Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/h7045uZF9IEEie8vg5Wto8jmLtk.roa
File: h7045uZF9IEEie8vg5Wto8jmLtk.roa (raw, json)
Hash identifier: bnXzREZnHiUimj8s/Z0oucsK3Z7Uq9yrtdY9Fz/9cbI=
Subject key identifier: 87:BD:38:E6:E6:45:F4:81:04:89:EF:2F:83:95:AD:A3:C8:E6:2E:D9
Certificate issuer: /CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Certificate serial: 018CC8DED7F8EDABAF06C40731219A248056
Authority key identifier: C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/h7045uZF9IEEie8vg5Wto8jmLtk.roa
Signing time: Tue 02 Jan 2024 06:31:36 +0000
ROA not before: Tue 02 Jan 2024 06:31:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41589
IP address blocks: 81.25.128.0/20 maxlen: 20
195.34.86.0/23 maxlen: 23
91.142.48.0/20 maxlen: 24
217.171.176.0/20 maxlen: 20
79.141.16.0/20 maxlen: 20
185.118.100.0/22 maxlen: 24
2a02:4d8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:d7:f8:ed:ab:af:06:c4:07:31:21:9a:24:80:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Validity
Not Before: Jan 2 06:31:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=87bd38e6e645f4810489ef2f8395ada3c8e62ed9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:81:a9:eb:b6:0d:a5:6a:ae:d4:3c:a4:45:3e:
63:c6:e4:ac:f0:bc:c1:84:f9:43:ad:0e:38:ff:51:
a3:56:9d:ee:a7:27:2f:cf:da:66:59:9c:03:fe:52:
2d:5a:1d:94:d0:19:29:1d:ae:0e:9d:74:15:00:1d:
7c:75:b5:a8:ac:26:93:7d:7e:dc:f1:75:f5:fb:82:
fd:71:50:1f:97:76:26:60:8b:08:6c:39:e5:70:5c:
b2:e0:27:a9:e3:a7:87:73:7c:fd:80:c0:63:d8:b6:
10:18:2d:c6:20:42:fb:f5:61:28:90:f8:23:2a:03:
c0:9f:ef:57:a3:67:e9:1d:7a:6a:6f:25:1e:c7:96:
61:de:00:52:9e:64:f1:10:c0:f2:f1:1e:88:9d:9b:
6a:89:02:36:6d:56:51:53:e4:9c:95:43:c0:36:73:
c7:83:f1:ea:a2:4b:25:4f:b2:25:3c:d3:d5:20:d3:
48:d0:6a:eb:84:cc:3f:8e:d8:5c:c7:8c:fa:5e:3b:
7e:c6:d1:5e:f4:d0:56:0d:9e:91:fd:e3:4e:1d:17:
59:b3:f7:25:cf:88:01:82:de:bd:76:8c:49:ba:aa:
84:c1:8f:f6:af:f9:63:05:b4:a4:62:b5:1c:a2:fa:
b5:8e:0e:54:98:c0:d8:db:42:7b:24:4b:b5:c2:5c:
20:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:BD:38:E6:E6:45:F4:81:04:89:EF:2F:83:95:AD:A3:C8:E6:2E:D9
X509v3 Authority Key Identifier:
keyid:C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/h7045uZF9IEEie8vg5Wto8jmLtk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/xPiLXG5RFuUM8rW99D6HIPHYxg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.141.16.0/20
81.25.128.0/20
91.142.48.0/20
185.118.100.0/22
195.34.86.0/23
217.171.176.0/20
