Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/AQo3HGGegXx9rzKENlgoA0QZ6kQ.roa
File: AQo3HGGegXx9rzKENlgoA0QZ6kQ.roa (raw, json)
Hash identifier: Q50dcpos37rXaCs666Bl+GbdjRJqT06Kj41Ik+B+3dY=
Subject key identifier: 01:0A:37:1C:61:9E:81:7C:7D:AF:32:84:36:58:28:03:44:19:EA:44
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 018B65F10525FB562D1053AF8BD4C6D0FC0D
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/AQo3HGGegXx9rzKENlgoA0QZ6kQ.roa
Signing time: Wed 25 Oct 2023 08:26:16 +0000
ROA not before: Wed 25 Oct 2023 08:26:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35575
IP address blocks: 185.190.44.0/24 maxlen: 24
185.190.46.0/24 maxlen: 24
185.190.45.0/24 maxlen: 24
185.190.47.0/24 maxlen: 24
193.238.68.0/22 maxlen: 22
195.66.31.0/24 maxlen: 24
195.66.27.0/24 maxlen: 24
195.66.28.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:65:f1:05:25:fb:56:2d:10:53:af:8b:d4:c6:d0:fc:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Oct 25 08:26:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=010a371c619e817c7daf3284365828034419ea44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e5:e7:e8:67:eb:88:e9:97:99:bc:79:b6:80:
6a:ef:be:55:8f:1b:7b:df:60:d1:1d:37:df:f7:48:
9a:f2:c7:0f:76:7c:71:c8:bf:56:7b:95:1a:9e:9d:
3e:b4:ee:12:a0:ab:de:ec:02:33:77:e3:04:f5:af:
51:26:7b:9b:b7:3a:6b:d8:a9:38:53:dc:6b:c8:95:
3c:a8:d6:58:b2:3d:34:26:fc:0b:1f:0c:98:ae:26:
62:87:ed:7a:f4:0b:d2:c5:2f:45:1a:6f:7e:31:b3:
35:39:22:01:ee:58:74:04:97:e8:cd:76:7e:5e:e5:
6e:68:be:24:28:a9:01:c9:4f:a9:29:b4:3b:f8:09:
ed:45:95:d6:5f:5c:6b:2e:da:ff:1a:de:cf:8f:c1:
cb:c0:ec:c2:f5:86:34:7f:50:43:53:55:17:3c:d1:
b5:5d:54:7e:8f:29:2a:8f:01:5f:10:13:5c:f5:11:
45:8c:3b:80:15:0e:1d:d8:a8:16:d4:e6:2d:3a:bf:
17:2b:d2:c9:63:a1:67:02:32:a7:67:6a:68:5d:d4:
6c:82:ec:fc:81:39:25:62:8c:62:f7:b9:77:d9:29:
4e:94:93:52:e5:31:84:96:84:ea:b5:4f:d8:e7:59:
6a:3e:54:4b:30:6d:9e:f3:20:be:ae:6a:5c:a6:66:
6a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:0A:37:1C:61:9E:81:7C:7D:AF:32:84:36:58:28:03:44:19:EA:44
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/AQo3HGGegXx9rzKENlgoA0QZ6kQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.44.0/22
193.238.68.0/22
195.66.27.0-195.66.28.255
195.66.31.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:f3:70:ff:28:6c:3e:d3:e5:3a:3b:29:c2:d0:da:82:08:d5:
37:0b:db:d7:d4:d7:33:21:a9:b5:1a:a4:52:e1:4b:66:cf:d3:
7a:67:1c:35:d6:ec:af:84:8a:6a:db:c0:f4:fe:ec:f2:d1:c5:
dc:6d:0a:ca:cd:1b:01:c6:b6:1f:0a:78:e5:9a:9c:a4:ea:06:
c2:f2:69:fe:b7:64:d7:4e:ae:40:1a:a0:d8:1b:f4:1f:c8:02:
45:62:e4:6f:fd:4b:09:48:83:71:b2:15:e8:37:3b:23:0b:f0:
89:97:05:e5:d1:de:6c:12:f4:dd:2b:39:9c:81:a1:be:74:e8:
3e:f0:a8:13:92:68:01:51:c3:3d:73:17:aa:5d:2e:c3:07:e6:
46:c8:f7:9f:7e:1d:76:1c:20:ea:45:8f:63:df:34:ba:8e:9c:
f2:4f:4f:a5:15:09:ef:e4:da:5d:8c:94:95:c3:42:0c:dc:e5:
51:ff:0d:c5:83:d1:32:ea:3d:1c:ba:2a:ca:37:18:95:d8:cf:
63:35:61:b0:a7:76:9b:89:53:94:9c:b9:e2:29:64:79:a9:0b:
55:c4:2b:95:c6:4f:4a:27:bd:b1:4d:ae:6b:69:6d:51:0b:5e:
db:f3:b8:30:95:3b:dd:d8:d4:37:67:d3:2b:19:5c:2b:60:95:
04:6e:4b:80
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYtl8QUl+1YtEFOvi9TG0PwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjMxMDI1MDgyNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTBhMzcxYzYxOWU4MTdjN2RhZjMyODQzNjU4MjgwMzQ0MTllYTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOXn6GfriOmXmbx5toBq775Vjxt7
32DRHTff90ia8scPdnxxyL9We5Uanp0+tO4SoKve7AIzd+ME9a9RJnubtzpr2Kk4
U9xryJU8qNZYsj00JvwLHwyYriZih+169AvSxS9FGm9+MbM1OSIB7lh0BJfozXZ+
XuVuaL4kKKkByU+pKbQ7+AntRZXWX1xrLtr/Gt7Pj8HLwOzC9YY0f1BDU1UXPNG1
XVR+jykqjwFfEBNc9RFFjDuAFQ4d2KgW1OYtOr8XK9LJY6FnAjKnZ2poXdRsguz8
gTklYoxi97l32SlOlJNS5TGEloTqtU/Y51lqPlRLMG2e8yC+rmpcpmZqeQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAEKNxxhnoF8fa8yhDZYKANEGepEMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvQVFvM0hHR2VnWHg5cnpLRU5sZ29BMFFaNmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCub4sAwQC
we5EMAwDBADDQhsDBADDQhwDBADDQh8wDQYJKoZIhvcNAQELBQADggEBAJ7zcP8o
bD7T5To7KcLQ2oII1TcL29fU1zMhqbUapFLhS2bP03pnHDXW7K+EimrbwPT+7PLR
xdxtCsrNGwHGth8KeOWanKTqBsLyaf63ZNdOrkAaoNgb9B/IAkVi5G/9SwlIg3Gy
Feg3OyML8ImXBeXR3mwS9N0rOZyBob506D7wqBOSaAFRwz1zF6pdLsMH5kbI959+
HXYcIOpFj2PfNLqOnPJPT6UVCe/k2l2MlJXDQgzc5VH/DcWD0TLqPRy6Kso3GJXY
z2M1YbCndpuJU5ScueIpZHmpC1XEK5XGT0onvbFNrmtpbVELXtvzuDCVO93Y1Ddn
0ysZXCtglQRuS4A=
-----END CERTIFICATE-----
Generated at Wed Apr 23 01:54:19 2025 by rpki-client