Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/8hSnJgkTjaiYWuTwrhTIp0KMyKU.roa
File: 8hSnJgkTjaiYWuTwrhTIp0KMyKU.roa (raw, json)
Hash identifier: WJmaam//GsQadtavx9COLXToCkkbJs/34pb6DfDbYAs=
Subject key identifier: F2:14:A7:26:09:13:8D:A8:98:5A:E4:F0:AE:14:C8:A7:42:8C:C8:A5
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 0789CCF4
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/8hSnJgkTjaiYWuTwrhTIp0KMyKU.roa
Signing time: Sat 01 Jan 2022 15:00:24 +0000
ROA not before: Sat 01 Jan 2022 15:00:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209371
IP address blocks: 185.161.64.0/24 maxlen: 24
185.161.65.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 126471412 (0x789ccf4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 1 15:00:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f214a72609138da8985ae4f0ae14c8a7428cc8a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:cb:09:57:3e:3f:48:c3:a6:f1:1e:85:6c:95:
72:ee:d7:3b:17:b7:34:e3:37:cc:a9:e5:54:e1:9b:
0f:a3:38:18:26:2b:88:4f:76:61:77:50:1f:d6:79:
5c:4d:40:fb:eb:5e:02:e8:5c:bb:0b:56:e6:15:61:
04:71:2e:af:f6:37:84:34:2c:e7:e2:27:63:b3:93:
0f:c2:60:6e:d3:06:91:a0:5d:81:49:b5:2f:9b:d4:
92:fa:a6:1f:57:94:dd:f0:7c:d4:03:b5:2e:f8:c9:
c2:37:87:e0:43:d9:4e:07:1a:b1:9f:6a:f9:54:9d:
fa:f2:33:15:bc:8e:e0:ba:40:3a:97:07:e8:ef:15:
4f:f9:d5:e4:97:6b:1d:9b:52:c4:1c:5e:a9:71:d1:
a6:1b:76:26:8f:9d:3a:fb:88:9d:bc:cd:df:24:a4:
7e:40:85:a2:90:09:f5:50:96:b9:e1:84:b1:56:c3:
5a:b0:8f:1e:d2:3f:25:d4:36:e1:c6:78:d5:7b:d3:
40:e4:1f:09:e1:99:6a:54:b9:2d:60:74:3d:9f:12:
7d:b2:59:04:74:82:3b:35:a6:61:5c:4d:1e:d9:82:
66:85:3f:42:55:b1:7c:25:aa:d6:8f:3e:49:5d:21:
7e:2e:74:0a:df:8f:c8:89:86:82:57:fc:99:75:a3:
70:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:14:A7:26:09:13:8D:A8:98:5A:E4:F0:AE:14:C8:A7:42:8C:C8:A5
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/8hSnJgkTjaiYWuTwrhTIp0KMyKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.64.0/23
Signature Algorithm: sha256WithRSAEncryption
24:6d:b9:a8:e4:9f:b0:32:eb:5c:67:8f:4a:fe:ba:a1:20:9d:
e5:1d:5c:6c:d5:2a:7c:98:6f:c0:5f:50:4d:e7:01:44:b9:dc:
f6:00:42:17:86:78:68:ea:af:e7:8e:c8:a6:3a:6f:4e:9e:a8:
97:29:bc:df:0c:a7:68:7b:ba:fe:ac:17:19:ac:d2:a1:67:d1:
1d:ff:2e:f8:59:63:f8:f9:b5:61:58:b3:ec:a5:3f:42:dd:70:
62:2d:92:ff:fa:09:d6:a6:b1:45:a1:7b:f4:b4:2e:03:d3:d0:
08:8c:b9:10:cd:65:38:0f:8c:5b:ad:3a:a2:7c:9b:d3:dc:84:
99:02:78:ba:75:ac:e2:32:04:79:8e:64:df:cf:e6:1c:b1:59:
44:93:0e:8c:5a:a9:76:84:ee:20:3e:d9:0b:16:6e:29:c1:ec:
99:ae:a1:ff:24:58:60:f9:8d:27:b3:f3:8d:e1:31:04:06:bc:
e7:97:ad:60:06:49:52:70:92:89:a6:0e:67:b7:1c:47:d3:d5:
34:60:8b:d0:f8:9e:ae:a4:8f:dd:41:be:ec:49:3c:01:7a:ae:
50:3a:27:f8:62:5b:b7:19:2b:62:ac:d5:1e:e1:ac:d2:ab:a2:
d0:66:59:12:d7:3b:04:b2:3b:b6:ad:b1:b6:ab:7d:17:20:51:
86:54:74:a6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB4nM9DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTBjM2NmM2RjNTNjYTU0OWMwM2U0ZjVmNDZkOTFjZTkwYjhlMDcwMB4XDTIyMDEw
MTE1MDAyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjIxNGE3MjYwOTEz
OGRhODk4NWFlNGYwYWUxNGM4YTc0MjhjYzhhNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANnLCVc+P0jDpvEehWyVcu7XOxe3NOM3zKnlVOGbD6M4GCYr
iE92YXdQH9Z5XE1A++teAuhcuwtW5hVhBHEur/Y3hDQs5+InY7OTD8JgbtMGkaBd
gUm1L5vUkvqmH1eU3fB81AO1LvjJwjeH4EPZTgcasZ9q+VSd+vIzFbyO4LpAOpcH
6O8VT/nV5JdrHZtSxBxeqXHRpht2Jo+dOvuInbzN3ySkfkCFopAJ9VCWueGEsVbD
WrCPHtI/JdQ24cZ41XvTQOQfCeGZalS5LWB0PZ8SfbJZBHSCOzWmYVxNHtmCZoU/
QlWxfCWq1o8+SV0hfi50Ct+PyImGglf8mXWjcN0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTyFKcmCRONqJha5PCuFMinQozIpTAfBgNVHSMEGDAWgBSxDDzz3FPKVJwD
5PX0bZHOkLjgcDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NRdzg4OXhUeWxTY0EtVDE5RzJSenBDNDRIQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmUvMjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8x
LzhoU25KZ2tUamFpWVd1VHdyaFRJcDBLTXlLVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUv
MjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8xL3NRdzg4OXhUeWxT
Y0EtVDE5RzJSenBDNDRIQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmhQDANBgkqhkiG9w0BAQsFAAOC
AQEAJG25qOSfsDLrXGePSv66oSCd5R1cbNUqfJhvwF9QTecBRLnc9gBCF4Z4aOqv
547IpjpvTp6olym83wynaHu6/qwXGazSoWfRHf8u+Flj+Pm1YViz7KU/Qt1wYi2S
//oJ1qaxRaF79LQuA9PQCIy5EM1lOA+MW606onyb09yEmQJ4unWs4jIEeY5k38/m
HLFZRJMOjFqpdoTuID7ZCxZuKcHsma6h/yRYYPmNJ7PzjeExBAa855etYAZJUnCS
iaYOZ7ccR9PVNGCL0PierqSP3UG+7Ek8AXquUDon+GJbtxkrYqzVHuGs0qui0GZZ
Etc7BLI7tq2xtqt9FyBRhlR0pg==
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:11:43 2025 by rpki-client