Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/w-FCqgP7yz0Je6Xc6AmXeNJuxmE.roa
File: w-FCqgP7yz0Je6Xc6AmXeNJuxmE.roa (raw, json)
Hash identifier: a4v8JlnBs4zTjooFaIsLvSOng1vyoz2H70me1StA2jA=
Subject key identifier: C3:E1:42:AA:03:FB:CB:3D:09:7B:A5:DC:E8:09:97:78:D2:6E:C6:61
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 018476A5BCEDD0C47053D6194A80A5F1A438
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/w-FCqgP7yz0Je6Xc6AmXeNJuxmE.roa
Signing time: Mon 14 Nov 2022 14:58:03 +0000
ROA not before: Mon 14 Nov 2022 14:58:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
185.24.140.0/22 maxlen: 22
88.213.224.0/19 maxlen: 19
37.97.69.0/24 maxlen: 24
37.97.70.0/24 maxlen: 24
217.181.128.0/17 maxlen: 17
37.97.80.0/23 maxlen: 23
178.255.160.0/21 maxlen: 21
185.6.92.0/22 maxlen: 22
37.97.96.0/20 maxlen: 20
195.135.0.0/17 maxlen: 17
195.135.0.0/18 maxlen: 18
217.74.96.0/20 maxlen: 20
185.65.248.0/22 maxlen: 22
157.143.128.0/17 maxlen: 17
81.93.0.0/19 maxlen: 19
217.181.250.0/23 maxlen: 23
109.235.232.0/21 maxlen: 21
109.235.232.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
185.32.208.0/22 maxlen: 22
80.251.96.0/20 maxlen: 20
178.157.16.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
178.157.32.0/20 maxlen: 20
65.39.64.0/19 maxlen: 19
185.8.252.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
2a0c:600::/29 maxlen: 29
2a02:c440::/29 maxlen: 29
2a02:6e8::/32 maxlen: 32
2a0b:e3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:76:a5:bc:ed:d0:c4:70:53:d6:19:4a:80:a5:f1:a4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Nov 14 14:58:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c3e142aa03fbcb3d097ba5dce8099778d26ec661
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:b7:73:77:8a:a7:77:7b:28:a9:89:a5:e8:12:
14:47:c7:98:bd:bb:87:df:9b:d4:6e:64:e1:42:23:
80:6c:91:c3:a7:1e:32:4e:bf:c0:a1:9a:f3:1e:ac:
2d:b6:a1:7e:82:a7:c7:f8:56:a3:f1:29:6d:8c:cc:
63:46:b8:75:9c:7e:32:ee:ee:bb:6e:a1:c0:c8:5e:
32:3c:9a:d1:11:b6:65:e4:bc:e2:21:6f:80:65:25:
df:d1:49:8f:9b:86:ed:7d:3f:76:dc:a4:0f:63:ed:
34:be:2f:e4:01:c3:4c:b1:56:48:94:41:eb:19:59:
5a:12:d9:bd:bb:83:c8:21:9f:36:fc:2a:4d:a1:80:
e8:10:8a:dd:69:a6:70:fb:76:c9:cd:64:99:4f:54:
c9:36:3d:90:b5:c2:9d:b9:7c:8f:eb:f3:56:1e:97:
c8:22:23:aa:76:03:08:07:bb:45:df:83:9c:74:b7:
e8:27:cd:88:fd:85:dd:07:4e:6c:6c:86:0b:be:fe:
fd:16:a3:18:7c:d4:07:57:d3:8a:e3:c9:46:69:a8:
12:ab:35:c1:d1:66:03:94:c3:e4:a2:41:e7:2b:82:
86:ce:23:17:b1:38:41:04:52:01:96:2c:4e:a7:f4:
01:7d:df:c7:bf:99:de:8e:a3:28:ce:5b:ec:87:f9:
f6:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:E1:42:AA:03:FB:CB:3D:09:7B:A5:DC:E8:09:97:78:D2:6E:C6:61
