Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/C1m3AkeDj-ZukbvSvYydVobHYEE.roa
File: C1m3AkeDj-ZukbvSvYydVobHYEE.roa (raw, json)
Hash identifier: TT6pavb/l5qMFI8/OZmIP+m1YBsGdv4zx6ze+5ptTJw=
Subject key identifier: 0B:59:B7:02:47:83:8F:E6:6E:91:BB:D2:BD:8C:9D:56:86:C7:60:41
Certificate issuer: /CN=faf814df8575986dd904a98687583c138768a114
Certificate serial: 01856DD40748DF7B93E467DAFA6E69DD4243
Authority key identifier: FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/C1m3AkeDj-ZukbvSvYydVobHYEE.roa
Signing time: Sun 01 Jan 2023 14:54:50 +0000
ROA not before: Sun 01 Jan 2023 14:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21217
IP address blocks: 185.254.152.0/22 maxlen: 22
185.247.8.0/22 maxlen: 22
80.80.224.0/20 maxlen: 20
185.169.92.0/22 maxlen: 22
2001:40c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:07:48:df:7b:93:e4:67:da:fa:6e:69:dd:42:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=faf814df8575986dd904a98687583c138768a114
Validity
Not Before: Jan 1 14:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0b59b70247838fe66e91bbd2bd8c9d5686c76041
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:0e:ee:e5:b3:c8:0e:ff:bb:3c:28:42:68:e1:
0b:fe:e8:25:a1:2b:58:df:3d:67:93:c7:49:ae:95:
df:7a:f8:e3:c5:a9:cc:40:c7:30:fc:e6:d7:76:c4:
7b:ce:05:97:bc:ad:e1:37:d8:d9:8a:7b:61:23:18:
dd:1e:7a:fc:a5:35:79:19:27:41:fc:82:14:ae:16:
ae:cc:53:d1:51:3d:cf:22:85:d3:48:bb:31:d9:66:
ba:3d:d1:5b:4a:1b:c7:c7:75:9e:f4:75:69:60:3e:
70:88:d7:8e:06:15:dc:fb:72:1f:1a:96:4b:ed:de:
61:9b:06:7c:82:5d:80:6e:7a:a7:de:b7:5f:a2:46:
f2:71:7c:23:2d:24:91:fd:40:2b:4b:9d:87:9a:d6:
d0:5c:3b:9d:01:01:8b:b2:82:43:23:ba:2f:53:46:
a3:c6:dc:28:ed:f5:c7:cf:1e:36:80:3d:01:18:c3:
50:73:af:69:bf:2e:1c:b9:68:47:03:6a:86:0a:c7:
8a:a0:41:f0:87:0e:89:ad:89:29:d3:ed:e2:76:27:
a1:22:db:de:0f:76:60:e7:7f:14:ed:3b:65:64:1b:
7d:16:80:af:d7:cb:bd:7d:ec:8d:a2:d8:d0:0d:56:
62:4e:38:a5:d7:91:64:ad:f6:e5:53:bf:bb:9e:25:
06:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:59:B7:02:47:83:8F:E6:6E:91:BB:D2:BD:8C:9D:56:86:C7:60:41
X509v3 Authority Key Identifier:
keyid:FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/C1m3AkeDj-ZukbvSvYydVobHYEE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.80.224.0/20
185.169.92.0/22
185.247.8.0/22
185.254.152.0/22
IPv6:
2001:40c0::/48
Signature Algorithm: sha256WithRSAEncryption
7b:91:12:5e:09:15:69:8e:bb:14:33:6b:53:b0:d0:e3:2c:e0:
dc:10:0d:c3:8e:f4:b1:1a:aa:2c:96:60:17:b6:91:09:a3:5a:
