Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/e630hlEEla1qkhh9q_RyKFVS6mU.roa
File: e630hlEEla1qkhh9q_RyKFVS6mU.roa (raw, json)
Hash identifier: LvuSY780WUWg0dNJmmBt0ehbZi6ahcKPmWqg+xkATzA=
Subject key identifier: 7B:AD:F4:86:51:04:95:AD:6A:92:18:7D:AB:F4:72:28:55:52:EA:65
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 0194266A556F9D2C553153A01C2388CB6D18
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/e630hlEEla1qkhh9q_RyKFVS6mU.roa
Signing time: Thu 02 Jan 2025 09:48:10 +0000
ROA not before: Thu 02 Jan 2025 09:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49632
IP address blocks: 188.125.160.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.168.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6a:55:6f:9d:2c:55:31:53:a0:1c:23:88:cb:6d:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Jan 2 09:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7badf486510495ad6a92187dabf472285552ea65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:53:a7:39:04:c4:cc:71:81:66:ae:61:dd:15:
2c:1f:49:7e:c1:7b:1f:5e:2b:3d:33:a2:fe:7e:10:
e3:91:86:b8:23:15:c8:97:80:03:37:09:6e:0c:07:
16:91:43:48:0c:23:2e:db:d7:bd:81:80:7b:f4:26:
d4:90:62:09:3e:0c:3a:f4:b8:26:e1:a6:4b:ac:4f:
76:83:56:39:b0:64:70:2e:e1:1d:bd:ad:05:f6:c6:
e6:d0:31:de:8e:a1:67:29:50:13:a8:db:b0:9a:10:
df:4a:d9:1f:a7:f3:9d:09:67:b3:49:3f:22:25:e3:
97:ef:e1:33:21:db:4b:49:47:b4:48:19:de:cf:28:
19:40:4f:45:7f:d9:44:25:da:29:04:0c:9d:2e:d4:
61:fa:22:9b:66:4e:80:24:93:bc:9a:87:12:c8:1e:
25:2b:06:83:fe:60:a2:83:60:9e:bc:ca:74:37:1f:
80:d9:99:db:f5:1c:18:72:fa:eb:1b:81:c6:53:4b:
44:2b:9b:55:82:66:6f:b8:27:7d:1a:66:d4:9c:29:
cf:f8:2f:cd:4c:f0:7e:7c:76:04:cc:e2:c2:70:8e:
85:4a:22:82:de:24:aa:af:c2:79:b1:ca:36:48:2d:
ae:8a:bc:d2:8c:24:74:34:d6:2c:d4:bb:90:32:a9:
11:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:AD:F4:86:51:04:95:AD:6A:92:18:7D:AB:F4:72:28:55:52:EA:65
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/e630hlEEla1qkhh9q_RyKFVS6mU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.160.0/24
188.125.164.0-188.125.166.255
188.125.168.0/24
188.125.170.0/24
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:0f:9e:b9:e2:c4:e1:08:db:c3:75:1b:f9:b1:ce:58:55:a2:
04:49:38:5d:fc:68:f9:6b:14:ee:25:ff:02:75:5a:48:43:7a:
4f:0f:d6:b1:2b:43:b9:b5:a5:02:99:fa:d9:78:57:40:48:25:
d9:ef:de:b9:79:07:52:c8:14:1d:66:fa:6d:54:73:4c:04:ef:
a3:e5:bc:27:6b:47:47:64:60:e5:b1:f1:dd:11:d3:d5:c0:8a:
59:54:86:53:cf:40:fc:78:80:8d:3d:ca:02:78:f1:fa:00:66:
47:80:80:08:9f:ba:7a:03:8f:73:a7:a0:a5:e2:35:e6:00:3f:
e0:96:54:3f:c1:1a:d8:54:14:83:e2:68:18:c3:4e:b4:f4:8c:
98:81:8b:b7:85:12:bc:ac:65:ee:51:a2:80:e7:e1:c3:c8:62:
0b:78:5c:bb:c1:7f:f8:32:f7:85:1c:14:a2:11:a1:c5:98:b5:
f8:bc:14:71:c6:ad:61:91:b1:8e:cf:40:22:04:40:ea:0b:42:
62:70:7d:75:5f:02:8f:60:9f:eb:17:b2:3e:3c:cc:2c:19:be:
a1:8b:32:27:f0:50:51:be:b5:00:5f:07:ac:9e:da:dc:b9:48:
de:37:43:70:99:8c:3b:b1:4f:2c:c4:a4:cb:32:a9:d0:2b:66:
33:13:e2:66
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQmalVvnSxVMVOgHCOIy20YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjUwMTAyMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmFkZjQ4NjUxMDQ5NWFkNmE5MjE4N2RhYmY0NzIyODU1NTJlYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFOnOQTEzHGBZq5h3RUsH0l+wXsf
Xis9M6L+fhDjkYa4IxXIl4ADNwluDAcWkUNIDCMu29e9gYB79CbUkGIJPgw69Lgm
4aZLrE92g1Y5sGRwLuEdva0F9sbm0DHejqFnKVATqNuwmhDfStkfp/OdCWezST8i
JeOX7+EzIdtLSUe0SBnezygZQE9Ff9lEJdopBAydLtRh+iKbZk6AJJO8mocSyB4l
KwaD/mCig2CevMp0Nx+A2Znb9RwYcvrrG4HGU0tEK5tVgmZvuCd9GmbUnCnP+C/N
TPB+fHYEzOLCcI6FSiKC3iSqr8J5sco2SC2uirzSjCR0NNYs1LuQMqkRRwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHut9IZRBJWtapIYfav0cihVUuplMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvZTYzMGhsRUVsYTFxa2hoOXFfUnlLRlZTNm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAvH2gMAwD
BAK8faQDBAC8faYDBAC8fagDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEB
AIoPnrnixOEI28N1G/mxzlhVogRJOF38aPlrFO4l/wJ1WkhDek8P1rErQ7m1pQKZ
+tl4V0BIJdnv3rl5B1LIFB1m+m1Uc0wE76PlvCdrR0dkYOWx8d0R09XAillUhlPP
QPx4gI09ygJ48foAZkeAgAifunoDj3OnoKXiNeYAP+CWVD/BGthUFIPiaBjDTrT0
jJiBi7eFErysZe5RooDn4cPIYgt4XLvBf/gy94UcFKIRocWYtfi8FHHGrWGRsY7P
QCIEQOoLQmJwfXVfAo9gn+sXsj48zCwZvqGLMifwUFG+tQBfB6ye2ty5SN43Q3CZ
jDuxTyzEpMsyqdArZjMT4mY=
-----END CERTIFICATE-----
Generated at Sat Apr 19 12:28:02 2025 by rpki-client