +0000
ROA not before: Sun 01 Jan 2023 04:14:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16223
IP address blocks: 185.53.79.0/24 maxlen: 24
5.58.0.0/16 maxlen: 23
217.196.160.0/20 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:8a:26:5b:a2:3a:d9:5f:6e:66:f3:ff:93:26:16:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Validity
Not Before: Jan 1 04:14:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fa11db726dcc93933c55ffb43313d8dc90c48698
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:1e:86:89:44:78:95:65:95:da:e6:f9:c3:79:
1f:b8:96:70:00:05:3f:d3:6d:8a:fa:98:42:69:e1:
83:62:9d:1f:24:19:4d:02:84:c8:37:bc:d6:ee:74:
82:5a:54:c6:b9:86:f7:10:2f:2f:52:26:9e:b3:51:
13:83:08:1f:ec:2c:da:1d:da:06:9b:e1:9d:d5:29:
20:0e:c1:ec:ff:9d:a8:c3:ca:00:2e:92:d5:d8:e5:
df:df:6a:8d:80:f9:b9:f6:d7:98:11:e7:2a:db:37:
b5:ba:fa:43:a6:0c:f6:18:3c:0a:df:59:d9:c3:0d:
2a:41:0f:6d:34:77:1a:01:dc:14:6c:59:b5:e4:aa:
8d:fe:6a:d5:50:a1:81:bf:4b:21:d1:64:26:3a:9b:
3e:e6:f0:7e:3f:c9:32:6b:30:4b:67:d7:7a:df:f3:
de:05:3b:cf:7f:82:45:11:11:86:89:20:16:50:56:
aa:1e:c2:f7:59:70:de:1a:20:63:d3:15:e0:ba:ce:
6d:15:eb:71:47:ea:e2:72:68:01:06:2e:a6:e7:3b:
0c:21:8b:d0:8e:9d:bf:71:d9:b5:1d:e6:d8:cc:df:
c9:a5:6b:75:52:38:3b:3a:fd:14:6a:11:66:bf:bf:
3b:23:87:1c:b6:a1:fd:b0:9d:b0:f1:83:99:73:b1:
90:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:11:DB:72:6D:CC:93:93:3C:55:FF:B4:33:13:D8:DC:90:C4:86:98
X509v3 Authority Key Identifier:
keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-hHbcm3Mk5M8Vf-0MxPY3JDEhpg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.58.0.0/16
185.53.79.0/24
217.196.160.0/20
Signature Algorithm: sha256WithRSAEncryption
9e:5b:b5:45:87:e7:14:7c:87:70:1f:6a:4f:7f:15:3c:b9:18:
a9:b2:63:8c:54:3d:13:80:7c:97:f2:1f:ed:e1:78:10:da:8d:
61:47:28:0d:63:47:64:b1:07:ee:74:15:85:6b:42:d8:14:90:
ab:d5:30:e9:6d:4c:9e:da:4b:70:b8:a1:e3:37:7b:d3:3f:01:
b9:b3:da:b1:6e:c8:b0:23:8b:d1:17:64:92:0f:63:15:d6:b8:
18:f8:51:70:42:02:b5:a1:e4:dc:3a:b6:4c:b3:e0:59:25:41:
df:ba:0a:99:cc:73:60:24:20:92:56:ea:84:10:08:4b:ab:c8:
54:38:b5:8b:18:a8:c8:9a:a0:d3:3c:b5:f2:74:7f:51:f6:98:
7c:78:97:7a:3a:e0:46:60:2d:c2:11:c0:f4:94:d2:e5:1b:ab:
3d:70:ed:a1:10:5e:dc:9d:83:43:75:b9:ec:d5:b6:d7:3d:c4:
59:8f:83:2e:15:a5:0c:0d:d0:f2:48:f1:ac:12:68:e7:de:af:
e5:6d:c2:ca:34:f8:a2:b0:79:91:ed:d9:cd:b7:0d:1e:57:fe:
48:0c:6b:f2:08:ba:91:ba:44:ef:d6:52:2d:95:37:27:a2:84:
8e:1c:00:e3:e8:26:d3:19:e8:58:93:8a:f2:8b:a4:84:a0:2e:
47:38:73:4d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVriiZbojrZX25m8/+TJhZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjMwMTAxMDQxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTExZGI3MjZkY2M5MzkzM2M1NWZmYjQzMzEzZDhkYzkwYzQ4Njk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx6GiUR4lWWV2ub5w3kfuJZwAAU/
022K+phCaeGDYp0fJBlNAoTIN7zW7nSCWlTGuYb3EC8vUiaes1ETgwgf7CzaHdoG
m+Gd1SkgDsHs/52ow8oALpLV2OXf32qNgPm59teYEecq2ze1uvpDpgz2GDwK31nZ
ww0qQQ9tNHcaAdwUbFm15KqN/mrVUKGBv0sh0WQmOps+5vB+P8kyazBLZ9d63/Pe
BTvPf4JFERGGiSAWUFaqHsL3WXDeGiBj0xXgus5tFetxR+ricmgBBi6m5zsMIYvQ
jp2/cdm1HebYzN/JpWt1Ujg7Ov0UahFmv787I4cctqH9sJ2w8YOZc7GQqwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPoR23JtzJOTPFX/tDMT2NyQxIaYMB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xLzEtaEhiY20zTWs1TThWZi0wTXhQWTNKREVocGcucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzYyL2ZiMjQxMS00ODViLTQxNDMtOTI0MS0xMzgzOTY0MGE2
MDQvMS8xLUVFb0ZHdDc3SXZSR0Z1LUREdVRRS3IxdHhRLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAATARAwMABToD
BAC5NU8DBATZxKAwDQYJKoZIhvcNAQELBQADggEBAJ5btUWH5xR8h3Afak9/FTy5
GKmyY4xUPROAfJfyH+3heBDajWFHKA1jR2SxB+50FYVrQtgUkKvVMOltTJ7aS3C4
oeM3e9M/Abmz2rFuyLAji9EXZJIPYxXWuBj4UXBCArWh5Nw6tkyz4FklQd+6CpnM
c2AkIJJW6oQQCEuryFQ4tYsYqMiaoNM8tfJ0f1H2mHx4l3o64EZgLcIRwPSU0uUb
qz1w7aEQXtydg0N1uezVttc9xFmPgy4VpQwN0PJI8awSaOfer+Vtwso0+KKweZHt
2c23DR5X/kgMa/IIupG6RO/WUi2VNyeihI4cAOPoJtMZ6FiTivKLpISgLkc4c00=
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:23:56 2025 by rpki-client