Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/NxkZVT6Yl_lMVC15jPG5N4Was0w.roa
File: NxkZVT6Yl_lMVC15jPG5N4Was0w.roa (raw, json)
Hash identifier: HgEDDPXnbCI57wFKh7Aa/kkiwomkz0mr6XLwJ4tr3bE=
Subject key identifier: 37:19:19:55:3E:98:97:F9:4C:54:2D:79:8C:F1:B9:37:85:9A:B3:4C
Certificate issuer: /CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Certificate serial: 056F0A7F
Authority key identifier: 20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/NxkZVT6Yl_lMVC15jPG5N4Was0w.roa
Signing time: Sat 01 Jan 2022 15:55:23 +0000
ROA not before: Sat 01 Jan 2022 15:55:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199484
IP address blocks: 185.155.150.0/24 maxlen: 24
185.155.148.0/24 maxlen: 24
185.155.151.0/24 maxlen: 24
185.155.149.0/24 maxlen: 24
212.101.96.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 91163263 (0x56f0a7f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Validity
Not Before: Jan 1 15:55:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=371919553e9897f94c542d798cf1b937859ab34c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:cd:35:99:33:31:79:bd:b9:1f:9b:a5:51:b5:
81:5a:14:f9:a6:0b:40:31:8b:5c:05:4b:19:fc:09:
5d:fb:0b:bd:7d:ae:db:02:ba:8d:51:28:bc:a0:c6:
24:73:8f:d9:70:25:84:47:06:98:c4:b1:d5:40:11:
e5:99:91:02:ee:be:2f:ad:c9:dc:35:e7:5b:67:c6:
2c:33:be:40:cc:88:81:5a:1f:91:14:71:1a:3f:87:
f9:2f:9e:8c:63:53:54:66:eb:70:7c:92:93:95:91:
ec:dc:c7:98:c3:7c:6f:5d:47:51:2a:c4:1e:18:0f:
f2:f7:62:09:18:ac:65:a7:ea:c6:ea:8a:3a:b1:a2:
2e:93:19:22:66:91:c3:e2:9a:da:8c:95:aa:1b:0b:
b2:c8:59:2b:0b:3f:9e:0f:2f:ee:51:9f:9d:5c:e1:
e7:d8:11:33:89:11:9b:bd:c1:b8:e4:94:1a:86:34:
2b:1c:14:80:d5:d4:a8:0e:79:3f:da:2b:01:e6:07:
1f:11:1c:85:7f:63:af:a0:f0:1d:ec:bf:86:ea:ee:
fe:dc:57:8a:25:62:95:99:01:e3:9e:bf:5c:67:59:
4e:30:ea:70:bd:fb:0a:b3:f0:be:d6:15:66:3a:eb:
73:74:2a:42:89:ec:b2:e6:3a:b5:14:cf:3a:39:93:
5e:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:19:19:55:3E:98:97:F9:4C:54:2D:79:8C:F1:B9:37:85:9A:B3:4C
X509v3 Authority Key Identifier:
keyid:20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/NxkZVT6Yl_lMVC15jPG5N4Was0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.155.148.0/22
212.101.96.0/19
Signature Algorithm: sha256WithRSAEncryption
6b:0c:1e:7b:50:bb:41:b4:cc:b9:00:b6:4e:5b:6c:98:0b:84:
b0:4c:f8:a6:42:b2:de:ff:ce:4b:98:6e:a9:17:2d:a7:99:76:
