Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1834ac-2030-441f-82e2-681dbff8515e/1/vkIR9vGh9QNO7osVbqZgxvqCqDg.roa
File: vkIR9vGh9QNO7osVbqZgxvqCqDg.roa (raw, json)
Hash identifier: oftXEHxUGisWE9SrhY1ODkvkbFWYRH6EtxSrvVvpWBg=
Subject key identifier: BE:42:11:F6:F1:A1:F5:03:4E:EE:8B:15:6E:A6:60:C6:FA:82:A8:38
Certificate issuer: /CN=8c3ccf93f7c807dde0420ad5486ae29eb5dc75f9
Certificate serial: 0D535061
Authority key identifier: 8C:3C:CF:93:F7:C8:07:DD:E0:42:0A:D5:48:6A:E2:9E:B5:DC:75:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jDzPk_fIB93gQgrVSGrinrXcdfk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/1834ac-2030-441f-82e2-681dbff8515e/1/vkIR9vGh9QNO7osVbqZgxvqCqDg.roa
Signing time: Sat 01 Jan 2022 15:55:46 +0000
ROA not before: Sat 01 Jan 2022 15:55:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200651
IP address blocks: 185.247.226.0/24 maxlen: 24
185.165.170.0/24 maxlen: 24
2a06:1700:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 223563873 (0xd535061)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c3ccf93f7c807dde0420ad5486ae29eb5dc75f9
Validity
Not Before: Jan 1 15:55:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=be4211f6f1a1f5034eee8b156ea660c6fa82a838
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:4c:8b:dd:bc:0e:5e:b0:f6:95:2e:4d:28:79:
de:da:54:6e:68:8a:fd:8c:4c:6d:57:a6:4c:44:ea:
e1:1f:ec:70:2a:54:38:78:5a:1a:56:29:f9:70:d3:
a5:20:51:7d:67:ab:02:9b:e3:25:ea:06:b7:c7:2e:
d9:89:da:8b:93:74:f3:ed:6b:9c:e4:32:0f:0f:cb:
e3:0a:33:4d:cb:ea:18:e1:77:c0:ab:14:36:e8:e8:
e4:9b:58:20:8a:e7:db:0f:42:50:45:a8:8a:71:ba:
68:5b:7c:57:c5:0f:b7:45:f1:0f:9e:74:a9:eb:f5:
81:bd:bd:80:5c:78:87:b5:b7:f5:31:27:cf:44:55:
bc:32:1f:9b:75:3e:32:88:13:23:66:d5:5c:1e:74:
41:59:c5:94:e1:ad:66:59:7d:03:fd:5f:28:f5:84:
fb:0d:ee:db:43:5d:fb:36:89:8f:c8:d2:f0:38:7b:
67:f5:5e:fd:4e:e7:90:da:bf:cd:0c:23:e6:b0:88:
7a:85:3c:da:73:6a:02:87:39:6c:d1:34:b8:2f:20:
75:21:a1:ba:78:1a:d7:06:b9:16:a0:b5:52:ff:92:
38:19:84:36:ac:2b:ed:9c:05:36:f7:f4:8a:c0:b3:
e8:72:3e:22:9f:39:e7:bd:60:cd:d3:75:4b:3b:8a:
b7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:42:11:F6:F1:A1:F5:03:4E:EE:8B:15:6E:A6:60:C6:FA:82:A8:38
X509v3 Authority Key Identifier:
keyid:8C:3C:CF:93:F7:C8:07:DD:E0:42:0A:D5:48:6A:E2:9E:B5:DC:75:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDzPk_fIB93gQgrVSGrinrXcdfk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1834ac-2030-441f-82e2-681dbff8515e/1/vkIR9vGh9QNO7osVbqZgxvqCqDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1834ac-2030-441f-82e2-681dbff8515e/1/jDzPk_fIB93gQgrVSGrinrXcdfk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.165.170.0/24
