Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/f3bJIm7yun9v4R_oL6S6E1FLTKQ.roa
File: f3bJIm7yun9v4R_oL6S6E1FLTKQ.roa (raw, json)
Hash identifier: Vp73GKeTLHjhu3maLylziNo8pc2ZKz1eYc63eQKNeDs=
Subject key identifier: 7F:76:C9:22:6E:F2:BA:7F:6F:E1:1F:E8:2F:A4:BA:13:51:4B:4C:A4
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018AFBA0DE056854AFBE65AFD760105BD76A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/f3bJIm7yun9v4R_oL6S6E1FLTKQ.roa
Signing time: Wed 04 Oct 2023 16:58:58 +0000
ROA not before: Wed 04 Oct 2023 16:58:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 185.255.99.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
194.56.152.0/23 maxlen: 24
185.243.140.0/22 maxlen: 24
94.231.198.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
195.149.127.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
91.242.70.0/23 maxlen: 24
45.149.160.0/22 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
185.15.136.0/23 maxlen: 24
80.94.81.0/24 maxlen: 24
80.94.80.0/24 maxlen: 24
80.94.80.0/23 maxlen: 23
45.67.117.0/24 maxlen: 24
45.15.64.0/24 maxlen: 24
45.15.64.0/22 maxlen: 22
45.15.66.0/24 maxlen: 24
45.15.67.0/24 maxlen: 24
45.15.65.0/24 maxlen: 24
194.180.238.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
89.32.126.0/24 maxlen: 24
92.118.108.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fb:a0:de:05:68:54:af:be:65:af:d7:60:10:5b:d7:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 4 16:58:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7f76c9226ef2ba7f6fe11fe82fa4ba13514b4ca4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:63:cc:77:ee:0a:c7:89:47:60:f8:a1:70:f3:
12:43:77:c5:a5:9c:93:18:1d:14:5d:ba:0d:7f:53:
b2:52:bf:67:47:9e:74:06:60:a6:72:e4:ff:8b:22:
22:62:e8:d1:de:42:28:21:dd:71:f3:50:4a:f8:74:
40:fd:62:ca:45:cb:16:53:a0:0f:f3:81:dd:51:19:
72:be:81:af:3b:d5:a6:23:22:a7:38:2e:2c:3e:b3:
25:eb:2a:ab:58:98:c2:74:0a:88:4b:38:8a:66:b7:
76:a2:54:b0:c2:d9:ec:b4:68:0d:2f:bc:8b:76:71:
1b:0e:89:20:ea:05:5e:d4:ab:31:04:1a:4c:b6:4d:
84:20:30:f0:14:ef:52:39:d7:67:34:87:1f:e1:5c:
0c:9a:90:69:b0:a9:23:55:f8:a9:46:80:ee:83:5e:
c1:e1:72:dd:7b:cd:9c:3f:d3:ee:e7:57:7d:91:65:
f0:2f:d0:8e:5c:6e:b4:a8:8b:24:cf:85:d7:f0:a1:
0c:7c:2f:31:e0:ee:49:63:61:6c:1d:89:62:d7:b2:
04:16:65:12:07:01:10:9a:68:eb:ea:1c:54:ab:57:
b9:73:bf:b2:48:24:ba:c3:b6:39:6f:72:42:09:8a:
6b:29:db:76:28:05:2f:35:be:b7:f3:e6:21:f0:de:
9c:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:76:C9:22:6E:F2:BA:7F:6F:E1:1F:E8:2F:A4:BA:13:51:4B:4C:A4
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/f3bJIm7yun9v4R_oL6S6E1FLTKQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.64.0/22
45.67.117.0/24
45.149.160.0/22
80.94.80.0/23
89.32.126.0/24
89.39.242.0/24
89.40.161.0/24
