Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/BdlhaMkzb9vviD5Ahp29D097oDY.roa
File: BdlhaMkzb9vviD5Ahp29D097oDY.roa (raw, json)
Hash identifier: fkdEqfsubD2t48TjJLblSSqDU9p3Zib8C6AyCdgIuuc=
Subject key identifier: 05:D9:61:68:C9:33:6F:DB:EF:88:3E:40:86:9D:BD:0F:4F:7B:A0:36
Certificate issuer: /CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Certificate serial: 019420D61F6D0743CDEB3444C8F856B61409
Authority key identifier: 01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/BdlhaMkzb9vviD5Ahp29D097oDY.roa
Signing time: Wed 01 Jan 2025 07:48:11 +0000
ROA not before: Wed 01 Jan 2025 07:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200161
IP address blocks: 83.217.24.0/22 maxlen: 24
185.30.16.0/22 maxlen: 24
185.30.17.231/32 maxlen: 32
212.8.236.0/22 maxlen: 24
2a00:a960::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:1f:6d:07:43:cd:eb:34:44:c8:f8:56:b6:14:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Validity
Not Before: Jan 1 07:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05d96168c9336fdbef883e40869dbd0f4f7ba036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:01:0b:67:e3:85:c7:d2:a8:58:48:2a:6b:eb:
f1:26:c8:71:19:61:8a:e0:89:f2:c7:2b:e7:bf:71:
6a:89:fe:e6:ec:39:d1:b8:97:da:e4:bd:a9:0c:5d:
fa:8c:96:1b:a3:ff:8e:11:5d:b3:50:86:82:d5:5b:
f5:f7:13:d5:f7:79:8c:58:56:4b:93:3e:e7:5a:90:
b1:df:dc:1e:0a:b0:2f:0e:bb:1d:22:ef:59:4f:46:
7d:5c:dc:f1:5e:b9:54:19:f3:d5:b5:fe:33:92:71:
96:45:c4:f2:02:d5:83:d8:26:99:9d:5d:94:48:a1:
44:76:70:e0:ed:ed:dc:f2:5d:ad:54:f6:23:9a:6d:
48:c3:33:d4:78:47:01:ac:cc:a2:55:27:a0:dd:20:
7f:0a:9e:9e:7f:8d:60:45:05:b5:92:32:25:7d:26:
50:78:78:6f:90:45:d8:a1:08:4a:56:ce:4e:ec:a6:
c6:1d:46:d6:4e:12:62:2c:68:3e:45:5c:3d:dd:8e:
cc:fb:e9:a7:b5:b0:3d:86:e0:f9:00:e1:6a:be:e3:
da:1d:c7:8d:e2:12:a2:5e:b1:29:88:da:db:2f:63:
92:44:f5:71:d8:5a:15:f5:3e:ef:c1:3a:b1:5b:30:
10:8a:4d:49:d6:4c:3d:be:cc:3f:52:5c:dc:a0:b2:
82:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:D9:61:68:C9:33:6F:DB:EF:88:3E:40:86:9D:BD:0F:4F:7B:A0:36
X509v3 Authority Key Identifier:
keyid:01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/BdlhaMkzb9vviD5Ahp29D097oDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/AW5eMfqHFqqlThj83P7T_JTbkLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.217.24.0/22
185.30.16.0/22
212.8.236.0/22
IPv6:
2a00:a960::/32
