Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/KhyYKAuMyGm-XhRtHZfGGXnE97U.roa
File: KhyYKAuMyGm-XhRtHZfGGXnE97U.roa (raw, json)
Hash identifier: 4azM5WNkRA9zvUAJqtQqDGK9VFMNlWa2RXKS357RTtM=
Subject key identifier: 2A:1C:98:28:0B:8C:C8:69:BE:5E:14:6D:1D:97:C6:19:79:C4:F7:B5
Certificate issuer: /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial: 0461896B
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/KhyYKAuMyGm-XhRtHZfGGXnE97U.roa
Signing time: Sat 01 Jan 2022 02:01:25 +0000
ROA not before: Sat 01 Jan 2022 02:01:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212460
IP address blocks: 188.72.1.0/24 maxlen: 24
188.72.0.0/24 maxlen: 24
188.72.51.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 73501035 (0x461896b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Validity
Not Before: Jan 1 02:01:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a1c98280b8cc869be5e146d1d97c61979c4f7b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:71:61:29:d9:5b:93:89:75:69:c6:16:3f:7c:
ec:a2:b8:90:2b:7e:19:e8:55:e2:ed:f0:2a:55:b6:
6b:dd:cd:79:46:7d:d0:2c:4f:33:94:4d:9c:db:bb:
ea:eb:7f:7c:b4:46:77:d8:34:10:1e:2a:a3:36:66:
f2:06:d1:56:d1:00:ba:cc:1d:2d:18:8c:e4:1c:0a:
d9:35:5f:d0:fb:05:3c:5a:d9:7b:9c:08:0a:c3:7d:
b3:cb:67:8e:f4:5f:0f:73:63:30:7f:a9:a0:52:3e:
4f:31:27:41:60:7e:b0:88:ce:4f:8e:2f:63:72:f3:
6d:fc:0e:61:37:68:53:3c:fb:1d:9c:74:e0:ba:48:
4a:92:18:ca:bb:ed:e8:ec:f3:d7:d2:7a:68:4d:56:
6e:5c:c2:ee:d8:b7:c6:d0:7c:ee:6d:50:ec:05:fb:
be:6b:f1:06:db:fd:06:ba:2b:48:65:ff:c5:32:c8:
51:b3:12:45:57:92:51:d7:e9:71:08:44:51:51:09:
fa:5d:c3:ee:8c:21:b9:7c:24:99:36:0a:4c:5f:39:
25:27:ad:40:ee:d2:96:a7:8b:0d:08:77:b3:e4:7f:
7d:14:fa:de:3e:73:61:29:95:cc:d0:0e:73:c7:34:
c9:44:8e:c5:ce:8d:90:97:b3:0f:e2:59:a4:1b:be:
a9:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:1C:98:28:0B:8C:C8:69:BE:5E:14:6D:1D:97:C6:19:79:C4:F7:B5
X509v3 Authority Key Identifier:
keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/KhyYKAuMyGm-XhRtHZfGGXnE97U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.72.0.0/23
188.72.51.0/24
Signature Algorithm: sha256WithRSAEncryption
52:56:21:98:46:21:70:6b:02:37:10:ad:67:fc:01:10:cf:a9:
1c:9d:90:b2:fa:0c:8b:dc:ba:6d:f4:5f:d1:c4:db:2d:a0:1e:
99:fc:82:3d:48:e3:a4:0b:ce:aa:de:d9:58:ff:03:3c:53:88:
14:00:64:90:c6:6f:4a:c2:21:0e:81:a0:33:14:41:1a:0c:51:
f8:96:7b:a9:9b:c5:02:b5:8b:dd:1a:c6:e8:60:01:5c:b2:54:
aa:76:a9:77:31:cc:6d:8e:d5:6a:db:6a:ad:11:bd:ab:26:a1:
d4:5a:4e:1a:eb:f0:7a:3c:d3:96:a0:9a:eb:b9:8f:30:f3:94:
c6:75:c8:72:d5:86:e4:43:1e:bd:d1:15:01:42:bf:fe:75:e1:
50:18:78:f7:1a:32:3b:9d:51:21:9f:14:15:b8:65:d7:f4:f8:
a5:a8:12:28:ee:cb:17:dd:4c:a5:2e:41:9a:09:bb:67:b8:61:
3c:36:02:a1:f3:ba:b3:58:79:92:60:9c:24:dd:4a:9b:60:cf:
b6:30:86:fe:2a:6b:50:b8:13:59:f8:45:a6:80:87:1a:d5:d5:
4d:ab:03:4b:94:04:d8:54:34:f7:07:3a:c7:27:ad:96:4a:12:
5b:d2:17:7e:dc:e2:8e:72:54:19:12:6f:f0:b0:dc:9d:b5:4a:
e1:3d:6d:0d
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBGGJazANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Y2IwZGVjMTNkZjIwNWE2NmVjNTIyNzkyNWI4ZjU2YmRiMDlmNDk5MB4XDTIyMDEw
MTAyMDEyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmExYzk4MjgwYjhj
Yzg2OWJlNWUxNDZkMWQ5N2M2MTk3OWM0ZjdiNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMtxYSnZW5OJdWnGFj987KK4kCt+GehV4u3wKlW2a93NeUZ9
0CxPM5RNnNu76ut/fLRGd9g0EB4qozZm8gbRVtEAuswdLRiM5BwK2TVf0PsFPFrZ
e5wICsN9s8tnjvRfD3NjMH+poFI+TzEnQWB+sIjOT44vY3LzbfwOYTdoUzz7HZx0
4LpISpIYyrvt6Ozz19J6aE1WblzC7ti3xtB87m1Q7AX7vmvxBtv9BrorSGX/xTLI
UbMSRVeSUdfpcQhEUVEJ+l3D7owhuXwkmTYKTF85JSetQO7SlqeLDQh3s+R/fRT6
3j5zYSmVzNAOc8c0yUSOxc6NkJezD+JZpBu+qeMCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQqHJgoC4zIab5eFG0dl8YZecT3tTAfBgNVHSMEGDAWgBRssN7BPfIFpm7F
InkluPVr2wn0mTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JMRGV3VDN5QmFadXhTSjVKYmoxYTlzSjlKay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmEvY2E0NmZjLTM4NDctNGYxZC05Y2U0LTUyYjllNmExNjM1MC8x
L0toeVlLQXVNeUdtLVhoUnRIWmZHR1huRTk3VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEv
Y2E0NmZjLTM4NDctNGYxZC05Y2U0LTUyYjllNmExNjM1MC8xL2JMRGV3VDN5QmFa
dXhTSjVKYmoxYTlzSjlKay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAbxIAAMEALxIMzANBgkqhkiG9w0B
AQsFAAOCAQEAUlYhmEYhcGsCNxCtZ/wBEM+pHJ2QsvoMi9y6bfRf0cTbLaAemfyC
PUjjpAvOqt7ZWP8DPFOIFABkkMZvSsIhDoGgMxRBGgxR+JZ7qZvFArWL3RrG6GAB
XLJUqnapdzHMbY7VattqrRG9qyah1FpOGuvwejzTlqCa67mPMPOUxnXIctWG5EMe
vdEVAUK//nXhUBh49xoyO51RIZ8UFbhl1/T4pagSKO7LF91MpS5Bmgm7Z7hhPDYC
ofO6s1h5kmCcJN1Km2DPtjCG/iprULgTWfhFpoCHGtXVTasDS5QE2FQ09wc6xyet
lkoSW9IXftzijnJUGRJv8LDcnbVK4T1tDQ==
-----END CERTIFICATE-----
Generated at Thu May 1 14:59:34 2025 by rpki-client