Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/oVD4YvsfEAG_vETmRHuizlpXrpk.roa
File: oVD4YvsfEAG_vETmRHuizlpXrpk.roa (raw, json)
Hash identifier: OR5HbSj8tTMtZFRBYYUisVJyN58nYtRd7svMcKPrjPo=
Subject key identifier: A1:50:F8:62:FB:1F:10:01:BF:BC:44:E6:44:7B:A2:CE:5A:57:AE:99
Certificate issuer: /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial: 0D1E162E
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/oVD4YvsfEAG_vETmRHuizlpXrpk.roa
Signing time: Mon 02 May 2022 13:32:09 +0000
ROA not before: Mon 02 May 2022 13:32:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 195.180.128.0/22 maxlen: 24
194.163.192.0/19 maxlen: 24
194.64.92.0/22 maxlen: 22
195.252.160.0/22 maxlen: 24
194.163.96.0/19 maxlen: 24
217.172.168.0/23 maxlen: 24
212.224.16.0/22 maxlen: 22
212.224.24.0/22 maxlen: 22
62.138.64.0/22 maxlen: 22
62.138.72.0/22 maxlen: 22
195.180.224.0/20 maxlen: 24
194.163.64.0/22 maxlen: 22
194.163.80.0/22 maxlen: 22
195.180.192.0/20 maxlen: 24
194.64.152.0/22 maxlen: 22
194.195.32.0/19 maxlen: 24
194.233.224.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 220075566 (0xd1e162e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Validity
Not Before: May 2 13:32:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a150f862fb1f1001bfbc44e6447ba2ce5a57ae99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:f0:b6:2f:05:33:c1:1d:24:6b:1c:71:92:d2:
08:95:1f:05:0a:c8:8d:2c:fa:c5:d0:52:64:d3:ed:
e5:ec:32:6e:a4:64:01:a8:81:61:18:84:a6:be:b2:
b4:0d:12:48:4a:7f:71:da:08:7b:61:7a:62:79:02:
dd:7a:99:09:15:6f:88:2e:7f:f6:f8:65:12:64:a4:
94:d3:4a:38:2f:2b:44:a1:76:ae:2e:bf:99:90:cd:
83:1e:1a:db:4c:25:e8:78:7e:af:16:01:8f:7a:be:
60:39:70:b1:fd:06:1b:cb:90:bc:00:a9:37:20:33:
6f:52:d6:21:41:6f:f2:a6:1c:0c:fa:0c:6b:4b:21:
74:01:a5:b9:0e:26:8e:64:ee:c9:d0:96:73:45:50:
37:ba:22:32:4d:fc:e1:70:79:9d:df:31:e1:89:8c:
d1:5b:49:9b:fc:19:25:72:f2:2b:dd:f9:18:9d:d7:
58:9a:2e:f0:fa:1e:5c:1d:d1:c8:24:2b:1a:28:db:
3b:93:76:df:99:2f:d0:98:70:3d:2f:5e:56:76:7e:
db:5e:8c:3c:13:aa:f8:b4:07:89:a4:15:da:c8:76:
cd:79:94:c3:d6:7f:d3:f9:62:02:06:d3:c1:b1:86:
e1:f7:3c:83:bb:68:e2:79:00:ec:15:df:bb:08:1e:
a9:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:50:F8:62:FB:1F:10:01:BF:BC:44:E6:44:7B:A2:CE:5A:57:AE:99
X509v3 Authority Key Identifier:
keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/oVD4YvsfEAG_vETmRHuizlpXrpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.138.64.0/22
62.138.72.0/22
194.64.92.0/22
194.64.152.0/22
194.163.64.0/22
