Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/fFIP13enS1caqgSSpJ35Gz1Xry0.roa
File: fFIP13enS1caqgSSpJ35Gz1Xry0.roa (raw, json)
Hash identifier: 4i/5/HoEbgzjWTuo1MLxsYrsEtNuSDIYgvMWpgXAyxo=
Subject key identifier: 7C:52:0F:D7:77:A7:4B:57:1A:AA:04:92:A4:9D:F9:1B:3D:57:AF:2D
Certificate issuer: /CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
Certificate serial: 0184EB758C581C0F49F6608C2B274BFE2FBA
Authority key identifier: F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/fFIP13enS1caqgSSpJ35Gz1Xry0.roa
Signing time: Wed 07 Dec 2022 07:21:00 +0000
ROA not before: Wed 07 Dec 2022 07:21:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 203393
IP address blocks: 185.238.29.0/24 maxlen: 24
185.136.84.0/24 maxlen: 24
185.136.85.0/24 maxlen: 24
185.136.87.0/24 maxlen: 24
185.136.86.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:eb:75:8c:58:1c:0f:49:f6:60:8c:2b:27:4b:fe:2f:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
Validity
Not Before: Dec 7 07:21:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7c520fd777a74b571aaa0492a49df91b3d57af2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:2a:e2:79:f7:81:64:c3:95:41:92:c3:2f:cf:
bf:85:de:40:ac:dc:e0:5f:b8:47:fa:b5:6c:17:c5:
68:c4:57:92:27:65:d5:36:2e:4f:6a:6a:eb:e7:28:
d0:3f:d2:ef:e8:7c:97:4c:f5:4a:4f:62:ec:37:61:
ed:80:fc:b1:47:53:91:fc:10:c9:cc:46:16:50:4f:
8b:07:20:de:c8:8a:43:46:24:28:9c:5d:7f:8b:3c:
eb:ec:b3:b1:95:6d:2d:4a:f1:96:f0:1b:d0:b7:b6:
59:98:1e:b6:ce:d9:c0:2f:e3:76:4a:c1:f8:d6:03:
10:b9:ab:9b:c5:81:ad:87:ed:85:4b:74:86:1c:48:
70:0f:16:02:8f:32:16:90:dc:6f:ee:1a:09:5a:ab:
16:2d:03:94:cb:c0:97:1b:49:11:90:3e:52:7e:d9:
a6:2e:6c:a8:3d:f5:4c:62:e6:bd:04:dd:36:86:c5:
b0:24:2b:aa:f1:c8:09:44:f0:6d:18:0f:f4:be:01:
9a:e6:98:b9:fc:03:3b:6d:53:84:fe:3b:ed:23:1c:
e5:21:f4:58:f2:c8:aa:1d:d9:0a:41:5f:9f:0c:c5:
c6:c7:2b:53:3a:03:fc:ce:48:56:0f:dc:61:ff:64:
77:21:2e:86:40:03:eb:7b:67:57:fc:b1:bb:2a:84:
8f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:52:0F:D7:77:A7:4B:57:1A:AA:04:92:A4:9D:F9:1B:3D:57:AF:2D
X509v3 Authority Key Identifier:
keyid:F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/fFIP13enS1caqgSSpJ35Gz1Xry0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/8o4LdYvnOh3b-1F-6LXk-GOiH54.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.84.0/22
185.238.29.0/24
Signature Algorithm: sha256WithRSAEncryption
c0:e8:0e:18:a5:a2:50:b6:32:df:40:ff:e7:bc:40:3d:5a:28:
8b:cd:17:03:d2:f4:9e:ee:1b:16:55:51:af:57:6d:d0:0f:38:
40:e2:e3:e3:78:59:50:53:ba:6c:91:e3:48:80:72:31:2d:54:
71:e5:64:d2:cd:47:df:11:ab:58:c8:65:75:57:6e:b2:f7:9e:
5b:b1:b6:c3:68:84:9a:4b:ea:4c:b6:55:9d:ec:54:2f:4b:d8:
6f:32:df:55:b7:8e:5a:7c:d5:2e:21:33:24:cf:8c:35:14:fa:
2c:7d:df:49:f9:fc:07:55:5b:ff:19:db:41:3e:d5:87:66:fd:
a4:18:bb:7b:1d:f2:47:c5:57:91:ca:74:a3:2f:8e:ed:b0:ef:
a8:03:80:b9:d4:4c:15:31:4b:9f:82:02:a5:ca:08:e7:1b:a1:
09:73:ab:05:24:83:5d:53:ca:48:c9:8a:3a:59:75:49:c3:0b:
8e:68:c3:f2:c7:55:c7:5a:4d:87:cc:e0:d8:a9:c1:a3:5a:15:
8d:32:7c:63:41:f6:e5:92:b9:5c:26:8a:17:c0:0c:fd:22:5b:
79:f7:fb:a8:ee:c2:21:24:f4:6b:58:ad:0f:ba:eb:7d:1a:42:
86:04:9c:06:34:0e:a1:b9:ad:97:60:29:cd:c7:da:03:f4:2b:
62:15:64:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTrdYxYHA9J9mCMKydL/i+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOGUwYjc1OGJlNzNhMWRkYmZiNTE3ZWU4YjVlNGY4NjNh
MjFmOWUwHhcNMjIxMjA3MDcyMTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzUyMGZkNzc3YTc0YjU3MWFhYTA0OTJhNDlkZjkxYjNkNTdhZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iriefeBZMOVQZLDL8+/hd5ArNzg
X7hH+rVsF8VoxFeSJ2XVNi5Pamrr5yjQP9Lv6HyXTPVKT2LsN2HtgPyxR1OR/BDJ
zEYWUE+LByDeyIpDRiQonF1/izzr7LOxlW0tSvGW8BvQt7ZZmB62ztnAL+N2SsH4
1gMQuaubxYGth+2FS3SGHEhwDxYCjzIWkNxv7hoJWqsWLQOUy8CXG0kRkD5Sftmm
LmyoPfVMYua9BN02hsWwJCuq8cgJRPBtGA/0vgGa5pi5/AM7bVOE/jvtIxzlIfRY
8siqHdkKQV+fDMXGxytTOgP8zkhWD9xh/2R3IS6GQAPre2dX/LG7KoSPhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxSD9d3p0tXGqoEkqSd+Rs9V68tMB8GA1UdIwQY
MBaAFPKOC3WL5zod2/tRfui15Phjoh+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUt
NjllM2QwODY2ZWY2LzEvZkZJUDEzZW5TMWNhcWdTU3BKMzVHejFYcnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUtNjllM2QwODY2ZWY2
LzEvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYhUAwQA
ue4dMA0GCSqGSIb3DQEBCwUAA4IBAQDA6A4YpaJQtjLfQP/nvEA9WiiLzRcD0vSe
7hsWVVGvV23QDzhA4uPjeFlQU7pskeNIgHIxLVRx5WTSzUffEatYyGV1V26y955b
sbbDaISaS+pMtlWd7FQvS9hvMt9Vt45afNUuITMkz4w1FPosfd9J+fwHVVv/GdtB
PtWHZv2kGLt7HfJHxVeRynSjL47tsO+oA4C51EwVMUufggKlygjnG6EJc6sFJINd
U8pIyYo6WXVJwwuOaMPyx1XHWk2HzODYqcGjWhWNMnxjQfblkrlcJooXwAz9Ilt5
9/uo7sIhJPRrWK0Puut9GkKGBJwGNA6hua2XYCnNx9oD9CtiFWSI
-----END CERTIFICATE-----
Generated at Tue Apr 29 19:19:33 2025 by rpki-client