Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/RBD3jsn9I98UUTgkjqxS1NXuBZo.roa
File: RBD3jsn9I98UUTgkjqxS1NXuBZo.roa (raw, json)
Hash identifier: FmEfEXEO9/34iaUvQCdTzbyom3ZG9wQcLbWcPjAbrgk=
Subject key identifier: 44:10:F7:8E:C9:FD:23:DF:14:51:38:24:8E:AC:52:D4:D5:EE:05:9A
Certificate issuer: /CN=e8f239a70043734172d26378bf2106ae72552187
Certificate serial: 019422FBF085DAE71F727CE42D52B0BEBEFB
Authority key identifier: E8:F2:39:A7:00:43:73:41:72:D2:63:78:BF:21:06:AE:72:55:21:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/RBD3jsn9I98UUTgkjqxS1NXuBZo.roa
Signing time: Wed 01 Jan 2025 17:48:43 +0000
ROA not before: Wed 01 Jan 2025 17:48:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31042
IP address blocks: 37.0.64.0/21 maxlen: 24
79.140.144.0/20 maxlen: 24
89.207.192.0/21 maxlen: 24
185.12.40.0/22 maxlen: 24
185.80.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:f0:85:da:e7:1f:72:7c:e4:2d:52:b0:be:be:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8f239a70043734172d26378bf2106ae72552187
Validity
Not Before: Jan 1 17:48:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4410f78ec9fd23df145138248eac52d4d5ee059a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:30:97:5c:dd:d8:bd:3e:e7:3e:ad:9c:d8:16:
4c:38:cc:29:72:06:16:b6:09:7b:03:e9:ac:7e:fa:
70:ba:b7:ea:ba:71:af:40:af:4c:71:05:74:78:cb:
b3:a2:46:40:7a:e0:1e:07:61:60:62:21:8f:41:21:
40:15:68:d6:7d:41:b5:e9:4e:b6:ec:e7:ae:fa:b3:
98:18:7f:af:98:88:49:48:1b:62:69:66:f6:e6:90:
53:09:91:6d:a5:2b:e1:30:e0:2b:0e:0e:2e:77:bd:
bc:a2:1b:a9:e7:f8:50:3b:a4:db:91:88:e6:5b:09:
bb:de:56:01:e3:56:47:ab:15:a0:bc:8d:50:06:95:
34:48:0e:6b:c1:9a:c6:65:59:2e:42:24:78:34:81:
85:af:46:15:a2:8e:30:9b:5a:b8:87:42:5c:cf:c7:
26:3d:32:55:01:3d:ef:13:52:29:0c:fb:c1:c7:48:
10:c6:64:cb:31:c4:06:6c:b7:81:ce:05:24:db:a2:
ad:00:b3:c8:5a:b0:2d:ba:70:5f:7b:b2:a2:27:39:
b4:7b:55:bb:6c:18:19:83:55:7c:68:3a:88:35:c4:
bd:57:18:77:32:1b:bd:1d:2c:13:9a:1b:e3:89:65:
03:13:c0:99:75:c5:59:81:e5:d1:34:af:78:32:d9:
12:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:10:F7:8E:C9:FD:23:DF:14:51:38:24:8E:AC:52:D4:D5:EE:05:9A
X509v3 Authority Key Identifier:
keyid:E8:F2:39:A7:00:43:73:41:72:D2:63:78:BF:21:06:AE:72:55:21:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/RBD3jsn9I98UUTgkjqxS1NXuBZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.0.64.0/21
79.140.144.0/20
89.207.192.0/21
185.12.40.0/22
185.80.96.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:00:78:61:23:68:df:fc:4f:0d:f9:f1:8c:88:e5:16:74:47:
