Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aoHX5QXm2I2xHzvVEyMRmXsJc_A.roa
File: aoHX5QXm2I2xHzvVEyMRmXsJc_A.roa (raw, json)
Hash identifier: vbQFFIbuB9s76jViYO5jDXLbStDNWuWEEtbHdwZmSnI=
Subject key identifier: 6A:81:D7:E5:05:E6:D8:8D:B1:1F:3B:D5:13:23:11:99:7B:09:73:F0
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 019425FC7C83B20C7AE6B64EF9C26471A4A4
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aoHX5QXm2I2xHzvVEyMRmXsJc_A.roa
Signing time: Thu 02 Jan 2025 07:48:11 +0000
ROA not before: Thu 02 Jan 2025 07:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 142578
IP address blocks: 185.207.196.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:7c:83:b2:0c:7a:e6:b6:4e:f9:c2:64:71:a4:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 07:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a81d7e505e6d88db11f3bd5132311997b0973f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:17:9c:51:16:55:d7:a2:af:18:79:ca:4a:47:
a5:52:ae:d2:52:70:f4:40:7c:1a:77:a0:28:4e:b2:
bd:06:0b:b7:4e:ab:d4:69:8d:e7:24:9f:4d:84:8f:
e3:a5:86:81:8a:4c:8e:22:04:ce:91:ff:c6:65:56:
c8:25:63:c5:b2:49:49:85:fd:37:c7:c7:b5:e2:cd:
ca:62:60:67:26:45:c7:28:f7:c0:a9:24:e4:63:3d:
c2:c9:40:fc:d8:0d:5b:18:e2:9f:bc:54:91:f6:f0:
02:72:8a:b2:22:ea:db:5d:a8:62:13:e1:67:94:05:
f0:83:91:84:00:ee:b2:43:b0:28:9f:f3:2d:88:55:
ab:3b:c0:9e:3a:c4:89:aa:70:d4:57:ce:d7:47:d1:
71:48:ee:19:e9:bf:a0:47:12:6a:5b:7e:b0:6a:4e:
d3:96:9f:b8:18:2a:45:2a:4b:bb:27:81:b0:b6:3d:
c4:c0:38:67:ec:47:f7:b6:45:da:a2:1c:41:35:d1:
4a:10:3c:db:74:38:14:a5:cf:72:15:a8:ef:c8:ce:
ca:d6:2a:23:4b:10:e0:f4:1d:16:2b:46:ea:60:33:
47:32:d3:63:d8:25:52:2c:28:09:63:b2:57:5d:12:
31:e2:b7:78:c6:6b:99:90:9d:8b:d7:a4:7c:59:88:
86:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:81:D7:E5:05:E6:D8:8D:B1:1F:3B:D5:13:23:11:99:7B:09:73:F0
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aoHX5QXm2I2xHzvVEyMRmXsJc_A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.207.196.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:64:64:8c:0e:2a:44:c0:a7:c3:96:6b:1f:5c:14:7a:d8:6a:
9e:a5:09:5f:4a:cb:e8:d4:7b:71:50:65:3f:8e:61:05:00:e3:
34:14:61:35:cb:c0:28:7e:6e:76:6b:3c:c0:56:8a:2c:a6:54:
08:84:06:41:18:0f:d7:68:75:5b:0a:69:91:f1:c8:b3:bc:cf:
2a:98:28:66:39:87:af:c0:d0:01:9d:73:fc:7f:1d:e4:e6:06:
d5:7e:f9:81:0f:36:76:ed:0d:09:ff:42:b4:b6:27:41:36:12:
50:88:23:2c:2b:cb:50:fc:70:a8:9b:26:0b:04:e2:24:e6:80:
76:a4:35:30:38:2e:8a:15:01:cc:59:18:8e:e2:ea:3a:5f:91:
38:2e:4d:3d:99:09:88:95:b0:e4:10:c5:dc:d2:c7:89:c8:76:
81:45:eb:4b:c7:ab:fe:bd:9f:1b:9f:27:43:bb:af:c6:c3:84:
1a:54:fc:ca:a8:62:12:53:fb:5a:9b:f5:a2:ec:19:7c:ce:9e:
08:9f:60:4f:f0:f7:e9:98:4b:a0:37:0f:04:88:89:6a:b6:1a:
5c:b5:e4:8e:f5:58:e8:40:e6:25:29:6c:86:d9:4c:7e:9c:25:
88:82:08:b0:af:69:98:80:96:d8:7a:cd:5d:dd:69:3e:fc:e8:
3e:28:ec:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/HyDsgx65rZO+cJkcaSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgxZDdlNTA1ZTZkODhkYjExZjNiZDUxMzIzMTE5OTdiMDk3M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRecURZV16KvGHnKSkelUq7SUnD0
QHwad6AoTrK9Bgu3TqvUaY3nJJ9NhI/jpYaBikyOIgTOkf/GZVbIJWPFsklJhf03
x8e14s3KYmBnJkXHKPfAqSTkYz3CyUD82A1bGOKfvFSR9vACcoqyIurbXahiE+Fn
lAXwg5GEAO6yQ7Aon/MtiFWrO8CeOsSJqnDUV87XR9FxSO4Z6b+gRxJqW36wak7T
lp+4GCpFKku7J4Gwtj3EwDhn7Ef3tkXaohxBNdFKEDzbdDgUpc9yFajvyM7K1ioj
SxDg9B0WK0bqYDNHMtNj2CVSLCgJY7JXXRIx4rd4xmuZkJ2L16R8WYiG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqB1+UF5tiNsR871RMjEZl7CXPwMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvYW9IWDVRWG0ySTJ4SHp2VkV5TVJtWHNKY19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc/EMA0G
CSqGSIb3DQEBCwUAA4IBAQCoZGSMDipEwKfDlmsfXBR62GqepQlfSsvo1HtxUGU/
jmEFAOM0FGE1y8Aofm52azzAVoosplQIhAZBGA/XaHVbCmmR8cizvM8qmChmOYev
wNABnXP8fx3k5gbVfvmBDzZ27Q0J/0K0tidBNhJQiCMsK8tQ/HComyYLBOIk5oB2
pDUwOC6KFQHMWRiO4uo6X5E4Lk09mQmIlbDkEMXc0seJyHaBRetLx6v+vZ8bnydD
u6/Gw4QaVPzKqGISU/tam/Wi7Bl8zp4In2BP8PfpmEugNw8EiIlqthpcteSO9Vjo
QOYlKWyG2Ux+nCWIggiwr2mYgJbYes1d3Wk+/Og+KOwH
-----END CERTIFICATE-----
Generated at Thu Apr 10 15:48:08 2025 by rpki-client