a4:cb:8d:d6:e3:54:b9:95:75:5c:23:e7:46:5d:9f:45:d0:e6:
f8:16:f8:a4:2c:4f:03:75:f4:0b:18:bd:2c:5c:d4:6b:bd:a9:
7b:4c:61:41:87:fc:ab:31:d2:ad:19:a4:b7:c0:d6:91:0d:12:
9e:25:c9:17:ad:03:20:e6:2d:14:23:5e:31:0f:f3:3a:24:b1:
67:de:d4:f2:59:0f:63:31:e8:8d:f0:a0:02:c0:2c:77:83:e4:
49:33:cb:6c:04:dc:db:66:9b:0b:5d:04:48:b2:ac:d6:96:2c:
b1:1e:97:72:af:ff:9e:f2:1e:9c:d0:c0:ef:fe:76:9f:1e:d3:
a5:a3:0d:51:15:21:51:c8:ea:d5:bf:c4:1a:ae:a4:35:2f:ee:
09:6d:ea:29:23:0c:3d:d8:69:00:50:cb:a8:09:08:71:3f:8d:
52:23:53:e5:a8:af:22:59:d8:33:93:64:66:27:c5:87:54:ec:
82:8d:6d:cc:61:69:5c:a0:b2:81:62:5c:50:03:12:3d:d5:74:
5b:77:d2:05:48:6b:cc:61:f2:30:62:db:63:a5:3b:60:0d:21:
73:73:3d:fb
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBW8KfzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MDUwZGY1MWYwZTViYzgxZGI0YjA1ZjQ0OWY3NDMwOGQ3ZmNmYTJlMB4XDTIyMDEw
MTE1NTUyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzcxOTE5NTUzZTk4
OTdmOTRjNTQyZDc5OGNmMWI5Mzc4NTlhYjM0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMTNNZkzMXm9uR+bpVG1gVoU+aYLQDGLXAVLGfwJXfsLvX2u
2wK6jVEovKDGJHOP2XAlhEcGmMSx1UAR5ZmRAu6+L63J3DXnW2fGLDO+QMyIgVof
kRRxGj+H+S+ejGNTVGbrcHySk5WR7NzHmMN8b11HUSrEHhgP8vdiCRisZafqxuqK
OrGiLpMZImaRw+Ka2oyVqhsLsshZKws/ng8v7lGfnVzh59gRM4kRm73BuOSUGoY0
KxwUgNXUqA55P9orAeYHHxEchX9jr6DwHey/huru/txXiiVilZkB456/XGdZTjDq
cL37CrPwvtYVZjrrc3QqQonssuY6tRTPOjmTXncCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ3GRlVPpiX+UxULXmM8bk3hZqzTDAfBgNVHSMEGDAWgBQgUN9R8OW8gdtL
BfRJ90MI1/z6LjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lGRGZVZkRsdklIYlN3WDBTZmREQ05mOC1pNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvNjBlMzc2LTk5M2MtNGJhZi1iNTkwLTZlNjQ4MWU1NzY1Yy8x
L054a1pWVDZZbF9sTVZDMTVqUEc1TjRXYXMwdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
NjBlMzc2LTk5M2MtNGJhZi1iNTkwLTZlNjQ4MWU1NzY1Yy8xL0lGRGZVZkRsdklI
YlN3WDBTZmREQ05mOC1pNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArmblAMEBdRlYDANBgkqhkiG9w0B
AQsFAAOCAQEAawwee1C7QbTMuQC2TltsmAuEsEz4pkKy3v/OS5huqRctp5l2pMuN
1uNUuZV1XCPnRl2fRdDm+Bb4pCxPA3X0Cxi9LFzUa72pe0xhQYf8qzHSrRmkt8DW
kQ0SniXJF60DIOYtFCNeMQ/zOiSxZ97U8lkPYzHojfCgAsAsd4PkSTPLbATc22ab
C10ESLKs1pYssR6Xcq//nvIenNDA7/52nx7TpaMNURUhUcjq1b/EGq6kNS/uCW3q
KSMMPdhpAFDLqAkIcT+NUiNT5aivIlnYM5NkZifFh1Tsgo1tzGFpXKCygWJcUAMS
PdV0W3fSBUhrzGHyMGLbY6U7YA0hc3M9+w==
-----END CERTIFICATE-----
Generated at Tue Apr 29 18:36:13 2025 by rpki-client