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/w-FCqgP7yz0Je6Xc6AmXeNJuxmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
109.235.232.0/21
157.143.128.0/17
178.157.16.0-178.157.47.255
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a0b:e3c0::/29
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
58:3c:ca:39:04:9d:69:8a:1a:d3:fa:72:96:a6:4b:db:84:ef:
1a:5e:d5:fd:91:17:e0:aa:07:9d:95:ad:82:01:93:36:c7:2f:
98:03:f4:43:c7:05:00:cb:a5:b2:88:ae:75:45:28:fc:32:0f:
24:e2:02:02:9b:20:8d:d2:55:2c:c4:96:95:9a:d7:d3:0c:4b:
ec:c1:d1:8d:2e:dc:4f:58:44:5d:d2:1c:d0:5e:ff:98:c0:1a:
62:b1:e2:21:8d:d6:df:73:69:cf:81:e4:ab:85:08:d9:eb:ab:
92:1a:61:b6:0e:55:b9:c3:e7:a8:56:7d:c9:ee:23:b5:85:1b:
6b:9d:5c:a6:57:08:34:de:da:b5:b2:8d:8e:dc:76:bb:c3:e1:
ca:95:2b:9f:23:22:88:5e:35:0c:9f:ac:b7:4b:f6:20:f6:5d:
7c:28:3a:e2:36:8c:21:b4:cc:ca:1d:26:ac:90:c5:3b:54:30:
43:91:0d:48:d6:2c:01:ba:1d:ad:ab:14:6e:a1:cb:9d:03:45:
fb:a6:af:67:28:03:6c:27:58:75:a1:17:10:02:b2:70:00:ec:
6f:80:51:29:5e:b6:ee:4f:a2:e0:cf:41:52:11:7a:39:b8:b4:
83:f9:15:c2:0d:21:31:f8:19:1c:6b:e6:c1:88:1e:90:d3:13:
47:cf:86:d3
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISAYR2pbzt0MRwU9YZSoCl8aQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjIxMTE0MTQ1ODAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2UxNDJhYTAzZmJjYjNkMDk3YmE1ZGNlODA5OTc3OGQyNmVjNjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLdzd4qnd3soqYml6BIUR8eYvbuH
35vUbmThQiOAbJHDpx4yTr/AoZrzHqwttqF+gqfH+Faj8SltjMxjRrh1nH4y7u67
bqHAyF4yPJrREbZl5LziIW+AZSXf0UmPm4btfT923KQPY+00vi/kAcNMsVZIlEHr
GVlaEtm9u4PIIZ82/CpNoYDoEIrdaaZw+3bJzWSZT1TJNj2QtcKduXyP6/NWHpfI
IiOqdgMIB7tF34OcdLfoJ82I/YXdB05sbIYLvv79FqMYfNQHV9OK48lGaagSqzXB
0WYDlMPkokHnK4KGziMXsThBBFIBlixOp/QBfd/Hv5nejqMozlvsh/n2+QIDAQAB
o4ICpzCCAqMwHQYDVR0OBBYEFMPhQqoD+8s9CXul3OgJl3jSbsZhMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvdy1GQ3FnUDd5ejBKZTZYYzZBbVhlTkp1eG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG8BggrBgEFBQcBBwEB/wSBrDCBqTCBggQCAAEwfDAMAwQG
JWFAAwQEJWFgAwQFQSdAAwQEUPtgAwQFUV0AAwQFWNXgAwQDbevoAwQHnY+AMAwD
BASynRADBASynSADBAOy/6ADBAK5BlwDBAK5CPwDBAK5GIwDBAK5INADBAK5KrAD
BAK5QfgDBAfDhwADBATZSmADBAfZtYAwIgQCAAIwHAMFACoCBugDBQMqAsRAAwUD
KgvjwAMFAyoMBgAwDQYJKoZIhvcNAQELBQADggEBAFg8yjkEnWmKGtP6cpamS9uE
7xpe1f2RF+CqB52VrYIBkzbHL5gD9EPHBQDLpbKIrnVFKPwyDyTiAgKbII3SVSzE
lpWa19MMS+zB0Y0u3E9YRF3SHNBe/5jAGmKx4iGN1t9zac+B5KuFCNnrq5IaYbYO
VbnD56hWfcnuI7WFG2udXKZXCDTe2rWyjY7cdrvD4cqVK58jIoheNQyfrLdL9iD2
XXwoOuI2jCG0zModJqyQxTtUMEORDUjWLAG6Ha2rFG6hy50DRfumr2coA2wnWHWh
FxACsnAA7G+AUSletu5PouDPQVIRejm4tIP5FcINITH4GRxr5sGIHpDTE0fPhtM=
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:03:34 2025 by rpki-client