Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/zDf8nJhIyPsMrsVdd8VpZHcIUP4.roa
File: zDf8nJhIyPsMrsVdd8VpZHcIUP4.roa (raw, json)
Hash identifier: LPPWAEi3JdXZrqr1YLoxzHe9Syj1yIRgh+vMQ6zLCyA=
Subject key identifier: CC:37:FC:9C:98:48:C8:FB:0C:AE:C5:5D:77:C5:69:64:77:08:50:FE
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 0194A8FB42BC9841E75671726F7D385B6146
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/zDf8nJhIyPsMrsVdd8VpZHcIUP4.roa
Signing time: Mon 27 Jan 2025 18:17:06 +0000
ROA not before: Mon 27 Jan 2025 18:17:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209372
IP address blocks: 85.28.32.0/23 maxlen: 23
85.28.34.0/24 maxlen: 24
85.28.35.0/24 maxlen: 24
85.28.36.0/22 maxlen: 22
85.28.40.0/23 maxlen: 23
85.28.42.0/24 maxlen: 24
85.28.43.0/24 maxlen: 24
85.28.44.0/23 maxlen: 23
85.28.48.0/22 maxlen: 22
85.28.52.0/23 maxlen: 23
85.28.54.0/23 maxlen: 23
85.28.56.0/24 maxlen: 24
85.28.57.0/24 maxlen: 24
85.28.58.0/24 maxlen: 24
85.28.59.0/24 maxlen: 24
85.28.60.0/22 maxlen: 22
85.28.60.0/24 maxlen: 24
85.28.62.0/24 maxlen: 24
109.238.200.0/24 maxlen: 24
109.238.203.0/24 maxlen: 24
109.238.205.0/24 maxlen: 24
194.31.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a8:fb:42:bc:98:41:e7:56:71:72:6f:7d:38:5b:61:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Jan 27 18:17:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc37fc9c9848c8fb0caec55d77c56964770850fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e8:f4:8b:aa:a7:8f:53:2f:bd:ce:03:bf:04:
82:f0:f9:91:a7:be:2b:48:7e:7c:94:b1:ae:59:70:
a4:9b:41:83:37:a8:f8:9b:ef:5e:e6:8b:51:82:b7:
0a:d4:ac:54:fc:53:bf:74:c7:a7:9e:56:6a:3e:67:
de:88:53:30:92:ad:df:ce:be:1a:98:29:7f:84:48:
66:a2:25:19:43:b5:a5:4b:83:aa:f8:b0:7e:96:92:
44:41:b9:51:d6:60:18:c8:64:02:b4:9b:82:7b:a5:
9f:cb:49:5d:bc:eb:67:91:97:8d:e7:d2:1d:d1:2b:
5d:8f:8e:30:a1:b8:74:65:7a:7f:15:93:54:94:83:
bb:f3:57:04:ee:4d:79:95:a8:cc:b3:41:a5:aa:02:
6a:b5:d0:ca:e7:f2:c9:6c:7b:a2:2d:df:b8:01:58:
47:f3:f6:6f:dc:50:af:6f:41:d7:b6:4e:45:08:0b:
46:08:41:0e:c1:b6:1f:4c:29:c7:a6:20:38:25:b9:
2d:f4:72:81:8c:ca:c8:07:58:65:a5:5f:38:0a:b0:
6b:90:73:a2:a9:7a:1a:76:c3:64:06:65:ae:dd:08:
8f:6a:c0:ff:9c:30:eb:4a:5e:b1:78:58:bc:69:46:
e1:e7:aa:e6:7c:f4:25:a8:3a:0b:6a:21:77:29:3a:
a0:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:37:FC:9C:98:48:C8:FB:0C:AE:C5:5D:77:C5:69:64:77:08:50:FE