91.242.70.0-91.242.73.255
91.242.75.0/24
91.242.103.0/24
92.118.108.0/24
94.231.198.0/24
176.126.223.0/24
185.15.136.0/23
185.40.105.0/24
185.173.247.0/24
185.212.11.0/24
185.243.140.0/22
185.255.99.0/24
193.46.211.0/24
194.56.152.0/23
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
195.138.103.0-195.138.106.255
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:f9:6d:a1:0d:bf:ee:3c:01:bb:7d:06:79:2c:e2:ce:12:d0:
5c:44:96:37:40:56:34:0e:b5:77:9b:e6:43:ca:b8:95:72:a6:
fa:9c:94:06:cc:80:f8:df:34:e0:6c:76:c4:71:c7:71:46:d9:
43:3a:18:e4:ca:32:53:19:e3:37:05:a9:30:5e:9f:af:fc:0e:
a1:d1:cf:e2:b7:c4:4a:82:16:1c:fd:42:9c:52:4a:b7:3f:a6:
3b:09:c6:ac:01:52:bf:41:5c:73:c0:31:5a:da:2a:ff:e8:9a:
5f:d3:ba:55:96:a2:d4:05:a1:e6:70:aa:d0:4a:b3:a4:98:95:
0f:2a:08:cc:98:7e:7a:78:67:fd:02:85:87:44:8c:49:6c:83:
bb:75:6c:dc:c4:e7:7d:18:d1:3d:af:a1:e5:a5:a5:93:ba:10:
62:1c:50:c5:a2:a3:09:04:e4:e3:be:34:04:6f:97:c1:5c:8e:
83:bd:22:ae:af:d4:c8:88:35:62:ed:16:6a:f0:b0:cd:02:f5:
0e:71:0f:5e:59:52:77:fd:57:4d:39:39:78:f9:d5:fc:f0:03:
40:5c:19:b0:f2:5a:62:23:d0:bf:28:6b:8f:44:8f:b1:a2:4a:
1f:cc:86:1a:0c:a0:99:f8:4d:45:75:8b:bd:d6:e4:08:95:e1:
d2:44:ce:6b
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYr7oN4FaFSvvmWv12AQW9dqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMDA0MTY1ODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc2YzkyMjZlZjJiYTdmNmZlMTFmZTgyZmE0YmExMzUxNGI0Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWPMd+4Kx4lHYPihcPMSQ3fFpZyT
GB0UXboNf1OyUr9nR550BmCmcuT/iyIiYujR3kIoId1x81BK+HRA/WLKRcsWU6AP
84HdURlyvoGvO9WmIyKnOC4sPrMl6yqrWJjCdAqISziKZrd2olSwwtnstGgNL7yL
dnEbDokg6gVe1KsxBBpMtk2EIDDwFO9SOddnNIcf4VwMmpBpsKkjVfipRoDug17B
4XLde82cP9Pu51d9kWXwL9COXG60qIskz4XX8KEMfC8x4O5JY2FsHYli17IEFmUS
BwEQmmjr6hxUq1e5c7+ySCS6w7Y5b3JCCYprKdt2KAUvNb638+Yh8N6cpwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFH92ySJu8rp/b+Ef6C+kuhNRS0ykMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvZjNiSkltN3l1bjl2NFJfb0w2UzZFMUZMVEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBswQCAAEwgawDBAIt
D0ADBAAtQ3UDBAItlaADBAFQXlADBABZIH4DBABZJ/IDBABZKKEwDAMEAVvyRgME
AVvySAMEAFvySwMEAFvyZwMEAFx2bAMEAF7nxgMEALB+3wMEAbkPiAMEALkoaQME
ALmt9wMEALnUCwMEArnzjAMEALn/YwMEAMEu0wMEAcI4mAMEAMK07gMEAMLVCgME
AcLyHDAMAwQAw4pnAwQAw4pqAwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IBAQBN+W2h
Db/uPAG7fQZ5LOLOEtBcRJY3QFY0DrV3m+ZDyriVcqb6nJQGzID43zTgbHbEccdx
RtlDOhjkyjJTGeM3BakwXp+v/A6h0c/it8RKghYc/UKcUkq3P6Y7CcasAVK/QVxz
wDFa2ir/6Jpf07pVlqLUBaHmcKrQSrOkmJUPKgjMmH56eGf9AoWHRIxJbIO7dWzc
xOd9GNE9r6HlpaWTuhBiHFDFoqMJBOTjvjQEb5fBXI6DvSKur9TIiDVi7RZq8LDN
AvUOcQ9eWVJ3/VdNOTl4+dX88ANAXBmw8lpiI9C/KGuPRI+xokofzIYaDKCZ+E1F
dYu91uQIleHSRM5r
-----END CERTIFICATE-----
Generated at Sat Jun 7 21:14:19 2025 by rpki-client