Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/aszktq96ycwAuq6IZACKmPSggVo.roa
File: aszktq96ycwAuq6IZACKmPSggVo.roa (raw, json)
Hash identifier: Nm6C9MY+5WNYnRaOndn6ROoI8HR+meJois9/U5w+rHg=
Subject key identifier: 6A:CC:E4:B6:AF:7A:C9:CC:00:BA:AE:88:64:00:8A:98:F4:A0:81:5A
Certificate issuer: /CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Certificate serial: 0BC42414
Authority key identifier: 08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/aszktq96ycwAuq6IZACKmPSggVo.roa
Signing time: Sat 01 Jan 2022 14:07:54 +0000
ROA not before: Sat 01 Jan 2022 14:07:54 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60134
IP address blocks: 185.158.253.0/24 maxlen: 24
185.158.252.0/22 maxlen: 22
185.158.252.0/24 maxlen: 24
185.158.255.0/24 maxlen: 24
185.158.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 197403668 (0xbc42414)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Validity
Not Before: Jan 1 14:07:54 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6acce4b6af7ac9cc00baae8864008a98f4a0815a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c8:40:ea:5f:5d:1e:f4:8e:8a:83:63:9a:2b:
ad:1f:43:41:8e:39:cd:7a:21:6a:7a:c5:c2:47:5f:
43:d7:38:ac:aa:12:a0:16:0d:e7:53:e2:53:0b:0f:
b5:dd:d0:ce:ca:e3:43:9d:93:e2:e5:e8:bf:2e:4c:
22:90:cc:6d:b5:cb:ad:64:f5:8a:34:ab:8a:6c:93:
c2:0e:8c:7b:f3:ba:03:43:e9:c3:1b:60:2b:67:66:
2d:6f:e3:1e:70:82:66:ef:9f:7d:21:e6:42:03:06:
fe:89:6e:c0:76:e7:76:b8:ab:2c:53:fa:71:c6:8e:
8a:9e:85:44:64:b2:b3:2a:01:78:c9:83:75:5b:83:
e6:e7:92:38:31:12:1a:09:0c:11:4c:33:c5:12:f4:
3f:d8:de:65:45:2d:cc:d9:a8:23:19:5e:c9:f1:84:
d0:43:fa:f5:9a:f8:a6:ba:64:23:18:84:a3:12:7b:
d4:fb:fe:2a:69:23:73:f2:1a:6b:c5:f9:40:82:34:
25:6b:01:ed:a5:fe:aa:02:0f:bc:e2:bc:c0:ca:1a:
99:2e:b1:dd:00:5c:5b:03:d1:ce:6a:b6:5c:66:c6:
34:5b:ef:92:f7:d6:e6:60:74:76:77:d9:38:ad:34:
5f:c0:82:ac:9d:d1:e5:24:c3:e1:f0:b7:b7:2c:c9:
5e:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:CC:E4:B6:AF:7A:C9:CC:00:BA:AE:88:64:00:8A:98:F4:A0:81:5A
X509v3 Authority Key Identifier:
keyid:08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/aszktq96ycwAuq6IZACKmPSggVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.158.252.0/22
Signature Algorithm: sha256WithRSAEncryption
44:b9:07:f1:aa:f1:d3:2e:ca:d7:bc:bc:0f:9f:0a:45:93:84:
cd:ee:2f:1f:86:d8:00:1d:c3:ba:05:76:b7:d2:b3:b1:42:79:
ab:96:b3:cc:99:64:5e:03:e2:8d:d0:61:d5:43:04:b7:c7:9e:
3d:33:d5:b7:ec:f4:82:5b:e9:0c:54:75:a6:a9:5b:c1:0a:19:
b2:2c:f4:a7:8c:8b:42:e0:cd:46:61:c2:a8:fe:04:0a:b8:d5:
9b:27:e2:d9:65:4c:90:05:5b:e2:71:b9:6b:02:9d:45:cc:93:
bc:27:59:c0:e9:0c:74:bd:4a:41:56:22:13:5e:b8:a4:99:57:
36:23:9b:13:87:46:5a:72:dc:fa:da:3f:30:00:5c:83:ff:64:
33:75:82:d1:3b:22:dd:4e:2a:48:6b:c8:83:cb:35:a8:4f:ff:
f2:ee:f1:50:7b:c7:12:8c:52:b5:42:5c:96:07:44:21:57:94:
1f:a0:1b:a5:f4:45:ed:99:45:e5:0a:e2:65:45:f3:6e:a6:b4:
bd:e7:23:3e:17:85:ac:81:c7:db:1a:bb:48:a7:4e:fd:df:5a:
55:c7:44:e1:26:fa:d0:6e:48:23:a6:bf:07:06:c5:26:46:c8:
49:e7:bd:21:cd:ce:c9:94:1f:af:fb:c4:72:02:a2:a4:82:6c:
c1:6f:8c:2f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC8QkFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OGQzYTUxNTY4M2U5ZGRiODVkMzhlN2FiMzljMzNhZWRhY2FmN2VmMB4XDTIyMDEw
MTE0MDc1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmFjY2U0YjZhZjdh
YzljYzAwYmFhZTg4NjQwMDhhOThmNGEwODE1YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALTIQOpfXR70joqDY5orrR9DQY45zXohanrFwkdfQ9c4rKoS
oBYN51PiUwsPtd3QzsrjQ52T4uXovy5MIpDMbbXLrWT1ijSrimyTwg6Me/O6A0Pp
wxtgK2dmLW/jHnCCZu+ffSHmQgMG/oluwHbndrirLFP6ccaOip6FRGSysyoBeMmD
dVuD5ueSODESGgkMEUwzxRL0P9jeZUUtzNmoIxleyfGE0EP69Zr4prpkIxiEoxJ7
1Pv+Kmkjc/Iaa8X5QII0JWsB7aX+qgIPvOK8wMoamS6x3QBcWwPRzmq2XGbGNFvv
kvfW5mB0dnfZOK00X8CCrJ3R5STD4fC3tyzJXpkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRqzOS2r3rJzAC6rohkAIqY9KCBWjAfBgNVHSMEGDAWgBQI06UVaD6d24XT
jnqznDOu2sr37zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NOT2xGV2ctbmR1RjA0NTZzNXd6cnRySzktOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTkvNjdjZmEwLWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2YS8x
L2Fzemt0cTk2eWN3QXVxNklaQUNLbVBTZ2dWby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkv
NjdjZmEwLWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2YS8xL0NOT2xGV2ctbmR1
RjA0NTZzNXd6cnRySzktOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArme/DANBgkqhkiG9w0BAQsFAAOC
AQEARLkH8arx0y7K17y8D58KRZOEze4vH4bYAB3DugV2t9KzsUJ5q5azzJlkXgPi
jdBh1UMEt8eePTPVt+z0glvpDFR1pqlbwQoZsiz0p4yLQuDNRmHCqP4ECrjVmyfi
2WVMkAVb4nG5awKdRcyTvCdZwOkMdL1KQVYiE164pJlXNiObE4dGWnLc+to/MABc
g/9kM3WC0Tsi3U4qSGvIg8s1qE//8u7xUHvHEoxStUJclgdEIVeUH6AbpfRF7ZlF
5QriZUXzbqa0vecjPheFrIHH2xq7SKdO/d9aVcdE4Sb60G5II6a/BwbFJkbISee9
Ic3OyZQfr/vEcgKipIJswW+MLw==
-----END CERTIFICATE-----
Generated at Mon Apr 21 21:18:01 2025 by rpki-client