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/zDf8nJhIyPsMrsVdd8VpZHcIUP4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.32.0-85.28.45.255
85.28.48.0/20
109.238.200.0/24
109.238.203.0/24
109.238.205.0/24
194.31.156.0/22
Signature Algorithm: sha256WithRSAEncryption
8b:e5:5a:ca:9f:9e:37:83:af:ea:28:14:df:ec:dd:d7:ef:e5:
40:f1:03:3d:97:6c:d7:98:e4:51:b1:51:68:ea:fa:75:e6:25:
2a:ba:32:8d:8d:2e:eb:2e:d9:bf:64:ef:67:a0:83:1b:69:45:
dc:a2:92:7d:e2:75:d4:7b:23:8c:5c:36:5e:7d:2d:d1:17:a4:
92:5f:25:c4:fd:d3:83:b5:dd:5d:a2:a5:59:32:20:88:c0:50:
21:5c:e2:76:6b:51:b6:6f:02:33:78:c8:d6:bd:8a:d9:27:6f:
ee:79:2f:33:55:03:23:ae:aa:df:f5:d6:39:21:db:1c:99:e3:
76:57:72:25:7a:8b:63:7a:74:59:68:7f:a5:eb:c9:5f:3e:86:
5a:41:82:ba:71:b3:c0:47:19:50:e6:92:3a:45:2c:dc:10:8a:
24:9f:c3:71:1c:92:0c:59:86:0e:b7:57:46:0e:d1:40:75:c6:
fd:38:9a:e3:79:0c:23:da:c2:6c:37:65:2f:20:86:a7:4e:f2:
b0:04:5d:48:a6:07:5a:a6:e4:21:bb:b6:3a:5c:d5:3f:b6:38:
da:27:3a:67:99:4b:11:a2:7b:75:86:2f:f1:c7:36:49:fa:04:
06:34:99:5f:67:4b:b2:5f:05:6a:da:d2:d3:32:1c:12:f3:1e:
3b:0c:d3:e4
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZSo+0K8mEHnVnFyb304W2FGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwMTI3MTgxNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzM3ZmM5Yzk4NDhjOGZiMGNhZWM1NWQ3N2M1Njk2NDc3MDg1MGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOj0i6qnj1Mvvc4DvwSC8PmRp74r
SH58lLGuWXCkm0GDN6j4m+9e5otRgrcK1KxU/FO/dMennlZqPmfeiFMwkq3fzr4a
mCl/hEhmoiUZQ7WlS4Oq+LB+lpJEQblR1mAYyGQCtJuCe6Wfy0ldvOtnkZeN59Id
0Stdj44wobh0ZXp/FZNUlIO781cE7k15lajMs0GlqgJqtdDK5/LJbHuiLd+4AVhH
8/Zv3FCvb0HXtk5FCAtGCEEOwbYfTCnHpiA4Jbkt9HKBjMrIB1hlpV84CrBrkHOi
qXoadsNkBmWu3QiPasD/nDDrSl6xeFi8aUbh56rmfPQlqDoLaiF3KTqgGwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFMw3/JyYSMj7DK7FXXfFaWR3CFD+MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvekRmOG5KaEl5UHNNcnNWZGQ4VnBaSGNJVVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBAVVHCAD
BAFVHCwDBARVHDADBABt7sgDBABt7ssDBABt7s0DBALCH5wwDQYJKoZIhvcNAQEL
BQADggEBAIvlWsqfnjeDr+ooFN/s3dfv5UDxAz2XbNeY5FGxUWjq+nXmJSq6Mo2N
Lusu2b9k72eggxtpRdyikn3iddR7I4xcNl59LdEXpJJfJcT904O13V2ipVkyIIjA
UCFc4nZrUbZvAjN4yNa9itknb+55LzNVAyOuqt/11jkh2xyZ43ZXciV6i2N6dFlo
f6XryV8+hlpBgrpxs8BHGVDmkjpFLNwQiiSfw3EckgxZhg63V0YO0UB1xv04muN5
DCPawmw3ZS8ghqdO8rAEXUimB1qm5CG7tjpc1T+2ONonOmeZSxGie3WGL/HHNkn6
BAY0mV9nS7JfBWra0tMyHBLzHjsM0+Q=
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:19:22 2025 by rpki-client