Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/Mv8gZBxuqwbAFfnErs0ZHz_9R8M.roa
File: Mv8gZBxuqwbAFfnErs0ZHz_9R8M.roa (raw, json)
Hash identifier: 7pj55ysif9I5WHq0s4SYm3+FRjk7pvOVOh4V2LgSP/4=
Subject key identifier: 32:FF:20:64:1C:6E:AB:06:C0:15:F9:C4:AE:CD:19:1F:3F:FD:47:C3
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 0194266A54CEC6BC18175043CB4BAB810885
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/Mv8gZBxuqwbAFfnErs0ZHz_9R8M.roa
Signing time: Thu 02 Jan 2025 09:48:10 +0000
ROA not before: Thu 02 Jan 2025 09:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9121
IP address blocks: 188.125.160.0/24 maxlen: 24
188.125.161.0/24 maxlen: 24
188.125.163.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.167.0/24 maxlen: 24
188.125.168.0/24 maxlen: 24
188.125.169.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6a:54:ce:c6:bc:18:17:50:43:cb:4b:ab:81:08:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Jan 2 09:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32ff20641c6eab06c015f9c4aecd191f3ffd47c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:4a:3b:cc:2f:d1:3d:0e:08:94:d7:d6:9e:c9:
11:42:25:3c:6d:cb:30:84:85:80:b7:9a:bb:de:67:
80:c1:0a:46:a1:94:c8:b0:57:0d:e1:79:68:a5:20:
32:0b:ab:6e:12:a4:0a:df:cc:5e:08:48:27:49:f4:
f4:4e:25:ed:d5:b1:d1:59:e4:44:e9:17:56:36:71:
96:78:ed:e8:3d:b5:2a:de:15:84:b9:49:35:d4:ba:
95:10:cd:1f:ca:42:7b:8b:a8:22:f4:0c:46:96:3d:
cd:c4:6c:c2:80:c3:87:b6:0d:6f:61:a0:bd:96:20:
fa:97:cc:2b:ea:76:40:3b:e1:4b:17:2c:f5:05:fd:
54:56:35:36:c4:12:e3:0d:79:56:0c:6f:eb:23:2b:
07:0a:8f:97:94:ff:f6:4c:87:d5:99:e5:e9:3d:b4:
e1:e2:b2:19:da:f3:34:a3:14:6e:b1:84:36:3c:5b:
98:11:aa:66:80:c6:92:30:2e:f4:ac:7d:35:4f:e9:
81:f7:a4:ef:c4:11:af:37:91:2c:20:66:38:be:12:
73:d5:ee:c0:0e:e9:be:d8:5e:d4:0e:eb:24:43:d7:
7d:25:7f:96:c4:9c:53:7f:1d:20:20:36:61:28:00:
25:fb:4c:1f:e4:c2:80:2a:32:9a:ef:0d:60:9b:c2:
e4:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:FF:20:64:1C:6E:AB:06:C0:15:F9:C4:AE:CD:19:1F:3F:FD:47:C3
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/Mv8gZBxuqwbAFfnErs0ZHz_9R8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.160.0/23
188.125.163.0-188.125.170.255
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
93:fc:f3:27:dd:fa:07:da:dd:88:d0:f6:97:f1:3c:a8:36:b5:
1c:93:6e:50:23:d3:45:3f:b4:68:b5:13:1b:28:fb:47:e1:d1:
2c:db:06:21:b6:e8:13:13:2e:7a:65:8f:6c:a0:e0:33:89:88:
bd:2a:e5:4a:e1:55:31:7f:de:22:f8:cc:41:ad:d5:b7:01:d3:
32:7b:d5:2a:fc:1d:2e:24:af:a3:33:3a:2e:b3:7c:ce:f6:6f:
35:c7:80:71:3b:f3:e3:4a:0d:1d:fd:e9:f3:44:34:06:c5:3f:
29:cd:b7:4a:ac:3a:05:15:ab:7f:4b:41:73:5b:89:79:fe:0e:
cc:bb:c9:94:00:65:42:21:6d:4d:8c:41:4e:36:30:b1:35:87:
44:ac:fb:5e:be:d7:8f:31:75:34:d9:40:63:25:06:aa:f7:6d:
4c:79:a5:63:f0:b5:9a:ce:a5:0b:56:5c:5d:40:83:ae:5a:5c:
a2:3e:f9:d4:f0:d2:79:ef:c5:52:ef:24:d9:f5:c3:ce:09:19:
c6:16:4f:ae:d9:33:c0:af:fb:96:62:45:53:e5:a8:78:a4:ae:
35:5c:0f:a3:22:f4:17:81:cb:19:d6:ee:da:b2:42:a2:a7:a4:
68:93:26:8a:d3:75:76:f8:fe:07:45:82:6f:94:40:69:19:23:
42:8d:19:29
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQmalTOxrwYF1BDy0urgQiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjUwMTAyMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZmMjA2NDFjNmVhYjA2YzAxNWY5YzRhZWNkMTkxZjNmZmQ0N2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUo7zC/RPQ4IlNfWnskRQiU8bcsw
hIWAt5q73meAwQpGoZTIsFcN4XlopSAyC6tuEqQK38xeCEgnSfT0TiXt1bHRWeRE
6RdWNnGWeO3oPbUq3hWEuUk11LqVEM0fykJ7i6gi9AxGlj3NxGzCgMOHtg1vYaC9
liD6l8wr6nZAO+FLFyz1Bf1UVjU2xBLjDXlWDG/rIysHCo+XlP/2TIfVmeXpPbTh
4rIZ2vM0oxRusYQ2PFuYEapmgMaSMC70rH01T+mB96TvxBGvN5EsIGY4vhJz1e7A
Dum+2F7UDuskQ9d9JX+WxJxTfx0gIDZhKAAl+0wf5MKAKjKa7w1gm8Lk1wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDL/IGQcbqsGwBX5xK7NGR8//UfDMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvTXY4Z1pCeHVxd2JBRmZuRXJzMFpIel85UjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBvH2gMAwD
BAC8faMDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEBAJP88yfd+gfa3YjQ
9pfxPKg2tRyTblAj00U/tGi1Exso+0fh0SzbBiG26BMTLnplj2yg4DOJiL0q5Urh
VTF/3iL4zEGt1bcB0zJ71Sr8HS4kr6MzOi6zfM72bzXHgHE78+NKDR396fNENAbF
PynNt0qsOgUVq39LQXNbiXn+Dsy7yZQAZUIhbU2MQU42MLE1h0Ss+16+148xdTTZ
QGMlBqr3bUx5pWPwtZrOpQtWXF1Ag65aXKI++dTw0nnvxVLvJNn1w84JGcYWT67Z
M8Cv+5ZiRVPlqHikrjVcD6Mi9BeByxnW7tqyQqKnpGiTJorTdXb4/gdFgm+UQGkZ
I0KNGSk=
-----END CERTIFICATE-----
Generated at Sat Apr 19 02:23:45 2025 by rpki-client