Signature Algorithm: sha256WithRSAEncryption
83:27:e6:b2:a4:a6:e1:c1:69:e5:34:80:09:c0:83:31:b2:1b:
29:07:9a:1f:dc:75:1c:54:7a:97:bd:40:03:12:9e:e3:40:3b:
b2:66:41:cd:ec:d5:27:c9:ea:ef:9c:d4:90:69:08:19:c3:5e:
f7:d2:f5:53:9a:8b:68:83:6c:ae:5b:89:7e:f9:ee:be:de:96:
90:7c:80:00:eb:8d:8f:94:b8:d9:e5:db:c7:90:59:99:ee:a9:
21:d6:cd:63:a0:14:10:3f:1b:fb:5e:2c:4e:7d:8e:7e:8f:54:
45:5f:d8:bd:8c:b8:db:05:ec:7b:ca:a8:e8:1c:d1:ab:d8:70:
ed:9f:a9:a5:a9:87:9a:c1:ef:29:33:17:08:a9:65:bd:e0:86:
cd:42:a2:47:a8:f1:51:20:82:7c:e9:dc:a8:d2:1c:7b:7b:95:
81:2c:13:ab:6a:12:8d:5e:86:31:db:16:a0:90:86:ac:cf:35:
1b:4d:60:42:88:5d:ec:07:79:e8:b2:81:6b:2b:9f:63:83:c9:
5f:c9:d2:34:55:f4:0a:79:38:5d:23:c3:95:f0:09:aa:0b:f0:
7f:ab:49:2b:27:79:0a:ed:4c:7d:27:7a:90:27:c4:38:19:5d:
58:6b:b5:c7:99:24:76:a0:28:a2:08:83:66:b8:29:2b:f0:6d:
35:f7:9c:51
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQg1h9tB0PN6zREyPhWthQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNmU1ZTMxZmE4NzE2YWFhNTRlMThmY2RjZmVkM2ZjOTRk
YjkwYjUwHhcNMjUwMTAxMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQ5NjE2OGM5MzM2ZmRiZWY4ODNlNDA4NjlkYmQwZjRmN2JhMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowELZ+OFx9KoWEgqa+vxJshxGWGK
4Inyxyvnv3Fqif7m7DnRuJfa5L2pDF36jJYbo/+OEV2zUIaC1Vv19xPV93mMWFZL
kz7nWpCx39weCrAvDrsdIu9ZT0Z9XNzxXrlUGfPVtf4zknGWRcTyAtWD2CaZnV2U
SKFEdnDg7e3c8l2tVPYjmm1IwzPUeEcBrMyiVSeg3SB/Cp6ef41gRQW1kjIlfSZQ
eHhvkEXYoQhKVs5O7KbGHUbWThJiLGg+RVw93Y7M++mntbA9huD5AOFqvuPaHceN
4hKiXrEpiNrbL2OSRPVx2FoV9T7vwTqxWzAQik1J1kw9vsw/UlzcoLKCWQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAXZYWjJM2/b74g+QIadvQ9Pe6A2MB8GA1UdIwQY
MBaAFAFuXjH6hxaqpU4Y/Nz+0/yU25C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYt
Yzk2YzJjZTg1OWU1LzEvQmRsaGFNa3piOXZ2aUQ1QWhwMjlEMDk3b0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYtYzk2YzJjZTg1OWU1
LzEvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCU9kYAwQC
uR4QAwQC1AjsMA0EAgACMAcDBQAqAKlgMA0GCSqGSIb3DQEBCwUAA4IBAQCDJ+ay
pKbhwWnlNIAJwIMxshspB5of3HUcVHqXvUADEp7jQDuyZkHN7NUnyervnNSQaQgZ
w1730vVTmotog2yuW4l++e6+3paQfIAA642PlLjZ5dvHkFmZ7qkh1s1joBQQPxv7
XixOfY5+j1RFX9i9jLjbBex7yqjoHNGr2HDtn6mlqYeawe8pMxcIqWW94IbNQqJH
qPFRIIJ86dyo0hx7e5WBLBOrahKNXoYx2xagkIaszzUbTWBCiF3sB3nosoFrK59j
g8lfydI0VfQKeThdI8OV8AmqC/B/q0krJ3kK7Ux9J3qQJ8Q4GV1Ya7XHmSR2oCii
CINmuCkr8G0195xR
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:30:21 2025 by rpki-client