IPv6:
2a02:4d8::/32
Signature Algorithm: sha256WithRSAEncryption
2b:6c:5d:4b:60:94:42:0a:61:52:d6:2d:40:f5:79:cd:50:1a:
cd:5f:80:fb:99:0c:42:b9:0a:66:65:28:e1:d6:72:6c:3c:af:
4d:42:7c:2b:ac:14:26:d0:1a:bd:4d:b4:db:34:eb:f2:f2:70:
47:43:84:ef:aa:e4:1c:5d:16:75:86:ba:10:e6:7c:3d:92:32:
1a:2e:2e:9e:aa:8b:ea:47:16:57:d3:b2:65:ec:67:9b:44:95:
e0:f6:0a:88:d0:be:20:c0:56:5a:64:20:0f:68:d9:9d:d4:a8:
8a:24:c6:4c:1a:2c:e5:e8:c1:f5:d7:60:3e:e1:77:3b:a0:10:
0b:3e:f7:f4:16:4e:44:5d:d3:e6:86:fa:4e:39:b2:d0:d3:6b:
c3:79:64:9a:33:7f:01:62:85:7f:6e:3b:0e:f9:2d:35:33:2b:
21:c4:dd:ba:2a:d9:1c:eb:d4:58:14:2d:48:79:9a:f8:8d:62:
2d:f4:b3:83:f0:03:b3:04:15:78:91:5c:92:5d:b2:c2:77:b4:
ec:55:d7:03:e0:25:80:7e:ef:08:c5:8a:e7:f2:0a:6b:62:0d:
70:aa:5f:cb:27:ec:9f:c3:91:a5:ad:e0:30:61:1e:52:d7:01:
24:51:da:84:04:5e:71:c7:43:9e:10:81:9b:a2:a3:25:89:bc:
c6:5a:c8:54
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzI3tf47auvBsQHMSGaJIBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Zjg4YjVjNmU1MTE2ZTUwY2YyYjViZGY0M2U4NzIwZjFk
OGM2MGYwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JkMzhlNmU2NDVmNDgxMDQ4OWVmMmY4Mzk1YWRhM2M4ZTYyZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIGp67YNpWqu1DykRT5jxuSs8LzB
hPlDrQ44/1GjVp3upycvz9pmWZwD/lItWh2U0BkpHa4OnXQVAB18dbWorCaTfX7c
8XX1+4L9cVAfl3YmYIsIbDnlcFyy4Cep46eHc3z9gMBj2LYQGC3GIEL79WEokPgj
KgPAn+9Xo2fpHXpqbyUex5Zh3gBSnmTxEMDy8R6InZtqiQI2bVZRU+SclUPANnPH
g/HqokslT7IlPNPVINNI0GrrhMw/jthcx4z6Xjt+xtFe9NBWDZ6R/eNOHRdZs/cl
z4gBgt69doxJuqqEwY/2r/ljBbSkYrUcovq1jg5UmMDY20J7JEu1wlwgLQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFIe9OObmRfSBBInvL4OVraPI5i7ZMB8GA1UdIwQY
MBaAFMT4i1xuURblDPK1vfQ+hyDx2MYPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjct
MDczNjM5OTM4NDM3LzEvaDcwNDV1WkY5SUVFaWU4dmc1V3RvOGptTHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjctMDczNjM5OTM4NDM3
LzEveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQET40QAwQE
URmAAwQEW44wAwQCuXZkAwQBwyJWAwQE2auwMA0EAgACMAcDBQAqAgTYMA0GCSqG
SIb3DQEBCwUAA4IBAQArbF1LYJRCCmFS1i1A9XnNUBrNX4D7mQxCuQpmZSjh1nJs
PK9NQnwrrBQm0Bq9TbTbNOvy8nBHQ4TvquQcXRZ1hroQ5nw9kjIaLi6eqovqRxZX
07Jl7GebRJXg9gqI0L4gwFZaZCAPaNmd1KiKJMZMGizl6MH112A+4Xc7oBALPvf0
Fk5EXdPmhvpOObLQ02vDeWSaM38BYoV/bjsO+S01MyshxN26Ktkc69RYFC1IeZr4
jWIt9LOD8AOzBBV4kVySXbLCd7TsVdcD4CWAfu8IxYrn8gprYg1wql/LJ+yfw5Gl
reAwYR5S1wEkUdqEBF5xx0OeEIGboqMlibzGWshU
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:36:34 2025 by rpki-client