Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/kHCBIyENfLIa2CjLEk4vOYdwt4g.roa
File: kHCBIyENfLIa2CjLEk4vOYdwt4g.roa (raw, json)
Hash identifier: 2o0fALKpvhCnt0YfsgDWwdq4ktwb0VB91e+o9mWyqUU=
Subject key identifier: 90:70:81:23:21:0D:7C:B2:1A:D8:28:CB:12:4E:2F:39:87:70:B7:88
Certificate issuer: /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial: 01830D5C963F5089F418F3069DA78C89519A
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/kHCBIyENfLIa2CjLEk4vOYdwt4g.roa
Signing time: Mon 05 Sep 2022 11:15:15 +0000
ROA not before: Mon 05 Sep 2022 11:15:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 52023
IP address blocks: 91.212.148.0/24 maxlen: 24
37.143.165.0/24 maxlen: 24
37.143.166.0/24 maxlen: 24
37.143.162.0/24 maxlen: 24
37.143.164.0/24 maxlen: 24
37.143.163.0/24 maxlen: 24
37.143.167.0/24 maxlen: 24
37.143.170.0/24 maxlen: 24
2a03:8f84::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:0d:5c:96:3f:50:89:f4:18:f3:06:9d:a7:8c:89:51:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
Validity
Not Before: Sep 5 11:15:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=90708123210d7cb21ad828cb124e2f398770b788
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:a4:fe:64:cb:3a:c8:30:b9:14:d3:e5:24:d4:
0f:3f:f9:05:f0:0c:41:8f:91:e6:e9:6a:2d:b4:b1:
85:ff:fc:3b:15:c0:f1:b0:87:7c:5c:76:d9:83:c2:
1f:bb:9f:7c:aa:08:9e:e6:7d:6e:dd:f9:ac:7c:ca:
36:e4:c6:14:c6:58:98:c2:89:df:2e:aa:55:af:ab:
50:52:88:6b:2c:9b:13:e8:25:ae:4e:76:cd:7a:4b:
3d:73:60:53:45:95:87:26:3f:03:24:dd:67:35:fb:
b6:7d:b5:85:9c:39:b9:c7:4f:b5:d2:e7:f8:f0:3b:
4d:bc:1b:c8:32:c3:e9:4f:72:4e:01:95:67:7e:10:
a7:79:db:20:d5:74:95:a4:76:08:ee:08:bb:d0:83:
15:d3:90:9b:de:1a:27:74:0e:2a:33:82:a8:1a:57:
d0:aa:3e:c8:29:0a:d9:c1:90:37:91:38:2c:e9:7d:
70:b1:bc:dc:d6:58:0d:96:34:48:d4:61:d4:1b:7f:
19:0a:da:06:4c:6b:13:b9:90:51:46:f2:dc:bb:5f:
5d:07:31:b2:55:9a:3f:f6:46:52:bd:f1:1a:d0:45:
82:d0:74:96:eb:0d:d0:4b:bd:99:f4:0a:3b:7d:ca:
48:5d:83:3a:75:59:6d:82:1f:26:66:c8:3d:e3:ca:
c9:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:70:81:23:21:0D:7C:B2:1A:D8:28:CB:12:4E:2F:39:87:70:B7:88
X509v3 Authority Key Identifier:
keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/kHCBIyENfLIa2CjLEk4vOYdwt4g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.162.0-37.143.167.255
37.143.170.0/24
91.212.148.0/24
IPv6:
2a03:8f84::/32
Signature Algorithm: sha256WithRSAEncryption
70:41:dc:e1:a6:ba:e9:5e:f5:d1:c8:0f:28:60:76:05:fa:b6:
3b:e5:98:ad:35:87:e0:1f:31:fd:8d:d6:ed:77:bc:33:23:ec:
06:37:bc:42:77:5f:c9:a8:a6:7a:9f:ec:40:d9:18:21:0c:c1:
55:63:bd:6f:47:28:bb:78:20:fc:d3:b5:5b:00:1e:3d:c1:00:
29:4b:1b:ca:66:db:d6:1d:03:ff:29:21:d3:ab:0a:26:ad:7a:
a0:e9:54:64:30:53:03:1c:ca:43:a3:9f:a5:12:61:f0:ff:79:
3d:78:61:c1:66:79:24:de:f2:71:81:0c:01:ac:c1:dd:4f:91:
26:36:ac:f5:ef:31:66:dc:bd:0f:9e:9a:87:67:e8:fb:55:c7:
e2:85:6d:ab:8b:f6:63:4f:7d:d5:4d:13:a1:3b:47:1f:76:b8:
ad:55:15:31:9c:69:f0:12:ca:6b:b2:ed:0f:a0:f6:c7:f1:51:
84:b0:c3:59:46:35:25:30:8f:32:dc:05:90:9a:15:fc:b5:f5:
40:12:88:7d:83:16:87:69:d9:27:a6:e0:9a:a7:9f:65:03:cf:
4a:b3:a7:b0:22:3a:1d:e1:53:45:dd:00:e0:45:9a:5a:da:f4:
fe:0a:c4:37:68:6a:70:c9:9e:27:8d:8f:97:0c:f8:77:3c:25:
b6:ec:83:2e
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYMNXJY/UIn0GPMGnaeMiVGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjIwOTA1MTExNTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDcwODEyMzIxMGQ3Y2IyMWFkODI4Y2IxMjRlMmYzOTg3NzBiNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKT+ZMs6yDC5FNPlJNQPP/kF8AxB
j5Hm6WottLGF//w7FcDxsId8XHbZg8Ifu598qgie5n1u3fmsfMo25MYUxliYwonf
LqpVr6tQUohrLJsT6CWuTnbNeks9c2BTRZWHJj8DJN1nNfu2fbWFnDm5x0+10uf4
8DtNvBvIMsPpT3JOAZVnfhCnedsg1XSVpHYI7gi70IMV05Cb3hondA4qM4KoGlfQ
qj7IKQrZwZA3kTgs6X1wsbzc1lgNljRI1GHUG38ZCtoGTGsTuZBRRvLcu19dBzGy
VZo/9kZSvfEa0EWC0HSW6w3QS72Z9Ao7fcpIXYM6dVltgh8mZsg948rJyQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFJBwgSMhDXyyGtgoyxJOLzmHcLeIMB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEva0hDQkl5RU5mTElhMkNqTEVrNHZPWWR3dDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAElj6ID
BAMlj6ADBAAlj6oDBABb1JQwDQQCAAIwBwMFACoDj4QwDQYJKoZIhvcNAQELBQAD
ggEBAHBB3OGmuule9dHIDyhgdgX6tjvlmK01h+AfMf2N1u13vDMj7AY3vEJ3X8mo
pnqf7EDZGCEMwVVjvW9HKLt4IPzTtVsAHj3BAClLG8pm29YdA/8pIdOrCiateqDp
VGQwUwMcykOjn6USYfD/eT14YcFmeSTe8nGBDAGswd1PkSY2rPXvMWbcvQ+emodn
6PtVx+KFbauL9mNPfdVNE6E7Rx92uK1VFTGcafASymuy7Q+g9sfxUYSww1lGNSUw
jzLcBZCaFfy19UASiH2DFodp2Sem4Jqnn2UDz0qzp7AiOh3hU0XdAOBFmlra9P4K
xDdoanDJnieNj5cM+Hc8Jbbsgy4=
-----END CERTIFICATE-----
Generated at Mon Apr 14 07:13:49 2025 by rpki-client