Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BEh-9mH2wWH-ZPfH-2nBap43zeU.roa
File: BEh-9mH2wWH-ZPfH-2nBap43zeU.roa (raw, json)
Hash identifier: iwRb1zhSqBHybGSMMS2832g7cktqvQaoe+DnpM1oaYQ=
Subject key identifier: 04:48:7E:F6:61:F6:C1:61:FE:64:F7:C7:FB:69:C1:6A:9E:37:CD:E5
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 01942747D0038D23F70F117A456BE9C29C8F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BEh-9mH2wWH-ZPfH-2nBap43zeU.roa
Signing time: Thu 02 Jan 2025 13:50:05 +0000
ROA not before: Thu 02 Jan 2025 13:50:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35913
IP address blocks: 45.154.196.0/22 maxlen: 24
77.83.241.0/24 maxlen: 24
77.83.243.0/24 maxlen: 24
85.202.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:d0:03:8d:23:f7:0f:11:7a:45:6b:e9:c2:9c:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Jan 2 13:50:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04487ef661f6c161fe64f7c7fb69c16a9e37cde5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:f7:20:0d:7d:a7:dc:c6:39:7e:55:af:1e:d3:
da:fd:ca:ab:7a:e6:16:8e:1b:7d:0f:2f:10:0f:fb:
5a:e1:b1:5f:33:c5:d2:3b:3a:66:e1:b3:d1:a6:4c:
49:90:5c:67:7d:c1:42:12:8e:4c:2d:a5:b0:6a:42:
4f:37:d6:2a:a3:78:b2:06:41:7b:25:f6:a3:66:66:
1c:e9:98:19:14:22:81:ee:ae:38:7e:87:c5:61:9c:
bc:3b:18:b5:fb:dc:55:06:57:9d:97:fd:9c:05:29:
5b:c2:1f:1d:65:10:55:1a:1e:8a:2f:e8:e5:2b:7c:
c4:d6:a6:7d:40:42:a0:35:ff:af:88:cd:26:16:dd:
d2:cd:eb:00:19:4e:59:0f:0b:f4:b6:39:e9:cb:f0:
4c:44:56:63:1f:19:bd:e1:92:6c:f1:ba:8b:36:df:
a9:47:b7:8d:bf:6d:be:66:47:40:b0:2b:3f:e5:39:
9b:a7:f7:b8:f7:df:96:b5:01:e9:b4:42:5f:d7:fa:
71:a4:dc:a1:f6:c9:18:bc:1d:37:6f:de:4c:44:36:
df:4a:7c:d0:90:08:25:15:f7:82:b5:9c:88:2a:14:
79:60:da:b1:7f:d6:48:bf:c7:02:63:a7:89:ba:da:
0f:c8:65:bf:42:6f:d8:14:2f:6d:1c:ba:5b:10:02:
04:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:48:7E:F6:61:F6:C1:61:FE:64:F7:C7:FB:69:C1:6A:9E:37:CD:E5
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BEh-9mH2wWH-ZPfH-2nBap43zeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.154.196.0/22
77.83.241.0/24
77.83.243.0/24
85.202.162.0/24
Signature Algorithm: sha256WithRSAEncryption
b6:54:cf:9d:63:bc:e3:65:55:a8:c6:bc:05:7e:7d:8a:4f:ac:
e8:83:7c:c7:ec:cf:6b:75:e2:1c:ec:5b:4b:f1:d5:38:ee:58:
a7:b0:d6:ef:65:e8:0a:f8:ba:05:b3:22:f9:c5:0e:e8:ea:8e:
55:4a:d8:0d:09:f0:c1:1b:40:3e:90:0e:e8:be:04:af:38:b5:
d8:5e:16:be:bc:8f:10:59:51:f2:f0:63:0f:c5:72:5a:92:36:
6f:6a:c4:a2:60:7c:96:e4:d6:54:15:ae:7e:22:ae:38:d3:45:
e9:f6:ac:b0:4b:68:43:63:5c:9c:2b:46:e1:d2:f5:19:2f:9b:
0d:aa:7c:26:d2:18:a8:e4:db:28:68:3c:cb:2d:8e:9c:b1:d1:
6a:58:06:0e:28:1f:35:6e:e8:41:ed:35:9e:22:39:cb:a9:dc:
c9:12:cf:97:cc:67:6a:51:33:eb:0a:bd:2d:ad:f5:1c:35:48:
4e:97:fc:dd:2b:17:46:9f:bd:42:a3:2c:ee:40:21:bf:ff:59:
16:40:5f:09:43:67:f3:10:dc:f2:dd:e8:19:6c:fe:e8:65:95:
01:8c:65:71:6c:43:08:be:a9:63:ce:8b:96:7b:b8:d6:7f:76:
cd:3b:f6:10:09:00:75:71:d3:a6:85:a2:be:b2:1a:e4:35:75:
e8:e8:ed:35
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQnR9ADjSP3DxF6RWvpwpyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQ4N2VmNjYxZjZjMTYxZmU2NGY3YzdmYjY5YzE2YTllMzdjZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvcgDX2n3MY5flWvHtPa/cqreuYW
jht9Dy8QD/ta4bFfM8XSOzpm4bPRpkxJkFxnfcFCEo5MLaWwakJPN9Yqo3iyBkF7
JfajZmYc6ZgZFCKB7q44fofFYZy8Oxi1+9xVBledl/2cBSlbwh8dZRBVGh6KL+jl
K3zE1qZ9QEKgNf+viM0mFt3SzesAGU5ZDwv0tjnpy/BMRFZjHxm94ZJs8bqLNt+p
R7eNv22+ZkdAsCs/5Tmbp/e499+WtQHptEJf1/pxpNyh9skYvB03b95MRDbfSnzQ
kAglFfeCtZyIKhR5YNqxf9ZIv8cCY6eJutoPyGW/Qm/YFC9tHLpbEAIEiwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFARIfvZh9sFh/mT3x/tpwWqeN83lMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQkVoLTltSDJ3V0gtWlBmSC0ybkJhcDQzemVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLZrEAwQA
TVPxAwQATVPzAwQAVcqiMA0GCSqGSIb3DQEBCwUAA4IBAQC2VM+dY7zjZVWoxrwF
fn2KT6zog3zH7M9rdeIc7FtL8dU47linsNbvZegK+LoFsyL5xQ7o6o5VStgNCfDB
G0A+kA7ovgSvOLXYXha+vI8QWVHy8GMPxXJakjZvasSiYHyW5NZUFa5+Iq4400Xp
9qywS2hDY1ycK0bh0vUZL5sNqnwm0hio5NsoaDzLLY6csdFqWAYOKB81buhB7TWe
IjnLqdzJEs+XzGdqUTPrCr0trfUcNUhOl/zdKxdGn71CoyzuQCG//1kWQF8JQ2fz
ENzy3egZbP7oZZUBjGVxbEMIvqljzouWe7jWf3bNO/YQCQB1cdOmhaK+shrkNXXo
6O01
-----END CERTIFICATE-----
Generated at Sat Apr 12 21:19:11 2025 by rpki-client