Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/kAMKoBE5vr1LR2uA80XP5J56PwY.roa
File: kAMKoBE5vr1LR2uA80XP5J56PwY.roa (raw, json)
Hash identifier: nj6qId+g5m1BblUqzecig4u6ivlM86rlDBx+s4o/COk=
Subject key identifier: 90:03:0A:A0:11:39:BE:BD:4B:47:6B:80:F3:45:CF:E4:9E:7A:3F:06
Certificate issuer: /CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
Certificate serial: 019425221388F47D692502742C05511C5577
Authority key identifier: B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/kAMKoBE5vr1LR2uA80XP5J56PwY.roa
Signing time: Thu 02 Jan 2025 03:49:37 +0000
ROA not before: Thu 02 Jan 2025 03:49:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43260
IP address blocks: 185.19.92.0/24 maxlen: 24
185.19.93.0/24 maxlen: 24
185.19.94.0/24 maxlen: 24
185.19.95.0/24 maxlen: 24
185.59.28.0/24 maxlen: 24
185.59.29.0/24 maxlen: 24
185.59.30.0/24 maxlen: 24
185.59.31.0/24 maxlen: 24
185.114.192.0/24 maxlen: 24
185.114.193.0/24 maxlen: 24
185.114.194.0/24 maxlen: 24
185.114.195.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:22:13:88:f4:7d:69:25:02:74:2c:05:51:1c:55:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
Validity
Not Before: Jan 2 03:49:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90030aa01139bebd4b476b80f345cfe49e7a3f06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:2e:9d:fa:99:c9:b3:ae:5b:77:94:e0:83:c3:
8b:8d:21:71:00:7b:c9:0e:40:46:14:d9:2b:12:31:
0b:32:87:fc:89:37:ee:2d:50:2d:ed:28:bd:1d:30:
94:19:49:25:c8:2b:cb:6f:c5:11:f4:2b:c0:d6:85:
05:3b:cf:1b:70:62:18:8a:78:ff:50:0d:79:8e:0a:
29:71:f9:ad:e8:ee:a3:91:11:89:fe:3c:e3:56:ad:
35:f0:d1:89:45:23:6d:7e:cd:0c:0f:8f:0e:8c:34:
db:0e:40:52:cd:ae:c4:0f:21:ba:e2:3d:6f:df:ad:
08:e0:52:39:71:05:ba:ae:17:f9:67:79:16:b4:e0:
e0:65:fa:02:e4:2b:76:03:a2:23:d6:da:7b:fb:68:
9b:ec:db:b9:e3:f7:74:91:11:eb:af:1d:4a:aa:be:
6c:ef:be:49:e8:3b:90:61:72:c5:27:30:64:b0:4a:
2e:e0:47:c2:3b:0d:e1:01:5a:82:48:eb:b2:a5:b4:
91:5b:60:58:f5:45:83:6a:de:50:e7:74:5f:de:17:
34:61:a6:15:e6:e8:ee:0d:4a:d9:cd:3d:62:7d:f4:
ef:6a:ef:92:27:ac:e8:89:44:d7:6f:be:bf:84:ab:
55:5f:6f:d4:82:11:88:2e:a6:a3:2e:3b:8c:5a:0c:
60:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:03:0A:A0:11:39:BE:BD:4B:47:6B:80:F3:45:CF:E4:9E:7A:3F:06
X509v3 Authority Key Identifier:
keyid:B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/kAMKoBE5vr1LR2uA80XP5J56PwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.19.92.0/22
