Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/Fhd2y6nbDEo1rTgSwt--ObC54WQ.roa
File: Fhd2y6nbDEo1rTgSwt--ObC54WQ.roa (raw, json)
Hash identifier: LVko90N76QhTbiFc5/tCYf9btz1ipsif5e7UNfr01dc=
Subject key identifier: 16:17:76:CB:A9:DB:0C:4A:35:AD:38:12:C2:DF:BE:39:B0:B9:E1:64
Certificate issuer: /CN=faf814df8575986dd904a98687583c138768a114
Certificate serial: 01F7E299
Authority key identifier: FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/Fhd2y6nbDEo1rTgSwt--ObC54WQ.roa
Signing time: Tue 18 Jan 2022 07:51:21 +0000
ROA not before: Tue 18 Jan 2022 07:51:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21217
IP address blocks: 185.254.152.0/22 maxlen: 22
185.247.8.0/22 maxlen: 22
80.80.224.0/20 maxlen: 20
185.169.92.0/22 maxlen: 22
2001:40c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 33022617 (0x1f7e299)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=faf814df8575986dd904a98687583c138768a114
Validity
Not Before: Jan 18 07:51:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=161776cba9db0c4a35ad3812c2dfbe39b0b9e164
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:59:90:89:5f:b9:bc:36:64:e1:0d:8d:38:b8:
ab:10:73:d4:86:1a:32:05:02:68:70:28:70:5c:12:
b2:9c:f2:93:74:be:14:87:a9:b3:98:97:32:68:56:
76:63:f6:6c:4f:bf:86:37:1c:79:25:a5:12:34:ff:
c4:9c:20:f2:f2:4e:da:01:4c:9f:dd:df:5c:1c:c0:
6a:38:67:e6:1a:7d:a9:14:02:16:23:cc:70:2f:2f:
fb:55:3d:72:cc:c1:3e:25:49:5c:4b:a3:38:4d:0c:
7e:a9:1d:db:f9:99:1d:39:9f:28:65:60:ef:30:1f:
e6:7c:5b:e7:ee:67:cd:d2:8b:c5:70:7e:12:ea:de:
a8:ba:bd:b2:23:bc:b1:8b:dc:79:8f:08:20:78:0b:
d1:25:a0:1f:d3:20:bd:f1:87:ae:e4:7a:49:0f:b7:
de:92:f2:84:3c:ea:a3:74:cd:8c:43:9b:6b:a3:21:
85:9d:1a:d0:46:a6:6c:d9:07:49:05:f0:87:36:f7:
80:ef:b3:7d:7c:b0:d6:ab:ee:af:d6:30:11:9d:14:
4c:35:9f:a8:59:3a:f7:4c:5a:43:a0:f1:56:29:f9:
ef:81:7a:54:8a:bf:33:b9:d0:e6:17:2e:bc:68:6d:
bf:5b:00:44:66:a5:df:2a:75:4d:79:bb:2f:a8:99:
48:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:17:76:CB:A9:DB:0C:4A:35:AD:38:12:C2:DF:BE:39:B0:B9:E1:64
X509v3 Authority Key Identifier:
keyid:FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/Fhd2y6nbDEo1rTgSwt--ObC54WQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.80.224.0/20
185.169.92.0/22
185.247.8.0/22
185.254.152.0/22
IPv6:
2001:40c0::/48
Signature Algorithm: sha256WithRSAEncryption
0a:3c:d6:55:ac:20:a7:02:b4:16:2e:d3:0c:06:37:9f:18:bb:
27:8e:84:29:b2:d3:81:08:64:f5:88:77:37:33:19:e4:02:62:
52:06:8a:0d:23:8d:1c:22:d4:d3:35:8e:58:7b:d7:33:b8:7b:
37:40:ce:ee:bd:42:4c:f8:af:3d:aa:3f:b2:65:58:21:3e:70:
1d:ea:e2:6e:45:05:81:5b:27:49:04:df:c1:22:4d:fe:85:77:
82:b7:8d:e2:a4:a2:7b:81:42:ac:d6:7b:ee:36:06:bb:4d:7f:
92:eb:8b:2e:88:ea:2d:de:56:d1:47:4b:40:66:d1:33:b3:e6:
0e:2f:80:be:bb:8e:bf:bf:5d:71:f8:43:ed:9b:22:08:0c:a9:
a6:76:ce:41:06:66:49:1a:d7:d4:c2:23:46:8e:c9:a4:cf:61:
80:c4:9c:b2:5c:8c:02:2d:15:dc:55:14:94:c9:a0:4a:2a:f5:
42:81:74:43:4b:fd:53:af:0d:b0:b1:86:9c:9b:2c:12:c4:c4:
f4:be:f3:2d:33:28:fb:dc:7e:b5:51:e1:b8:4f:d8:58:0b:f9:
ed:f5:a9:ea:3b:6a:ba:b6:fb:a9:45:ce:df:1e:44:69:ab:5c:
ab:26:e0:f9:f4:6d:9c:1e:74:8c:41:15:95:36:f9:94:73:8f:
6c:af:c1:bf
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIEAffimTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YWY4MTRkZjg1NzU5ODZkZDkwNGE5ODY4NzU4M2MxMzg3NjhhMTE0MB4XDTIyMDEx
ODA3NTEyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTYxNzc2Y2JhOWRi
MGM0YTM1YWQzODEyYzJkZmJlMzliMGI5ZTE2NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNZkIlfubw2ZOENjTi4qxBz1IYaMgUCaHAocFwSspzyk3S+
FIeps5iXMmhWdmP2bE+/hjcceSWlEjT/xJwg8vJO2gFMn93fXBzAajhn5hp9qRQC
FiPMcC8v+1U9cszBPiVJXEujOE0Mfqkd2/mZHTmfKGVg7zAf5nxb5+5nzdKLxXB+
EureqLq9siO8sYvceY8IIHgL0SWgH9MgvfGHruR6SQ+33pLyhDzqo3TNjEOba6Mh
hZ0a0EambNkHSQXwhzb3gO+zfXyw1qvur9YwEZ0UTDWfqFk690xaQ6DxVin574F6
VIq/M7nQ5hcuvGhtv1sARGal3yp1TXm7L6iZSDUCAwEAAaOCAi4wggIqMB0GA1Ud
DgQWBBQWF3bLqdsMSjWtOBLC3745sLnhZDAfBgNVHSMEGDAWgBT6+BTfhXWYbdkE
qYaHWDwTh2ihFDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtdmdVMzRWMW1HM1pCS21HaDFnOEU0ZG9vUlEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2FhLzZmYmJlZC04NzFmLTQ4NWItYWQxYS00NjI2OWQxN2U5ZjEv
MS9GaGQyeTZuYkRFbzFyVGdTd3QtLU9iQzU0V1Eucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Fh
LzZmYmJlZC04NzFmLTQ4NWItYWQxYS00NjI2OWQxN2U5ZjEvMS8xLXZnVTM0VjFt
RzNaQkttR2gxZzhFNGRvb1JRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQEUFDgAwQCualcAwQCufcIAwQC
uf6YMA8EAgACMAkDBwAgAUDAAAAwDQYJKoZIhvcNAQELBQADggEBAAo81lWsIKcC
tBYu0wwGN58YuyeOhCmy04EIZPWIdzczGeQCYlIGig0jjRwi1NM1jlh71zO4ezdA
zu69Qkz4rz2qP7JlWCE+cB3q4m5FBYFbJ0kE38EiTf6Fd4K3jeKkonuBQqzWe+42
BrtNf5Lriy6I6i3eVtFHS0Bm0TOz5g4vgL67jr+/XXH4Q+2bIggMqaZ2zkEGZkka
19TCI0aOyaTPYYDEnLJcjAItFdxVFJTJoEoq9UKBdENL/VOvDbCxhpybLBLExPS+
8y0zKPvcfrVR4bhP2FgL+e31qeo7arq2+6lFzt8eRGmrXKsm4Pn0bZwedIxBFZU2
+ZRzj2yvwb8=
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:22:17 2025 by rpki-client