Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/T5WYVvuy3CROh34xF7otLCtjg8Q.roa
File: T5WYVvuy3CROh34xF7otLCtjg8Q.roa (raw, json)
Hash identifier: 5FGW1JUuOQJsMyfmcz+opw8VBXEM0Ana3/sX3ywR46s=
Subject key identifier: 4F:95:98:56:FB:B2:DC:24:4E:87:7E:31:17:BA:2D:2C:2B:63:83:C4
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018CC8DF61E16F12E026E2C1AC71294A5ED5
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/T5WYVvuy3CROh34xF7otLCtjg8Q.roa
Signing time: Tue 02 Jan 2024 06:32:11 +0000
ROA not before: Tue 02 Jan 2024 06:32:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
91.85.0.0/16 maxlen: 16
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:61:e1:6f:12:e0:26:e2:c1:ac:71:29:4a:5e:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 2 06:32:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4f959856fbb2dc244e877e3117ba2d2c2b6383c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ee:ac:5f:aa:57:c0:7f:ff:35:e8:df:06:8b:
53:47:6d:43:5f:61:e9:0f:c7:39:91:ce:69:e8:35:
4b:3d:4c:f4:c7:cd:86:e4:21:a9:b9:ef:dd:e0:80:
43:98:90:eb:90:e6:a3:8b:f4:71:a4:d6:10:e5:6c:
0d:05:64:89:bf:83:07:8c:5a:71:8f:44:4e:e1:24:
f3:48:b8:c0:25:91:2e:74:d5:23:84:38:68:fa:0f:
cc:17:07:60:0e:1d:4d:f3:51:70:80:51:aa:42:8a:
cf:68:eb:30:f6:b9:1c:27:b6:ff:e7:13:4a:79:0c:
65:36:79:72:a6:53:e0:77:4c:c5:a3:fc:66:60:6e:
f5:05:c4:a2:30:4b:10:d5:a0:b9:01:d2:1d:14:ff:
b5:5d:6c:26:ca:cd:f4:46:38:ee:61:50:25:89:38:
97:0c:c1:3b:11:22:61:4f:b1:5b:fd:c3:fa:ec:70:
7f:db:b5:18:f1:ca:02:70:c4:f7:4d:b0:2f:20:13:
c1:f6:e4:ef:a3:99:be:59:5f:af:e2:dd:5b:81:01:
b2:14:91:45:41:61:19:dc:9a:18:97:e5:05:1d:9e:
38:79:95:2c:9b:4f:af:3b:7a:26:a8:e3:2d:69:60:
28:fe:77:6c:45:64:28:d4:b7:48:e7:3d:7d:e4:5b:
41:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:95:98:56:FB:B2:DC:24:4E:87:7E:31:17:BA:2D:2C:2B:63:83:C4
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/T5WYVvuy3CROh34xF7otLCtjg8Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.85.0.0/16
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
30:c8:2d:ca:2e:5c:7a:94:f0:03:0b:ab:09:1a:85:de:15:7c:
13:36:78:6a:1d:5b:81:50:dc:ac:ff:d1:09:66:89:7e:c9:ba:
08:d5:a4:6e:b6:d5:09:38:c4:1b:16:fb:63:54:55:c3:3b:98:
52:3c:78:a7:5c:06:63:26:f8:9d:09:21:8b:fc:42:1c:5e:36:
68:12:76:28:ee:c7:69:5e:ec:c0:1d:69:f3:5d:e3:ad:af:ff:
16:c8:85:a2:7f:3c:75:cd:ed:a9:d4:5d:b1:24:55:57:0c:7c:
4a:50:60:cf:d3:ef:05:e6:64:c7:f0:bf:5b:f7:8e:eb:51:90:
3b:88:d3:97:88:57:d7:ff:dc:25:57:61:ce:4f:45:d4:41:59:
1c:08:c8:a4:94:af:13:8c:d9:50:ca:81:53:bf:80:b4:2d:66:
29:3d:cf:5d:fe:2b:26:6f:aa:ed:a9:34:68:2b:a4:67:5c:33:
5f:5b:3d:1e:9e:b6:11:58:99:65:5e:ff:e9:22:9a:02:19:84:
da:04:c7:c9:20:45:d4:6a:cb:97:d8:9a:30:43:e7:9f:7e:0f:
b6:aa:da:4e:e4:56:7d:5e:9f:fd:07:2f:bf:b6:43:3b:55:fa:
be:bf:43:41:b6:7e:79:2c:f1:0f:f6:3e:25:74:9f:12:1f:24:
9d:7d:bf:2d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzI32HhbxLgJuLBrHEpSl7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk1OTg1NmZiYjJkYzI0NGU4NzdlMzExN2JhMmQyYzJiNjM4M2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmO6sX6pXwH//NejfBotTR21DX2Hp
D8c5kc5p6DVLPUz0x82G5CGpue/d4IBDmJDrkOaji/RxpNYQ5WwNBWSJv4MHjFpx
j0RO4STzSLjAJZEudNUjhDho+g/MFwdgDh1N81FwgFGqQorPaOsw9rkcJ7b/5xNK
eQxlNnlyplPgd0zFo/xmYG71BcSiMEsQ1aC5AdIdFP+1XWwmys30RjjuYVAliTiX
DME7ESJhT7Fb/cP67HB/27UY8coCcMT3TbAvIBPB9uTvo5m+WV+v4t1bgQGyFJFF
QWEZ3JoYl+UFHZ44eZUsm0+vO3omqOMtaWAo/ndsRWQo1LdI5z195FtBtwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFE+VmFb7stwkTod+MRe6LSwrY4PEMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvVDVXWVZ2dXkzQ1JPaDM0eEY3b3RMQ3RqZzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwMAW1UwDAME
BcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC1GxYMA0GCSqGSIb3DQEBCwUAA4IB
AQAwyC3KLlx6lPADC6sJGoXeFXwTNnhqHVuBUNys/9EJZol+yboI1aRuttUJOMQb
FvtjVFXDO5hSPHinXAZjJvidCSGL/EIcXjZoEnYo7sdpXuzAHWnzXeOtr/8WyIWi
fzx1ze2p1F2xJFVXDHxKUGDP0+8F5mTH8L9b947rUZA7iNOXiFfX/9wlV2HOT0XU
QVkcCMiklK8TjNlQyoFTv4C0LWYpPc9d/ismb6rtqTRoK6RnXDNfWz0enrYRWJll
Xv/pIpoCGYTaBMfJIEXUasuX2JowQ+effg+2qtpO5FZ9Xp/9By+/tkM7Vfq+v0NB
tn55LPEP9j4ldJ8SHySdfb8t
-----END CERTIFICATE-----
Generated at Sat Apr 19 06:32:37 2025 by rpki-client