185.59.28.0/22
185.114.192.0/22
Signature Algorithm: sha256WithRSAEncryption
a7:65:b5:b3:de:7f:80:55:d9:67:de:69:3b:39:ec:b2:27:af:
23:18:78:c1:c7:c9:4f:bc:44:23:7e:7a:8f:d1:9c:ec:88:0f:
ef:d6:4b:f6:00:36:36:bf:81:24:e7:d8:2c:9d:39:dc:9f:95:
b3:9d:b0:84:1d:40:83:40:e2:57:a9:94:4a:22:63:22:c9:95:
0d:72:15:f1:f6:c5:ec:1b:12:e6:a0:8e:c9:27:94:3c:3a:e6:
cf:9e:64:ee:15:b8:d8:16:91:60:e8:7d:e0:9b:c1:f6:ee:e1:
83:ef:c7:ac:1b:74:e5:39:6f:35:d8:8f:60:4f:64:8c:b0:e1:
46:8f:0d:db:20:5a:99:8d:b4:9e:d5:57:10:c5:1d:0a:1d:71:
39:4a:51:8f:7a:70:65:15:ca:54:32:67:5c:b6:ec:d4:59:0c:
7f:87:6a:d7:dd:8d:4b:d8:56:97:cc:98:f5:a1:d7:1f:9d:96:
6b:d6:33:da:89:2c:98:be:e4:8b:17:44:69:55:9e:c7:de:73:
15:b5:b4:2a:62:71:a7:1d:a4:fb:ef:db:0f:f6:7b:a0:a2:02:
5b:6b:30:81:d0:87:56:1b:b7:8f:e2:5a:6e:c9:39:58:00:7e:
c3:f1:fe:7f:ce:bb:ca:c0:1a:b6:5e:76:d0:46:9d:a4:08:55:
f1:ad:30:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIhOI9H1pJQJ0LAVRHFV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjllZTY2MTY0ZDNjYjQxZGJkMmRmNTQxNzgxN2MzMmY0
Y2VhMDUwHhcNMjUwMTAyMDM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDAzMGFhMDExMzliZWJkNGI0NzZiODBmMzQ1Y2ZlNDllN2EzZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0S6d+pnJs65bd5Tgg8OLjSFxAHvJ
DkBGFNkrEjELMof8iTfuLVAt7Si9HTCUGUklyCvLb8UR9CvA1oUFO88bcGIYinj/
UA15jgopcfmt6O6jkRGJ/jzjVq018NGJRSNtfs0MD48OjDTbDkBSza7EDyG64j1v
360I4FI5cQW6rhf5Z3kWtODgZfoC5Ct2A6Ij1tp7+2ib7Nu54/d0kRHrrx1Kqr5s
775J6DuQYXLFJzBksEou4EfCOw3hAVqCSOuypbSRW2BY9UWDat5Q53Rf3hc0YaYV
5ujuDUrZzT1iffTvau+SJ6zoiUTXb76/hKtVX2/UghGILqajLjuMWgxg3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJADCqAROb69S0drgPNFz+Seej8GMB8GA1UdIwQY
MBaAFLhp7mYWTTy0Hb0t9UF4F8MvTOoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODkt
Y2QxZmE0ODQ0MTFiLzEva0FNS29CRTV2cjFMUjJ1QTgwWFA1SjU2UHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODktY2QxZmE0ODQ0MTFi
LzEvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuRNcAwQC
uTscAwQCuXLAMA0GCSqGSIb3DQEBCwUAA4IBAQCnZbWz3n+AVdln3mk7OeyyJ68j
GHjBx8lPvEQjfnqP0ZzsiA/v1kv2ADY2v4Ek59gsnTncn5WznbCEHUCDQOJXqZRK
ImMiyZUNchXx9sXsGxLmoI7JJ5Q8OubPnmTuFbjYFpFg6H3gm8H27uGD78esG3Tl
OW812I9gT2SMsOFGjw3bIFqZjbSe1VcQxR0KHXE5SlGPenBlFcpUMmdctuzUWQx/
h2rX3Y1L2FaXzJj1odcfnZZr1jPaiSyYvuSLF0RpVZ7H3nMVtbQqYnGnHaT779sP
9nugogJbazCB0IdWG7eP4lpuyTlYAH7D8f5/zrvKwBq2XnbQRp2kCFXxrTDq
-----END CERTIFICATE-----
Generated at Mon Apr 7 20:05:14 2025 by rpki-client