194.163.80.0/22
194.163.96.0/19
194.163.192.0/19
194.195.32.0/19
194.233.224.0/20
195.180.128.0/22
195.180.192.0/20
195.180.224.0/20
195.252.160.0/22
212.224.16.0/22
212.224.24.0/22
217.172.168.0/23
Signature Algorithm: sha256WithRSAEncryption
a8:50:02:2e:f7:14:6f:5a:92:32:f4:d2:34:12:f7:ae:22:5b:
d7:4a:9b:c5:a6:b2:1a:ea:17:9f:ca:61:27:47:1c:a5:b6:e2:
ce:1b:c0:5a:71:0a:b1:52:d7:e6:1c:11:ad:95:f1:55:0c:1c:
7f:ba:e9:0e:3c:6b:7d:5f:51:06:31:31:ff:3b:25:da:0a:d2:
cf:5c:08:b7:72:e0:9d:36:a3:1f:8f:8d:73:8a:f6:14:54:8b:
b9:8e:4d:60:6a:4b:9f:ac:87:c5:90:9a:72:0f:56:39:1c:c9:
59:6a:93:f4:a6:5b:0b:5b:06:38:13:2b:04:de:5d:38:c1:a6:
52:84:be:2e:cc:82:f0:b1:75:19:03:40:62:3e:ca:3a:87:08:
ec:eb:33:50:cb:f1:cf:52:cc:16:dc:c1:08:59:0e:8a:b2:be:
f4:4b:12:0b:0a:b7:e8:40:e0:a2:cc:44:31:0e:49:a8:be:10:
bf:8f:4a:ce:2b:5e:e4:1d:b0:e0:df:4f:bf:78:76:8d:cb:2c:
9f:0e:b5:f3:b9:8d:74:9d:04:49:49:01:c7:8e:d6:55:e9:14:
b7:2f:d7:cf:b0:87:37:85:bc:9c:05:e4:4b:88:8b:b0:4a:37:
c7:04:5b:bf:e6:e1:d4:60:89:50:dc:9c:c6:63:0c:95:87:5d:
9d:7a:5d:25
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIEDR4WLjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDUw
MjEzMzIwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTE1MGY4NjJmYjFm
MTAwMWJmYmM0NGU2NDQ3YmEyY2U1YTU3YWU5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzwti8FM8EdJGsccZLSCJUfBQrIjSz6xdBSZNPt5ewybqRk
AaiBYRiEpr6ytA0SSEp/cdoIe2F6YnkC3XqZCRVviC5/9vhlEmSklNNKOC8rRKF2
ri6/mZDNgx4a20wl6Hh+rxYBj3q+YDlwsf0GG8uQvACpNyAzb1LWIUFv8qYcDPoM
a0shdAGluQ4mjmTuydCWc0VQN7oiMk384XB5nd8x4YmM0VtJm/wZJXLyK935GJ3X
WJou8PoeXB3RyCQrGijbO5N235kv0JhwPS9eVnZ+216MPBOq+LQHiaQV2sh2zXmU
w9Z/0/liAgbTwbGG4fc8g7to4nkA7BXfuwgeqc0CAwEAAaOCAmkwggJlMB0GA1Ud
DgQWBBShUPhi+x8QAb+8ROZEe6LOWleumTAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L29WRDRZdnNmRUFHX3ZFVG1SSHVpemxwWHJway5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB/
BggrBgEFBQcBBwEB/wRwMG4wbAQCAAEwZgMEAj6KQAMEAj6KSAMEAsJAXAMEAsJA
mAMEAsKjQAMEAsKjUAMEBcKjYAMEBcKjwAMEBcLDIAMEBMLp4AMEAsO0gAMEBMO0
wAMEBMO04AMEAsP8oAMEAtTgEAMEAtTgGAMEAdmsqDANBgkqhkiG9w0BAQsFAAOC
AQEAqFACLvcUb1qSMvTSNBL3riJb10qbxaayGuoXn8phJ0ccpbbizhvAWnEKsVLX
5hwRrZXxVQwcf7rpDjxrfV9RBjEx/zsl2grSz1wIt3LgnTajH4+Nc4r2FFSLuY5N
YGpLn6yHxZCacg9WORzJWWqT9KZbC1sGOBMrBN5dOMGmUoS+LsyC8LF1GQNAYj7K
OocI7OszUMvxz1LMFtzBCFkOirK+9EsSCwq36EDgosxEMQ5JqL4Qv49Kzite5B2w
4N9Pv3h2jcssnw6187mNdJ0ESUkBx47WVekUty/Xz7CHN4W8nAXkS4iLsEo3xwRb
v+bh1GCJUNycxmMMlYddnXpdJQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:57:59 2025 by rpki-client