185.247.226.0/24
IPv6:
2a06:1700:2::/48
Signature Algorithm: sha256WithRSAEncryption
11:e3:64:10:53:95:4d:29:db:f6:cb:a4:b5:d1:8b:e3:90:5a:
23:7f:12:93:d5:7e:6a:0f:77:94:e1:a3:a5:ee:c5:aa:59:e5:
1c:97:ed:38:14:49:76:e4:79:79:9b:9a:5e:f5:d3:e0:17:d2:
5a:85:00:94:11:2e:08:56:88:a5:77:2e:87:e0:40:8d:55:05:
5c:bf:70:f5:23:77:a7:b7:53:67:c6:9e:bc:bb:e9:02:e6:ff:
f4:fb:93:d8:44:75:6f:97:f9:80:02:5f:1a:82:40:6a:a2:f6:
1a:34:70:4a:93:60:17:82:0b:f6:98:b6:1f:2b:4f:13:21:65:
f9:51:3d:ae:dd:8e:a5:ec:a2:c9:c0:24:3f:93:3c:cd:e5:85:
7d:ad:2a:2b:32:1e:eb:e2:d4:b5:35:dd:54:a0:6c:ee:6b:39:
29:3e:ec:57:80:87:7c:db:1c:ef:79:f5:80:8e:53:8e:0e:c2:
2a:84:0f:ff:88:1a:55:b4:df:ea:84:3d:ca:9b:99:02:98:66:
67:03:5d:e8:c7:8b:cc:f0:c9:e4:8d:4d:7d:fe:a1:62:7a:ec:
e5:c7:99:69:61:ca:84:4e:73:d4:25:0f:6b:27:7c:12:09:e3:
19:3e:a0:1f:eb:b4:ee:b7:99:10:23:fb:6d:e5:4f:7c:e6:7f:
6d:88:a4:65
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEDVNQYTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YzNjY2Y5M2Y3YzgwN2RkZTA0MjBhZDU0ODZhZTI5ZWI1ZGM3NWY5MB4XDTIyMDEw
MTE1NTU0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmU0MjExZjZmMWEx
ZjUwMzRlZWU4YjE1NmVhNjYwYzZmYTgyYTgzODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVMi928Dl6w9pUuTSh53tpUbmiK/YxMbVemTETq4R/scCpU
OHhaGlYp+XDTpSBRfWerApvjJeoGt8cu2Ynai5N08+1rnOQyDw/L4wozTcvqGOF3
wKsUNujo5JtYIIrn2w9CUEWoinG6aFt8V8UPt0XxD550qev1gb29gFx4h7W39TEn
z0RVvDIfm3U+MogTI2bVXB50QVnFlOGtZll9A/1fKPWE+w3u20Nd+zaJj8jS8Dh7
Z/Ve/U7nkNq/zQwj5rCIeoU82nNqAoc5bNE0uC8gdSGhunga1wa5FqC1Uv+SOBmE
Nqwr7ZwFNvf0isCz6HI+Ip85571gzdN1SzuKtzUCAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBS+QhH28aH1A07uixVupmDG+oKoODAfBgNVHSMEGDAWgBSMPM+T98gH3eBC
CtVIauKetdx1+TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pEelBrX2ZJQjkzZ1FnclZTR3JpbnJYY2Rmay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTQvMTgzNGFjLTIwMzAtNDQxZi04MmUyLTY4MWRiZmY4NTE1ZS8x
L3ZrSVI5dkdoOVFOTzdvc1ZicVpneHZxQ3FEZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQv
MTgzNGFjLTIwMzAtNDQxZi04MmUyLTY4MWRiZmY4NTE1ZS8xL2pEelBrX2ZJQjkz
Z1FnclZTR3JpbnJYY2Rmay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA2
BggrBgEFBQcBBwEB/wQnMCUwEgQCAAEwDAMEALmlqgMEALn34jAPBAIAAjAJAwcA
KgYXAAACMA0GCSqGSIb3DQEBCwUAA4IBAQAR42QQU5VNKdv2y6S10YvjkFojfxKT
1X5qD3eU4aOl7sWqWeUcl+04FEl25Hl5m5pe9dPgF9JahQCUES4IVoildy6H4ECN
VQVcv3D1I3ent1Nnxp68u+kC5v/0+5PYRHVvl/mAAl8agkBqovYaNHBKk2AXggv2
mLYfK08TIWX5UT2u3Y6l7KLJwCQ/kzzN5YV9rSorMh7r4tS1Nd1UoGzuazkpPuxX
gId82xzvefWAjlOODsIqhA//iBpVtN/qhD3Km5kCmGZnA13ox4vM8MnkjU19/qFi
euzlx5lpYcqETnPUJQ9rJ3wSCeMZPqAf67Tut5kQI/tt5U985n9tiKRl
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:49:39 2025 by rpki-client