Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xfZ29SoXgbWHHkNRStXU7pV6mvs.roa
File: xfZ29SoXgbWHHkNRStXU7pV6mvs.roa (raw, json)
Hash identifier: hXi3wUWXknyflu6FQi4F2C9V6q/f/Uz10+JwKhLYmfQ=
Subject key identifier: C5:F6:76:F5:2A:17:81:B5:87:1E:43:51:4A:D5:D4:EE:95:7A:9A:FB
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D3B1ED104D3B88F29D0D16FE839AB6E32
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xfZ29SoXgbWHHkNRStXU7pV6mvs.roa
Signing time: Wed 24 Jan 2024 10:58:11 +0000
ROA not before: Wed 24 Jan 2024 10:58:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 91.85.0.0/17 maxlen: 17
91.85.128.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.104.129.0/24 maxlen: 24
212.104.130.0/24 maxlen: 24
212.104.132.0/24 maxlen: 24
212.104.143.0/24 maxlen: 24
212.104.149.0/24 maxlen: 24
212.104.150.0/24 maxlen: 24
212.104.152.0/24 maxlen: 24
212.104.155.0/24 maxlen: 24
212.104.156.0/24 maxlen: 24
212.104.159.0/24 maxlen: 24
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
212.108.88.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:1e:d1:04:d3:b8:8f:29:d0:d1:6f:e8:39:ab:6e:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 24 10:58:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5f676f52a1781b5871e43514ad5d4ee957a9afb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:7a:e2:5d:6c:b1:f3:08:a9:af:85:f8:cc:01:
bc:2d:85:be:b1:10:64:8a:ab:1b:62:99:d5:52:7b:
44:b9:ca:aa:00:07:1e:a3:a7:3d:12:39:b7:27:b1:
a2:93:51:3a:21:26:17:f0:82:77:ed:70:55:c1:77:
fd:f7:74:ba:08:36:fb:60:7c:8b:bc:d2:91:31:d2:
ac:4d:4f:2b:fc:b5:46:8f:c3:61:a7:3c:3e:ac:40:
9c:84:7f:4f:ad:aa:25:38:35:3a:30:9f:85:7d:4d:
32:af:ae:37:3b:fa:1b:5f:f0:09:b9:7a:98:5f:c3:
8c:f0:39:54:e9:a0:14:cd:8a:1a:f3:3c:1a:cb:18:
bc:e7:3b:40:af:ac:9c:0e:9e:9e:90:b0:5f:09:82:
ab:a8:fa:aa:a5:d8:50:a2:b7:f6:90:c7:1b:ac:1e:
b1:52:ca:1f:68:69:4c:06:be:d1:9a:ab:47:a8:57:
24:5f:90:1a:28:15:96:ee:57:8f:ca:d7:86:be:ea:
f7:3f:85:76:6f:9c:95:37:92:c6:db:29:50:18:19:
5d:6c:57:85:42:a8:75:bd:6b:1b:60:ff:69:95:4c:
51:b5:31:fc:70:0e:45:b9:99:8c:ea:ec:54:32:75:
11:2a:ed:7f:28:22:62:20:39:c3:96:46:bc:ea:f3:
a6:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:F6:76:F5:2A:17:81:B5:87:1E:43:51:4A:D5:D4:EE:95:7A:9A:FB
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xfZ29SoXgbWHHkNRStXU7pV6mvs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.85.0.0-91.85.159.255
91.85.192.0/18
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
88:a6:3c:f6:14:fc:63:43:30:2f:25:07:9e:8c:a4:47:76:56:
3d:d9:5b:94:09:57:96:aa:ef:07:52:c5:8c:fc:ba:13:ad:1a:
22:c9:8c:41:30:ef:f0:71:a6:a9:b6:79:0e:63:fa:15:2d:3a:
20:bc:39:f1:59:80:ae:3f:c4:0e:0b:2e:fd:92:2c:d1:c9:62:
83:db:24:c7:53:2f:75:b3:8c:b8:b3:9a:91:9a:36:5e:7c:5f:
e1:0e:46:5a:47:8d:9c:c3:16:57:43:c4:2f:33:bb:79:65:f0:
89:3d:30:2c:be:17:23:ac:86:2c:a7:36:18:b9:6a:f2:f6:41:
85:52:1e:44:03:5a:a6:73:28:dc:94:9a:22:55:e3:6d:41:27:
3e:99:0d:8c:d7:f3:b2:46:97:ad:7a:9e:6b:05:a6:2f:35:ff:
63:da:c2:e5:d8:d8:68:15:ec:aa:59:57:91:52:20:02:08:9a:
5e:79:cc:65:df:55:d4:2b:a3:b2:88:7b:ce:42:bc:d4:b2:d7:
76:9c:70:de:a8:19:e1:62:18:1f:27:18:bf:5d:9a:5b:cf:b5:
e8:28:c1:42:0c:22:44:de:54:d2:3c:1f:e0:55:f4:54:1d:0d:
d1:c4:e4:cb:41:cc:b9:6f:5c:0b:fd:f5:0e:15:ce:89:4d:3c:
e4:8b:70:ac
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAY07HtEE07iPKdDRb+g5q24yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTI0MTA1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWY2NzZmNTJhMTc4MWI1ODcxZTQzNTE0YWQ1ZDRlZTk1N2E5YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXriXWyx8wipr4X4zAG8LYW+sRBk
iqsbYpnVUntEucqqAAceo6c9Ejm3J7Gik1E6ISYX8IJ37XBVwXf993S6CDb7YHyL
vNKRMdKsTU8r/LVGj8Nhpzw+rECchH9PraolODU6MJ+FfU0yr643O/obX/AJuXqY
X8OM8DlU6aAUzYoa8zwayxi85ztAr6ycDp6ekLBfCYKrqPqqpdhQorf2kMcbrB6x
UsofaGlMBr7RmqtHqFckX5AaKBWW7lePyteGvur3P4V2b5yVN5LG2ylQGBldbFeF
Qqh1vWsbYP9plUxRtTH8cA5FuZmM6uxUMnURKu1/KCJiIDnDlka86vOmNQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMX2dvUqF4G1hx5DUUrV1O6Vepr7MB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEveGZaMjlTb1hnYldISGtOUlN0WFU3cFY2bXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1MAsDAwBbVQME
BVtVgAMEBltVwDAMAwQFwi4gAwQFwi5AAwQF1GiAMAwDBATUbFADBALUbFgwDQYJ
KoZIhvcNAQELBQADggEBAIimPPYU/GNDMC8lB56MpEd2Vj3ZW5QJV5aq7wdSxYz8
uhOtGiLJjEEw7/Bxpqm2eQ5j+hUtOiC8OfFZgK4/xA4LLv2SLNHJYoPbJMdTL3Wz
jLizmpGaNl58X+EORlpHjZzDFldDxC8zu3ll8Ik9MCy+FyOshiynNhi5avL2QYVS
HkQDWqZzKNyUmiJV421BJz6ZDYzX87JGl616nmsFpi81/2PawuXY2GgV7KpZV5FS
IAIIml55zGXfVdQro7KIe85CvNSy13accN6oGeFiGB8nGL9dmlvPtegowUIMIkTe
VNI8H+BV9FQdDdHE5MtBzLlvXAv99Q4VzolNPOSLcKw=
-----END CERTIFICATE-----
Generated at Mon Apr 21 21:12:53 2025 by rpki-client