34:dc:e6:cc:ac:75:57:6b:f1:61:71:25:5e:17:f0:18:33:38:
1b:e7:7f:44:7c:f3:cf:91:44:ef:1a:35:05:f5:bf:23:83:63:
4c:74:ab:90:4b:cb:63:12:73:cd:6c:45:e2:ea:36:cd:53:79:
32:20:8d:6c:75:e9:53:27:33:fa:fe:23:1c:77:93:df:2b:e9:
c5:10:52:c3:6b:71:30:d2:cb:ce:b6:9c:6e:6e:a9:05:02:5d:
f6:c6:ea:d4:57:4c:dc:39:8f:2a:0b:0f:26:b5:82:43:c0:1c:
b8:dd:97:e3:56:e4:3d:42:40:04:82:94:60:4f:6e:d4:18:6d:
63:13:9f:23:35:47:b7:3c:35:67:5c:b4:3e:8b:d0:e1:67:d9:
dc:04:cf:b2:8e:f2:e8:23:be:eb:99:b9:9d:07:36:b4:ab:01:
bf:d9:dd:ea:2c:a9:8d:b0:a4:1d:ec:fc:69:eb:37:d9:4d:48:
8d:87:a6:c0:ce:3f:0c:f3:12:ab:dd:21:45:cd:06:a2:c4:06:
94:84:ab:00:cf:e2:cb:fa:87:85:a7:56:2c:1a:31:5e:6b:9e:
b1:42:b2:6b
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYVt1AdI33uT5Gfa+m5p3UJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjgxNGRmODU3NTk4NmRkOTA0YTk4Njg3NTgzYzEzODc2
OGExMTQwHhcNMjMwMTAxMTQ1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjU5YjcwMjQ3ODM4ZmU2NmU5MWJiZDJiZDhjOWQ1Njg2Yzc2MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8g7u5bPIDv+7PChCaOEL/ugloStY
3z1nk8dJrpXfevjjxanMQMcw/ObXdsR7zgWXvK3hN9jZinthIxjdHnr8pTV5GSdB
/IIUrhauzFPRUT3PIoXTSLsx2Wa6PdFbShvHx3We9HVpYD5wiNeOBhXc+3IfGpZL
7d5hmwZ8gl2Abnqn3rdfokbycXwjLSSR/UArS52HmtbQXDudAQGLsoJDI7ovU0aj
xtwo7fXHzx42gD0BGMNQc69pvy4cuWhHA2qGCseKoEHwhw6JrYkp0+3idiehItve
D3Zg538U7TtlZBt9FoCv18u9feyNotjQDVZiTjil15FkrfblU7+7niUGywIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAtZtwJHg4/mbpG70r2MnVaGx2BBMB8GA1UdIwQY
MBaAFPr4FN+FdZht2QSphodYPBOHaKEUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12Z1UzNFYxbUczWkJLbUdoMWc4RTRkb29SUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvNmZiYmVkLTg3MWYtNDg1Yi1hZDFh
LTQ2MjY5ZDE3ZTlmMS8xL0MxbTNBa2VEai1adWtidlN2WXlkVm9iSFlFRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWEvNmZiYmVkLTg3MWYtNDg1Yi1hZDFhLTQ2MjY5ZDE3ZTlm
MS8xLzEtdmdVMzRWMW1HM1pCS21HaDFnOEU0ZG9vUlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQgYIKwYBBQUHAQcBAf8EMzAxMB4EAgABMBgDBARQUOAD
BAK5qVwDBAK59wgDBAK5/pgwDwQCAAIwCQMHACABQMAAADANBgkqhkiG9w0BAQsF
AAOCAQEAe5ESXgkVaY67FDNrU7DQ4yzg3BANw470sRqqLJZgF7aRCaNaNNzmzKx1
V2vxYXElXhfwGDM4G+d/RHzzz5FE7xo1BfW/I4NjTHSrkEvLYxJzzWxF4uo2zVN5
MiCNbHXpUycz+v4jHHeT3yvpxRBSw2txMNLLzracbm6pBQJd9sbq1FdM3DmPKgsP
JrWCQ8AcuN2X41bkPUJABIKUYE9u1BhtYxOfIzVHtzw1Z1y0PovQ4WfZ3ATPso7y
6CO+65m5nQc2tKsBv9nd6iypjbCkHez8aes32U1IjYemwM4/DPMSq90hRc0GosQG
lISrAM/iy/qHhadWLBoxXmuesUKyaw==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:58:10 2025 by rpki-client