Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/XxVHaLE679tPZn2MPx8fTmGaXsU.roa
File: XxVHaLE679tPZn2MPx8fTmGaXsU.roa (raw, json)
Hash identifier: 4j1Zq3J+xhrU7Y7NSyI/KAUktNGGETONrtfcaGH580M=
Subject key identifier: 5F:15:47:68:B1:3A:EF:DB:4F:66:7D:8C:3F:1F:1F:4E:61:9A:5E:C5
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018998ED7B149AE9DB732FE50784D1B2301A
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/XxVHaLE679tPZn2MPx8fTmGaXsU.roa
Signing time: Thu 27 Jul 2023 19:57:27 +0000
ROA not before: Thu 27 Jul 2023 19:57:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197644
IP address blocks: 185.65.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:98:ed:7b:14:9a:e9:db:73:2f:e5:07:84:d1:b2:30:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jul 27 19:57:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f154768b13aefdb4f667d8c3f1f1f4e619a5ec5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:be:1f:b9:1a:65:10:66:65:d5:62:b7:ca:d5:
1f:28:77:81:95:a3:11:28:24:fd:9a:ff:48:33:fd:
e3:db:13:b2:8c:cf:4a:4b:94:64:1c:ad:a4:f0:09:
ba:df:71:ea:69:44:bb:a0:7d:67:84:5a:d5:83:a6:
27:41:3c:c2:39:68:c1:49:23:f6:07:10:6c:03:8f:
57:79:96:81:8b:e3:1e:31:a5:e3:5a:65:05:20:16:
f8:b9:42:0d:f7:6c:d4:f7:d3:e6:ec:ab:0b:f7:cb:
55:2c:4d:68:5a:f3:d0:5e:04:06:5c:21:54:a5:90:
5e:b1:7c:dc:ba:e7:26:42:be:58:51:8d:87:0e:6a:
e8:c8:4b:02:df:2b:a7:a1:b8:4e:74:1f:fb:32:9d:
83:ed:df:3b:b3:1b:d0:7c:a3:cc:d9:85:64:1d:08:
57:73:aa:81:02:c6:ef:fa:30:b9:55:c9:d2:a3:6e:
b2:b8:76:67:c9:88:29:b7:8b:77:62:d0:de:31:58:
15:8d:0d:c1:27:c3:1f:8f:38:40:fe:da:7d:9d:6c:
09:91:59:cf:1d:df:fe:da:77:53:65:98:42:0a:eb:
73:b9:ce:76:4a:f6:45:7f:bf:00:15:60:bd:c4:f5:
aa:a3:1b:21:57:2f:8c:5c:05:28:f1:49:35:1b:52:
78:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:15:47:68:B1:3A:EF:DB:4F:66:7D:8C:3F:1F:1F:4E:61:9A:5E:C5
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/XxVHaLE679tPZn2MPx8fTmGaXsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.68.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:8f:cc:e9:9f:b4:f0:e8:f3:e5:35:ca:41:70:b4:1d:f0:62:
f0:09:a6:a7:32:c7:87:64:25:09:a0:2c:b8:a5:fc:21:2b:db:
fb:cd:3f:26:b1:7d:91:ba:a0:36:80:57:f7:2b:a9:8e:ee:66:
2a:dc:f9:c7:cc:4d:6e:2d:58:25:e3:f6:53:b3:49:d7:92:9e:
ba:9a:4c:0d:e8:6e:5b:4c:49:5d:30:94:5f:5e:37:c2:35:e1:
7c:0d:ea:2a:c6:dd:e4:6f:fd:cf:d2:ad:c1:08:49:e3:8c:c6:
65:50:08:f7:2e:19:31:e2:20:17:71:74:50:86:80:b1:9b:1f:
6a:98:83:cf:e8:ae:e6:4a:26:62:bf:c7:bf:10:49:f0:54:43:
b2:58:41:ff:58:84:97:4e:e7:4f:6d:c2:60:5d:05:a6:db:12:
bb:5b:dd:85:0a:e1:db:81:15:c7:e6:d1:59:ee:0a:0a:c3:81:
35:cb:34:a2:f5:03:44:60:ac:c1:1f:02:fa:30:8b:fa:ff:ac:
27:4e:30:b5:f7:8b:75:2d:dd:2f:b4:0b:cd:df:95:af:65:a1:
f1:f8:7d:a4:22:68:92:5c:b0:a0:fb:60:f4:56:62:c3:40:ab:
0c:a2:13:e8:73:97:4a:2d:97:d4:a7:f0:93:0f:42:2e:90:4c:
79:fd:fa:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYmY7XsUmunbcy/lB4TRsjAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNzI3MTk1NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjE1NDc2OGIxM2FlZmRiNGY2NjdkOGMzZjFmMWY0ZTYxOWE1ZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr4fuRplEGZl1WK3ytUfKHeBlaMR
KCT9mv9IM/3j2xOyjM9KS5RkHK2k8Am633HqaUS7oH1nhFrVg6YnQTzCOWjBSSP2
BxBsA49XeZaBi+MeMaXjWmUFIBb4uUIN92zU99Pm7KsL98tVLE1oWvPQXgQGXCFU
pZBesXzcuucmQr5YUY2HDmroyEsC3yunobhOdB/7Mp2D7d87sxvQfKPM2YVkHQhX
c6qBAsbv+jC5VcnSo26yuHZnyYgpt4t3YtDeMVgVjQ3BJ8MfjzhA/tp9nWwJkVnP
Hd/+2ndTZZhCCutzuc52SvZFf78AFWC9xPWqoxshVy+MXAUo8Uk1G1J49QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8VR2ixOu/bT2Z9jD8fH05hml7FMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvWHhWSGFMRTY3OXRQWm4yTVB4OGZUbUdhWHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUFEMA0G
CSqGSIb3DQEBCwUAA4IBAQB9j8zpn7Tw6PPlNcpBcLQd8GLwCaanMseHZCUJoCy4
pfwhK9v7zT8msX2RuqA2gFf3K6mO7mYq3PnHzE1uLVgl4/ZTs0nXkp66mkwN6G5b
TEldMJRfXjfCNeF8Deoqxt3kb/3P0q3BCEnjjMZlUAj3Lhkx4iAXcXRQhoCxmx9q
mIPP6K7mSiZiv8e/EEnwVEOyWEH/WISXTudPbcJgXQWm2xK7W92FCuHbgRXH5tFZ
7goKw4E1yzSi9QNEYKzBHwL6MIv6/6wnTjC194t1Ld0vtAvN35WvZaHx+H2kImiS
XLCg+2D0VmLDQKsMohPoc5dKLZfUp/CTD0IukEx5/fo2
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:38:43 2025 by rpki-client