Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/PaR4bNi-kKDVdA_BP-CBAucPrkw.roa
File: PaR4bNi-kKDVdA_BP-CBAucPrkw.roa (raw, json)
Hash identifier: N2KrEVjeXleINl0svZ5PpUB6ojNdhohVu0tA9ZotzeE=
Subject key identifier: 3D:A4:78:6C:D8:BE:90:A0:D5:74:0F:C1:3F:E0:81:02:E7:0F:AE:4C
Certificate issuer: /CN=10771dd7dea22e35fdaf19b51b839f43721270ba
Certificate serial: 01835A27142089DCDE8D1C63221308BBC2AA
Authority key identifier: 10:77:1D:D7:DE:A2:2E:35:FD:AF:19:B5:1B:83:9F:43:72:12:70:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EHcd196iLjX9rxm1G4OfQ3IScLo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/PaR4bNi-kKDVdA_BP-CBAucPrkw.roa
Signing time: Tue 20 Sep 2022 09:07:33 +0000
ROA not before: Tue 20 Sep 2022 09:07:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15656
IP address blocks: 212.146.129.0/24 maxlen: 24
212.146.132.0/24 maxlen: 24
212.146.128.0/24 maxlen: 24
212.146.131.0/24 maxlen: 24
212.146.130.0/24 maxlen: 24
212.146.135.0/24 maxlen: 24
45.134.192.0/22 maxlen: 24
212.146.134.0/24 maxlen: 24
212.146.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:5a:27:14:20:89:dc:de:8d:1c:63:22:13:08:bb:c2:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=10771dd7dea22e35fdaf19b51b839f43721270ba
Validity
Not Before: Sep 20 09:07:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3da4786cd8be90a0d5740fc13fe08102e70fae4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:3f:a3:9c:fe:34:db:d7:62:f2:73:a6:47:a5:
48:ad:b6:3b:c1:fd:bc:07:d8:f7:90:34:25:a8:d6:
34:b7:69:ae:75:dd:f6:df:94:e9:00:67:b7:7e:09:
4e:94:53:d7:ee:e1:af:ac:d8:a0:28:ce:03:24:95:
c9:6c:f4:0b:8f:81:fb:b9:b2:91:a5:d6:0a:a5:53:
0b:a9:e9:ee:38:3e:1c:fb:c2:94:18:ad:c4:08:d3:
9b:c2:2f:da:9e:e3:85:44:3f:93:11:1c:97:fc:75:
48:fe:a0:ad:a9:e9:9d:42:0d:c0:f1:c4:60:04:3b:
d8:51:3b:4d:66:6a:62:66:07:e6:cd:b8:28:f5:69:
cf:77:6e:95:75:71:d3:e3:65:6a:7b:7c:c1:62:11:
31:f1:78:fc:e3:5f:60:40:eb:d2:96:02:99:a1:9b:
eb:a4:fb:e5:41:41:a8:58:e8:6c:e0:8b:13:83:7f:
e3:2c:35:d3:d4:be:b9:68:2c:e5:33:16:bd:31:95:
bf:45:29:82:42:01:9d:dc:46:fc:df:1e:59:1f:15:
98:d1:7e:b9:0a:a5:45:41:0a:73:b7:5f:48:e5:3c:
3b:4c:af:6f:fb:0e:55:c8:29:c4:e9:87:6c:a7:71:
2c:d2:72:ab:67:1e:30:cb:4c:fa:d7:3b:e8:b5:59:
43:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:A4:78:6C:D8:BE:90:A0:D5:74:0F:C1:3F:E0:81:02:E7:0F:AE:4C
X509v3 Authority Key Identifier:
keyid:10:77:1D:D7:DE:A2:2E:35:FD:AF:19:B5:1B:83:9F:43:72:12:70:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHcd196iLjX9rxm1G4OfQ3IScLo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/PaR4bNi-kKDVdA_BP-CBAucPrkw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/EHcd196iLjX9rxm1G4OfQ3IScLo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.192.0/22