7c:1f:63:8c:57:f7:db:08:4e:cd:fd:33:14:67:f0:58:a9:c8:
e1:c1:14:9f:35:7c:7a:c2:7d:17:8b:d2:7d:d7:66:74:b3:56:
6f:6d:ca:d8:0c:7b:17:2f:8d:4c:ac:2f:36:fe:3c:0a:03:8c:
26:8f:a0:b9:c5:79:79:33:37:d5:44:9a:1d:a3:94:47:2c:f5:
8e:b1:d1:c0:96:84:2d:0f:eb:ca:7b:03:b6:61:d3:f6:0a:2c:
2c:fa:62:0c:b5:6d:92:d0:c1:8d:c5:60:9c:17:bf:d7:f9:9e:
d0:2e:48:01:79:31:78:e2:24:de:b6:20:d3:7b:67:e3:5d:7a:
37:60:76:9e:3c:39:88:3c:b3:02:fb:cf:b4:26:cc:57:8d:85:
7c:fd:bb:84:bd:c3:8b:2b:a2:92:a6:40:77:ed:4f:08:33:ad:
85:08:32:10:d4:69:f8:46:27:0c:5f:e0:48:f6:26:ab:1a:74:
8d:6d:46:1c:40:ef:e4:d7:20:cd:20:cf:a9:c2:53:eb:ea:c6:
34:26:c5:37:40:fe:d3:81:4a:6f:b2:20:1c:9c:92:04:be:48:
4a:b7:1f:aa:e5:ff:be:54:1e:c9:ff:54:a7:a4:f4:94:78:1f:
13:bc:67:b9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQi+/CF2ucfcnzkLVKwvr77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZjIzOWE3MDA0MzczNDE3MmQyNjM3OGJmMjEwNmFlNzI1
NTIxODcwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDEwZjc4ZWM5ZmQyM2RmMTQ1MTM4MjQ4ZWFjNTJkNGQ1ZWUwNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zCXXN3YvT7nPq2c2BZMOMwpcgYW
tgl7A+msfvpwurfqunGvQK9McQV0eMuzokZAeuAeB2FgYiGPQSFAFWjWfUG16U62
7Oeu+rOYGH+vmIhJSBtiaWb25pBTCZFtpSvhMOArDg4ud728ohup5/hQO6TbkYjm
Wwm73lYB41ZHqxWgvI1QBpU0SA5rwZrGZVkuQiR4NIGFr0YVoo4wm1q4h0Jcz8cm
PTJVAT3vE1IpDPvBx0gQxmTLMcQGbLeBzgUk26KtALPIWrAtunBfe7KiJzm0e1W7
bBgZg1V8aDqINcS9Vxh3Mhu9HSwTmhvjiWUDE8CZdcVZgeXRNK94MtkS4QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEQQ947J/SPfFFE4JI6sUtTV7gWaMB8GA1UdIwQY
MBaAFOjyOacAQ3NBctJjeL8hBq5yVSGHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlBJNXB3QkRjMEZ5MG1ONHZ5RUdybkpWSVljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy80ZTkwMmEtMjk5Zi00ZGE3LTlhNmQt
NjY5YmQxMTNhMTc4LzEvUkJEM2pzbjlJOThVVVRna2pxeFMxTlh1QlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy80ZTkwMmEtMjk5Zi00ZGE3LTlhNmQtNjY5YmQxMTNhMTc4
LzEvNlBJNXB3QkRjMEZ5MG1ONHZ5RUdybkpWSVljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDJQBAAwQE
T4yQAwQDWc/AAwQCuQwoAwQCuVBgMA0GCSqGSIb3DQEBCwUAA4IBAQAuAHhhI2jf
/E8N+fGMiOUWdEd8H2OMV/fbCE7N/TMUZ/BYqcjhwRSfNXx6wn0Xi9J912Z0s1Zv
bcrYDHsXL41MrC82/jwKA4wmj6C5xXl5MzfVRJodo5RHLPWOsdHAloQtD+vKewO2
YdP2Ciws+mIMtW2S0MGNxWCcF7/X+Z7QLkgBeTF44iTetiDTe2fjXXo3YHaePDmI
PLMC+8+0JsxXjYV8/buEvcOLK6KSpkB37U8IM62FCDIQ1Gn4RicMX+BI9iarGnSN
bUYcQO/k1yDNIM+pwlPr6sY0JsU3QP7TgUpvsiAcnJIEvkhKtx+q5f++VB7J/1Sn
pPSUeB8TvGe5
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:52:31 2025 by rpki-client