Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/d2l85cdQNMijmomTD53FVaTZBiY.roa
File: d2l85cdQNMijmomTD53FVaTZBiY.roa (raw, json)
Hash identifier: xotyo6t8T3kINA3BsMUcAZb8KUlu76OTsdmI+XznPVI=
Subject key identifier: 77:69:7C:E5:C7:50:34:C8:A3:9A:89:93:0F:9D:C5:55:A4:D9:06:26
Certificate issuer: /CN=b48184549e12e9934bffb7615bca3d0c25681360
Certificate serial: 1596E10C
Authority key identifier: B4:81:84:54:9E:12:E9:93:4B:FF:B7:61:5B:CA:3D:0C:25:68:13:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/d2l85cdQNMijmomTD53FVaTZBiY.roa
Signing time: Sat 01 Jan 2022 04:02:12 +0000
ROA not before: Sat 01 Jan 2022 04:02:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 5409
IP address blocks: 213.218.0.0/19 maxlen: 19
212.126.192.0/19 maxlen: 19
195.2.160.0/19 maxlen: 19
185.95.80.0/22 maxlen: 22
2001:4180::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 362209548 (0x1596e10c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b48184549e12e9934bffb7615bca3d0c25681360
Validity
Not Before: Jan 1 04:02:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=77697ce5c75034c8a39a89930f9dc555a4d90626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:5d:97:cd:df:eb:92:08:aa:e9:1a:bd:20:aa:
e6:a5:d6:c6:f0:8c:b1:8a:f2:58:14:5c:45:f4:9a:
71:82:46:e7:15:e5:f2:42:d5:70:0f:ad:bf:8d:ea:
52:dd:74:ab:48:de:f5:4d:ed:d4:bb:2a:5f:19:32:
2f:8c:a2:0f:f9:80:cb:db:4d:0e:8f:df:0e:36:9b:
b1:58:88:87:9a:53:1e:49:e7:11:65:b5:eb:be:a8:
e1:ba:e2:ac:b1:7a:17:79:a9:2c:e0:0a:49:3a:54:
b5:f0:db:28:17:9e:af:a0:dd:83:0c:80:c1:33:00:
08:7b:fc:3f:10:ae:a0:17:a4:22:70:95:58:81:d5:
da:c3:c8:30:44:e2:3a:06:ce:0e:67:0a:67:f0:15:
ab:e1:f0:4b:13:65:68:65:40:69:75:a5:9a:f9:6b:
c7:04:13:d8:c5:76:de:02:69:40:2f:8b:0b:ba:36:
12:5c:1c:84:b9:9b:f7:82:f9:32:32:4d:ea:78:18:
0f:7e:f1:51:dd:cf:e5:fa:90:62:0f:17:d8:6e:f5:
87:6d:62:08:27:88:a7:10:b6:15:aa:e4:5e:f7:23:
d1:e6:8e:60:05:67:f3:0b:0e:98:37:34:cb:6e:cf:
9c:78:10:a4:74:78:9c:8b:b0:36:c2:99:58:92:22:
36:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:69:7C:E5:C7:50:34:C8:A3:9A:89:93:0F:9D:C5:55:A4:D9:06:26
X509v3 Authority Key Identifier:
keyid:B4:81:84:54:9E:12:E9:93:4B:FF:B7:61:5B:CA:3D:0C:25:68:13:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/d2l85cdQNMijmomTD53FVaTZBiY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.95.80.0/22
195.2.160.0/19
212.126.192.0/19
213.218.0.0/19
IPv6:
2001:4180::/32
Signature Algorithm: sha256WithRSAEncryption
c3:0c:d7:8c:61:79:08:2e:ad:b0:d6:09:32:95:54:9c:f0:96:
0b:4c:05:be:42:86:a7:22:5b:63:5d:39:8c:45:e1:49:4c:ca:
9d:0f:4e:0f:d5:79:72:20:87:f6:bd:58:fe:04:55:78:04:da:
6f:7c:06:15:72:b2:b0:3a:62:0d:7d:aa:2a:f0:f4:e6:99:e5:
b0:e3:eb:cd:67:62:14:f6:a5:3e:1a:f0:9d:44:ef:01:13:41:
5e:5c:0a:69:02:f4:ee:5e:5b:3b:c1:bd:f8:cc:45:ad:a8:e3:
38:a9:e6:83:72:e4:05:14:1b:27:00:c6:c8:24:0e:2f:42:bc:
63:05:12:1a:5a:49:9c:73:99:d6:57:ee:65:4a:f8:7c:97:18:
60:98:9d:8e:35:c5:fe:20:cf:12:19:04:37:82:ea:e0:3d:71:
f7:2b:72:a6:55:dd:5d:29:0e:53:11:36:64:8c:3d:7b:83:31:
38:ef:af:ec:f0:1f:32:bf:f4:21:26:e6:69:c8:40:0a:3f:ac:
e0:ad:65:a7:71:6d:4b:f2:b5:23:8e:ba:67:ed:e6:de:84:3b:
f7:b3:a4:82:dc:c3:a0:bb:22:91:cf:19:f5:79:45:84:f5:7c:
1c:45:2f:b5:d6:ca:e3:46:85:0b:aa:31:02:10:5e:52:e0:bc:
2f:a7:b4:b2
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEFZbhDDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NDgxODQ1NDllMTJlOTkzNGJmZmI3NjE1YmNhM2QwYzI1NjgxMzYwMB4XDTIyMDEw
MTA0MDIxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzc2OTdjZTVjNzUw
MzRjOGEzOWE4OTkzMGY5ZGM1NTVhNGQ5MDYyNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANRdl83f65IIqukavSCq5qXWxvCMsYryWBRcRfSacYJG5xXl
8kLVcA+tv43qUt10q0je9U3t1LsqXxkyL4yiD/mAy9tNDo/fDjabsViIh5pTHknn
EWW1676o4brirLF6F3mpLOAKSTpUtfDbKBeer6DdgwyAwTMACHv8PxCuoBekInCV
WIHV2sPIMETiOgbODmcKZ/AVq+HwSxNlaGVAaXWlmvlrxwQT2MV23gJpQC+LC7o2
ElwchLmb94L5MjJN6ngYD37xUd3P5fqQYg8X2G71h21iCCeIpxC2FarkXvcj0eaO
YAVn8wsOmDc0y27PnHgQpHR4nIuwNsKZWJIiNlcCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBR3aXzlx1A0yKOaiZMPncVVpNkGJjAfBgNVHSMEGDAWgBS0gYRUnhLpk0v/
t2Fbyj0MJWgTYDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RJR0VWSjRTNlpOTF83ZGhXOG85RENWb0UyQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvZjY3MTc3LTc4ZDUtNDM4OC1hMjFhLTI4MjYzNjU2YzZkZS8x
L2QybDg1Y2RRTk1pam1vbVRENTNGVmFUWkJpWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
ZjY3MTc3LTc4ZDUtNDM4OC1hMjFhLTI4MjYzNjU2YzZkZS8xL3RJR0VWSjRTNlpO
TF83ZGhXOG85RENWb0UyQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEArlfUAMEBcMCoAMEBdR+wAMEBdXa
ADANBAIAAjAHAwUAIAFBgDANBgkqhkiG9w0BAQsFAAOCAQEAwwzXjGF5CC6tsNYJ
MpVUnPCWC0wFvkKGpyJbY105jEXhSUzKnQ9OD9V5ciCH9r1Y/gRVeATab3wGFXKy
sDpiDX2qKvD05pnlsOPrzWdiFPalPhrwnUTvARNBXlwKaQL07l5bO8G9+MxFrajj
OKnmg3LkBRQbJwDGyCQOL0K8YwUSGlpJnHOZ1lfuZUr4fJcYYJidjjXF/iDPEhkE
N4Lq4D1x9ytyplXdXSkOUxE2ZIw9e4MxOO+v7PAfMr/0ISbmachACj+s4K1lp3Ft
S/K1I466Z+3m3oQ797OkgtzDoLsikc8Z9XlFhPV8HEUvtdbK40aFC6oxAhBeUuC8
L6e0sg==
-----END CERTIFICATE-----
Generated at Tue Apr 22 04:40:06 2025 by rpki-client