Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/whR6UYCNphrJFqo6MoEhCIKKEqY.roa
File: whR6UYCNphrJFqo6MoEhCIKKEqY.roa (raw, json)
Hash identifier: oRT9mL/dQ8/nEcQTe9KptbNxtR0210r/QmfVFmsNL5A=
Subject key identifier: C2:14:7A:51:80:8D:A6:1A:C9:16:AA:3A:32:81:21:08:82:8A:12:A6
Certificate issuer: /CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Certificate serial: 0193CF08B3467BDD16DAE9ACF7EDBA83F9B8
Authority key identifier: 7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/whR6UYCNphrJFqo6MoEhCIKKEqY.roa
Signing time: Mon 16 Dec 2024 10:34:34 +0000
ROA not before: Mon 16 Dec 2024 10:34:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29119
IP address blocks: 185.167.181.0/24 maxlen: 24
185.201.4.0/22 maxlen: 22
185.201.4.0/24 maxlen: 24
185.201.5.0/24 maxlen: 24
185.201.6.0/24 maxlen: 24
185.204.203.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:cf:08:b3:46:7b:dd:16:da:e9:ac:f7:ed:ba:83:f9:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Validity
Not Before: Dec 16 10:34:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c2147a51808da61ac916aa3a32812108828a12a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:32:4a:a8:69:be:6c:d8:14:98:28:4f:3c:1c:
6f:77:90:cd:76:66:f4:45:c8:6a:7b:e6:1b:5b:2c:
ec:db:c4:44:95:9e:77:c4:10:09:24:50:f1:27:12:
6c:d2:0e:14:d9:0a:ed:8c:02:02:0b:95:fe:bc:ea:
12:7a:b6:e7:c4:df:a9:24:d7:94:87:f7:c4:3d:07:
22:5d:1a:1c:80:9a:e1:98:e7:74:63:1a:9e:cd:2f:
d5:c2:2e:28:db:50:53:61:ea:73:ba:af:e1:66:3e:
01:c6:d9:a7:30:aa:a7:bd:83:58:4c:96:12:a2:72:
9b:3f:ef:cb:5e:5a:f4:3b:d6:77:ee:1d:9d:da:5b:
49:51:0b:e8:3c:5a:bd:ad:60:fd:5f:de:60:e8:11:
7c:3d:ce:d2:f9:55:ce:2c:8a:d3:8b:9d:b2:b5:ed:
bc:70:f8:8a:15:e1:cf:dd:e5:90:8d:74:f5:7e:44:
1d:52:eb:d8:19:16:7f:e4:05:87:2e:d5:1c:cf:72:
70:b2:b2:09:35:fd:53:18:5f:85:f2:c1:67:9c:03:
f2:d7:05:45:db:86:3d:ea:e2:27:ed:b5:90:8c:4c:
6d:04:93:52:72:5b:e1:9b:20:ba:1a:a8:de:4f:40:
d8:9b:3d:29:bc:28:36:37:d9:9c:47:1d:18:29:fc:
ee:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:14:7A:51:80:8D:A6:1A:C9:16:AA:3A:32:81:21:08:82:8A:12:A6
X509v3 Authority Key Identifier:
keyid:7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/whR6UYCNphrJFqo6MoEhCIKKEqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.167.181.0/24
185.201.4.0/22
185.204.203.0/24
Signature Algorithm: sha256WithRSAEncryption
d3:69:e8:70:ed:b7:4e:04:66:3e:87:99:6e:4f:ee:08:87:59:
54:67:b7:88:3b:30:9b:f4:29:fc:ec:c4:74:67:7b:44:8b:61:
a7:c0:41:4e:25:06:82:91:4e:3b:f5:22:29:eb:a3:c0:13:ab:
bb:c0:6d:5d:65:b3:19:4d:b5:bb:17:b0:da:ff:0f:97:ad:f5:
03:c6:ed:38:9c:29:23:4b:1f:64:ed:c8:9e:b1:68:ba:a9:ba:
bf:dd:89:e7:78:c7:f0:0b:23:b6:24:be:95:12:6e:f7:b6:8c:
81:7b:ec:37:a0:95:1b:f4:eb:42:e2:c5:9d:be:9d:0a:bd:01:
56:d4:78:95:43:c1:06:7a:28:af:75:b9:f4:55:d4:55:0a:4f:
2a:bc:50:42:e8:bb:18:c1:73:9a:fb:9e:a8:86:22:41:2e:00:
30:23:ba:7c:ef:1c:c3:fc:ed:4e:cf:6a:1f:40:19:ee:6e:a8:
1a:07:2d:c4:0b:9d:5f:18:78:0a:a9:46:84:3e:32:73:3e:c1:
fe:01:19:5e:60:d9:f8:14:ad:a0:02:59:61:a3:05:31:d1:e3:
c9:c5:39:3d:7a:ee:db:c0:05:4c:5b:e2:2e:08:8c:f8:9c:95:
f5:46:dd:75:8a:97:7d:e3:06:91:4e:89:59:ae:67:f3:93:85:
b4:39:53:5e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZPPCLNGe90W2ums9+26g/m4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjU3ZGQ1MmM3NWZjZTM5ZmZlMjkxNTQ2OWQ5ZTY1NmRi
Y2I4NzMwHhcNMjQxMjE2MTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjE0N2E1MTgwOGRhNjFhYzkxNmFhM2EzMjgxMjEwODgyOGExMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTJKqGm+bNgUmChPPBxvd5DNdmb0
Rchqe+YbWyzs28RElZ53xBAJJFDxJxJs0g4U2QrtjAICC5X+vOoSerbnxN+pJNeU
h/fEPQciXRocgJrhmOd0YxqezS/Vwi4o21BTYepzuq/hZj4BxtmnMKqnvYNYTJYS
onKbP+/LXlr0O9Z37h2d2ltJUQvoPFq9rWD9X95g6BF8Pc7S+VXOLIrTi52yte28
cPiKFeHP3eWQjXT1fkQdUuvYGRZ/5AWHLtUcz3JwsrIJNf1TGF+F8sFnnAPy1wVF
24Y96uIn7bWQjExtBJNSclvhmyC6GqjeT0DYmz0pvCg2N9mcRx0YKfzuxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMIUelGAjaYayRaqOjKBIQiCihKmMB8GA1UdIwQY
MBaAFHr1fdUsdfzjn/4pFUadnmVtvLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYt
YzI1MzQwOTZjNjBkLzEvd2hSNlVZQ05waHJKRnFvNk1vRWhDSUtLRXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYtYzI1MzQwOTZjNjBk
LzEvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuae1AwQC
uckEAwQAuczLMA0GCSqGSIb3DQEBCwUAA4IBAQDTaehw7bdOBGY+h5luT+4Ih1lU
Z7eIOzCb9Cn87MR0Z3tEi2GnwEFOJQaCkU479SIp66PAE6u7wG1dZbMZTbW7F7Da
/w+XrfUDxu04nCkjSx9k7ciesWi6qbq/3YnneMfwCyO2JL6VEm73toyBe+w3oJUb
9OtC4sWdvp0KvQFW1HiVQ8EGeiivdbn0VdRVCk8qvFBC6LsYwXOa+56ohiJBLgAw
I7p87xzD/O1Oz2ofQBnubqgaBy3EC51fGHgKqUaEPjJzPsH+ARleYNn4FK2gAllh
owUx0ePJxTk9eu7bwAVMW+IuCIz4nJX1Rt11ipd94waRTolZrmfzk4W0OVNe
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:26:06 2025 by rpki-client