212.146.128.0/21
Signature Algorithm: sha256WithRSAEncryption
b4:14:9b:a3:69:8e:e3:a7:23:66:f5:8f:5b:7c:b8:9c:35:77:
48:30:30:e6:dc:dd:88:7c:a3:9a:d8:7c:9e:de:3b:fe:c6:97:
89:dc:0f:c3:e7:e8:89:d1:6c:e8:1f:c6:db:7c:8f:91:df:f0:
15:30:d1:35:a8:82:60:75:5d:18:b2:b9:13:91:82:e4:e4:45:
a1:bd:0a:23:19:27:22:47:f6:e3:e1:d0:5a:f7:ba:12:04:5b:
b5:cc:26:bd:3b:0c:17:8d:99:de:18:5d:8f:b6:94:bd:af:dd:
de:69:f4:05:60:01:a6:01:bc:58:f1:fa:ac:be:ce:d3:1c:2f:
8d:35:3e:07:d5:46:63:be:d1:e4:a9:48:8a:a3:69:85:67:e1:
a2:5f:d2:a8:93:e8:03:6e:d0:86:ea:a5:9b:b6:87:3a:ee:cb:
78:33:dc:0c:51:87:d5:0f:ac:c5:cc:ac:a8:ac:bf:9d:de:e2:
2b:d3:9c:77:b8:7a:b6:c6:98:3a:ca:d9:01:d2:c3:df:9e:31:
d3:8f:0f:b7:1d:31:f6:7d:56:80:c3:61:4a:54:00:41:90:a1:
d7:f8:86:e1:d3:cb:6d:e8:6d:fd:d1:cf:ab:ca:5f:18:fe:98:
3e:cc:9f:9a:7d:6a:d0:92:0e:71:b6:ed:9b:60:e7:25:18:a4:
70:77:fc:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYNaJxQgidzejRxjIhMIu8KqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzcxZGQ3ZGVhMjJlMzVmZGFmMTliNTFiODM5ZjQzNzIx
MjcwYmEwHhcNMjIwOTIwMDkwNzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGE0Nzg2Y2Q4YmU5MGEwZDU3NDBmYzEzZmUwODEwMmU3MGZhZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkz+jnP4029di8nOmR6VIrbY7wf28
B9j3kDQlqNY0t2mudd3235TpAGe3fglOlFPX7uGvrNigKM4DJJXJbPQLj4H7ubKR
pdYKpVMLqenuOD4c+8KUGK3ECNObwi/anuOFRD+TERyX/HVI/qCtqemdQg3A8cRg
BDvYUTtNZmpiZgfmzbgo9WnPd26VdXHT42Vqe3zBYhEx8Xj8419gQOvSlgKZoZvr
pPvlQUGoWOhs4IsTg3/jLDXT1L65aCzlMxa9MZW/RSmCQgGd3Eb83x5ZHxWY0X65
CqVFQQpzt19I5Tw7TK9v+w5VyCnE6Ydsp3Es0nKrZx4wy0z61zvotVlDQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD2keGzYvpCg1XQPwT/ggQLnD65MMB8GA1UdIwQY
MBaAFBB3Hdfeoi41/a8ZtRuDn0NyEnC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhjZDE5NmlMalg5cnhtMUc0T2ZRM0lTY0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy83NTE0OGEtZTQwZS00MDlmLThhMGIt
ZGE4NTFhNzE1ZmE0LzEvUGFSNGJOaS1rS0RWZEFfQlAtQ0JBdWNQcmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy83NTE0OGEtZTQwZS00MDlmLThhMGItZGE4NTFhNzE1ZmE0
LzEvRUhjZDE5NmlMalg5cnhtMUc0T2ZRM0lTY0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYbAAwQD
1JKAMA0GCSqGSIb3DQEBCwUAA4IBAQC0FJujaY7jpyNm9Y9bfLicNXdIMDDm3N2I
fKOa2Hye3jv+xpeJ3A/D5+iJ0WzoH8bbfI+R3/AVMNE1qIJgdV0YsrkTkYLk5EWh
vQojGSciR/bj4dBa97oSBFu1zCa9OwwXjZneGF2PtpS9r93eafQFYAGmAbxY8fqs
vs7THC+NNT4H1UZjvtHkqUiKo2mFZ+GiX9Kok+gDbtCG6qWbtoc67st4M9wMUYfV
D6zFzKyorL+d3uIr05x3uHq2xpg6ytkB0sPfnjHTjw+3HTH2fVaAw2FKVABBkKHX
+Ibh08tt6G390c+ryl8Y/pg+zJ+afWrQkg5xtu2bYOclGKRwd/z1
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:31 2025 by rpki-client