Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/gY3jB_7gCTxYat6g8UgI2iT7MJg.roa
File: gY3jB_7gCTxYat6g8UgI2iT7MJg.roa (raw, json)
Hash identifier: dEXaOIl9nK8/pQjWEPKP6FjzjTKTiF1V7+B75Dmd8ak=
Subject key identifier: 81:8D:E3:07:FE:E0:09:3C:58:6A:DE:A0:F1:48:08:DA:24:FB:30:98
Certificate issuer: /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial: 01856C1C83DCE40DEDC7A9F14A1F6BC40617
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/gY3jB_7gCTxYat6g8UgI2iT7MJg.roa
Signing time: Sun 01 Jan 2023 06:54:45 +0000
ROA not before: Sun 01 Jan 2023 06:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48095
IP address blocks: 152.89.130.0/23 maxlen: 23
152.89.128.0/23 maxlen: 23
92.118.42.0/23 maxlen: 23
92.118.40.0/23 maxlen: 23
77.83.170.0/23 maxlen: 23
77.83.168.0/23 maxlen: 23
45.66.236.0/23 maxlen: 23
45.66.238.0/23 maxlen: 23
194.59.202.0/23 maxlen: 23
194.59.200.0/23 maxlen: 23
185.252.168.0/22 maxlen: 22
86.62.58.0/23 maxlen: 23
185.234.4.0/22 maxlen: 22
86.62.56.0/23 maxlen: 23
193.47.236.0/22 maxlen: 22
5.253.118.0/23 maxlen: 23
5.253.116.0/23 maxlen: 23
46.175.152.0/22 maxlen: 22
85.208.122.0/23 maxlen: 23
85.208.120.0/23 maxlen: 23
81.16.128.0/22 maxlen: 22
2.56.50.0/23 maxlen: 23
2.56.48.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:1c:83:dc:e4:0d:ed:c7:a9:f1:4a:1f:6b:c4:06:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Validity
Not Before: Jan 1 06:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=818de307fee0093c586adea0f14808da24fb3098
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:72:c2:23:0d:e4:b9:84:e1:05:0f:2f:aa:47:
0f:58:02:b2:b8:c6:a0:6d:88:4a:eb:b7:1b:7d:d7:
c3:dc:a7:e7:c4:b9:64:d7:05:9a:48:e2:8e:75:7f:
ac:33:1b:d4:3d:66:92:e0:f2:0e:15:77:1b:64:83:
6a:d8:7e:5f:96:d0:ea:db:32:1c:8e:c1:98:a2:e2:
06:00:29:43:11:8b:09:bd:cb:7b:a8:ad:c5:02:6e:
30:f4:3e:85:d3:11:92:1a:dc:aa:a9:a8:00:6a:a7:
7f:ff:77:30:d5:49:6d:12:87:da:f4:2b:46:03:e4:
93:f9:cd:0c:0d:a9:a8:ec:98:e1:7b:b1:d7:28:b4:
3b:3e:59:11:a4:ce:07:76:89:0e:85:4d:04:d7:30:
f9:1d:49:0c:5e:34:9e:1b:88:fe:2e:14:73:2a:85:
4c:53:f7:35:ff:ff:19:b8:e6:a4:d0:bd:b4:5a:ff:
5d:14:d6:3c:bd:a9:ea:bf:1b:05:8c:a9:06:f8:a8:
d8:15:3b:55:42:a9:99:f4:4c:6b:80:12:ca:90:35:
2c:a2:c9:b9:af:13:23:20:84:04:c8:17:6a:a9:32:
44:e7:db:bd:d5:a9:7b:43:b8:15:7d:44:d9:9c:ed:
d0:aa:d4:e8:32:29:a9:73:54:05:5e:0d:77:ad:98:
5b:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:8D:E3:07:FE:E0:09:3C:58:6A:DE:A0:F1:48:08:DA:24:FB:30:98
X509v3 Authority Key Identifier:
keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/gY3jB_7gCTxYat6g8UgI2iT7MJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.48.0/22
5.253.116.0/22
45.66.236.0/22
46.175.152.0/22
77.83.168.0/22
81.16.128.0/22
85.208.120.0/22
86.62.56.0/22
92.118.40.0/22
152.89.128.0/22
185.234.4.0/22
185.252.168.0/22
193.47.236.0/22
194.59.200.0/22
Signature Algorithm: sha256WithRSAEncryption
33:d0:5d:9a:f0:53:ed:e2:09:15:eb:57:ff:f1:8d:fd:4b:05:
66:88:8d:2c:26:d9:88:01:8a:88:6b:63:14:06:41:e3:92:ee:
1e:c6:6e:e1:cf:74:00:6e:e7:df:0d:1d:69:c5:9f:9b:cd:e5:
fb:2a:9a:55:3f:63:5b:e1:32:fd:de:64:a0:f0:dc:e4:a1:a0:
4f:5e:22:c0:68:f4:de:a7:0f:c3:98:e7:c7:10:3a:89:00:da:
fb:de:6a:03:94:5c:33:02:3f:37:ea:0d:07:47:9f:71:c1:9c:
d5:9c:e3:4b:65:41:23:29:32:ec:9f:da:b0:22:e7:4f:b7:da:
b5:17:99:2c:3e:8b:cb:50:ba:4d:4c:ad:00:d4:f1:1b:05:c0:
90:63:a9:93:36:71:ba:75:ba:d6:3e:96:06:6c:29:e3:f2:0a:
59:93:76:ee:de:ee:57:fa:33:7d:2f:65:dd:7e:5e:14:3f:a9:
e2:66:2a:f8:38:fa:11:81:08:58:b0:22:9f:5b:58:83:f3:89:
77:f4:ca:be:48:b4:34:b9:b2:c9:34:73:9e:be:7e:88:46:1e:
72:06:87:6e:a6:16:28:e0:c6:9b:28:d1:09:0c:5a:a3:83:55:
63:d4:8c:9b:83:4e:4e:8a:fa:21:2f:ee:76:0d:d6:f3:4d:5f:
db:db:36:e8
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVsHIPc5A3tx6nxSh9rxAYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjMwMTAxMDY1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MThkZTMwN2ZlZTAwOTNjNTg2YWRlYTBmMTQ4MDhkYTI0ZmIzMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnLCIw3kuYThBQ8vqkcPWAKyuMag
bYhK67cbfdfD3KfnxLlk1wWaSOKOdX+sMxvUPWaS4PIOFXcbZINq2H5fltDq2zIc
jsGYouIGAClDEYsJvct7qK3FAm4w9D6F0xGSGtyqqagAaqd//3cw1UltEofa9CtG
A+ST+c0MDamo7Jjhe7HXKLQ7PlkRpM4HdokOhU0E1zD5HUkMXjSeG4j+LhRzKoVM
U/c1//8ZuOak0L20Wv9dFNY8vanqvxsFjKkG+KjYFTtVQqmZ9ExrgBLKkDUsosm5
rxMjIIQEyBdqqTJE59u91al7Q7gVfUTZnO3QqtToMimpc1QFXg13rZhbfwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFIGN4wf+4Ak8WGreoPFICNok+zCYMB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvZ1kzakJfN2dDVHhZYXQ2ZzhVZ0kyaVQ3TUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCAjgwAwQC
Bf10AwQCLULsAwQCLq+YAwQCTVOoAwQCURCAAwQCVdB4AwQCVj44AwQCXHYoAwQC
mFmAAwQCueoEAwQCufyoAwQCwS/sAwQCwjvIMA0GCSqGSIb3DQEBCwUAA4IBAQAz
0F2a8FPt4gkV61f/8Y39SwVmiI0sJtmIAYqIa2MUBkHjku4exm7hz3QAbuffDR1p
xZ+bzeX7KppVP2Nb4TL93mSg8NzkoaBPXiLAaPTepw/DmOfHEDqJANr73moDlFwz
Aj836g0HR59xwZzVnONLZUEjKTLsn9qwIudPt9q1F5ksPovLULpNTK0A1PEbBcCQ
Y6mTNnG6dbrWPpYGbCnj8gpZk3bu3u5X+jN9L2Xdfl4UP6niZir4OPoRgQhYsCKf
W1iD84l39Mq+SLQ0ubLJNHOevn6IRh5yBoduphYo4MabKNEJDFqjg1Vj1Iybg05O
ivohL+52DdbzTV/b2zbo
-----END CERTIFICATE-----
Generated at Tue Apr 22 17:01:11 2025 by rpki-client