Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/biCX_OmikUt7jwsLU5UsYe3hsXw.roa
File: biCX_OmikUt7jwsLU5UsYe3hsXw.roa (raw, json)
Hash identifier: h7wxcY+G1iW0McTo6Pb/GIWciEPeyC0nJMPRmfuBBUI=
Subject key identifier: 6E:20:97:FC:E9:A2:91:4B:7B:8F:0B:0B:53:95:2C:61:ED:E1:B1:7C
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0185719547DF4A03053ACC0601E52E451639
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/biCX_OmikUt7jwsLU5UsYe3hsXw.roa
Signing time: Mon 02 Jan 2023 08:24:46 +0000
ROA not before: Mon 02 Jan 2023 08:24:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 62.182.175.0/24 maxlen: 24
194.15.152.0/22 maxlen: 24
194.15.153.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:47:df:4a:03:05:3a:cc:06:01:e5:2e:45:16:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jan 2 08:24:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6e2097fce9a2914b7b8f0b0b53952c61ede1b17c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:0d:e8:1b:6d:6c:d9:42:7b:1f:09:bc:16:50:
d9:7b:e7:8f:f1:a1:59:dd:60:af:b6:d9:cf:a2:90:
33:02:9a:e9:e3:a9:34:d5:f3:41:06:c6:c5:f4:25:
c1:95:f0:a7:39:65:ed:a2:43:91:58:40:52:61:73:
7a:a8:56:51:fd:c8:59:37:49:e9:a2:04:96:54:2a:
7b:a5:90:68:f9:e8:d6:04:83:1f:c8:bc:26:d4:31:
68:34:06:02:20:e1:3a:e5:8f:2e:09:b8:50:6d:82:
6d:20:5c:7f:7e:d2:1e:a3:53:59:bb:7c:67:30:e4:
f8:fd:24:8b:3e:77:1d:ec:8e:a1:e4:6a:d8:59:67:
80:63:e7:b9:da:86:bd:f4:04:b3:09:f4:14:83:35:
03:78:87:94:c9:53:dc:47:40:8c:25:13:60:27:47:
69:a4:15:38:be:de:1c:ff:1a:3b:d4:6e:08:ab:11:
76:fd:3f:06:9e:38:f3:fd:df:1d:3c:3c:9f:23:85:
a5:d9:4f:fe:9d:39:dc:5b:c4:f2:8e:18:00:c7:03:
61:63:1d:16:58:1d:7e:4a:2a:42:b6:b0:f5:f7:7f:
4f:8d:e5:6f:e4:86:d2:4d:99:12:6f:9e:69:18:f2:
94:23:18:16:a0:e0:5c:d1:e2:34:6b:11:f7:f5:2b:
23:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:20:97:FC:E9:A2:91:4B:7B:8F:0B:0B:53:95:2C:61:ED:E1:B1:7C
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/biCX_OmikUt7jwsLU5UsYe3hsXw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.175.0/24
194.15.152.0/22
Signature Algorithm: sha256WithRSAEncryption
8e:e8:60:00:4f:97:6f:02:1f:c9:4b:96:81:4e:36:c7:d4:c3:
95:ac:78:cf:8c:5c:b0:fd:d1:bc:45:09:78:8d:ec:5b:1b:37:
25:a1:0b:d0:47:c6:8e:d7:8a:3e:8a:65:b9:19:93:5a:85:9d:
fe:7a:b5:2b:84:03:84:74:ea:ae:41:b0:1c:52:46:23:cb:d4:
16:8f:1d:8f:e6:29:87:47:ae:f3:2f:3c:e2:03:a5:cb:d9:75:
09:f2:5c:1a:39:16:2f:98:28:1a:fd:94:20:2f:e6:23:c3:18:
c8:7d:47:82:44:8a:1e:d4:92:10:86:63:d8:14:b7:a3:91:65:
14:83:14:6d:9e:34:de:08:9a:d9:d7:7e:29:e7:26:e2:f4:13:
2e:bb:f8:58:bc:38:96:9b:47:24:2e:7d:51:f9:6d:b7:42:05:
8f:0b:aa:51:11:6f:ea:a5:a2:5d:65:26:a4:43:c1:35:40:92:
a1:8e:2f:cd:19:7b:46:9d:3b:67:13:2b:19:cc:17:e0:43:22:
f0:74:f9:9a:76:ce:98:34:24:c0:e7:ab:ec:71:d9:ab:a8:1c:
7e:17:32:81:4b:b9:d8:d7:b6:7e:d4:51:c7:9c:14:d6:38:9f:
22:8e:af:57:d7:a3:2a:ab:83:1f:65:7e:88:4e:c1:9d:86:5d:
92:ae:dd:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxlUffSgMFOswGAeUuRRY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTIwOTdmY2U5YTI5MTRiN2I4ZjBiMGI1Mzk1MmM2MWVkZTFiMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA3oG21s2UJ7Hwm8FlDZe+eP8aFZ
3WCvttnPopAzAprp46k01fNBBsbF9CXBlfCnOWXtokORWEBSYXN6qFZR/chZN0np
ogSWVCp7pZBo+ejWBIMfyLwm1DFoNAYCIOE65Y8uCbhQbYJtIFx/ftIeo1NZu3xn
MOT4/SSLPncd7I6h5GrYWWeAY+e52oa99ASzCfQUgzUDeIeUyVPcR0CMJRNgJ0dp
pBU4vt4c/xo71G4IqxF2/T8Gnjjz/d8dPDyfI4Wl2U/+nTncW8TyjhgAxwNhYx0W
WB1+SipCtrD1939PjeVv5IbSTZkSb55pGPKUIxgWoOBc0eI0axH39SsjHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG4gl/zpopFLe48LC1OVLGHt4bF8MB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvYmlDWF9PbWlrVXQ3andzTFU1VXNZZTNoc1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPravAwQC
wg+YMA0GCSqGSIb3DQEBCwUAA4IBAQCO6GAAT5dvAh/JS5aBTjbH1MOVrHjPjFyw
/dG8RQl4jexbGzcloQvQR8aO14o+imW5GZNahZ3+erUrhAOEdOquQbAcUkYjy9QW
jx2P5imHR67zLzziA6XL2XUJ8lwaORYvmCga/ZQgL+YjwxjIfUeCRIoe1JIQhmPY
FLejkWUUgxRtnjTeCJrZ134p5ybi9BMuu/hYvDiWm0ckLn1R+W23QgWPC6pREW/q
paJdZSakQ8E1QJKhji/NGXtGnTtnEysZzBfgQyLwdPmads6YNCTA56vscdmrqBx+
FzKBS7nY17Z+1FHHnBTWOJ8ijq9X16Mqq4MfZX6ITsGdhl2Srt2i
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:27:36 2025 by rpki-client