Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RHFFrdOL_uUeJGTg3C0cF4EBFkk.roa
File: RHFFrdOL_uUeJGTg3C0cF4EBFkk.roa (raw, json)
Hash identifier: hmbSyjBEKZqJwnCerXCACsekHUi0X1HHbePdVvIrUR0=
Subject key identifier: 44:71:45:AD:D3:8B:FE:E5:1E:24:64:E0:DC:2D:1C:17:81:01:16:49
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 01861557A10314411EB555068A2DA8AD20A0
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RHFFrdOL_uUeJGTg3C0cF4EBFkk.roa
Signing time: Fri 03 Feb 2023 03:35:09 +0000
ROA not before: Fri 03 Feb 2023 03:35:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13285
IP address blocks: 78.144.0.0/13 maxlen: 24
2.96.0.0/13 maxlen: 24
217.68.128.0/20 maxlen: 24
185.173.120.0/22 maxlen: 24
92.0.0.0/11 maxlen: 24
62.24.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
212.139.148.0/22 maxlen: 22
91.146.112.0/21 maxlen: 24
62.241.160.0/19 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
212.139.133.0/24 maxlen: 24
2001:4a00::/27 maxlen: 27
2001:7e0::/32 maxlen: 32
2a0b:e900::/29 maxlen: 29
2a0b:db00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:15:57:a1:03:14:41:1e:b5:55:06:8a:2d:a8:ad:20:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Feb 3 03:35:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=447145add38bfee51e2464e0dc2d1c1781011649
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:76:9f:df:73:f6:14:c5:bd:95:36:04:20:93:
9c:ef:66:45:69:3e:5a:b1:eb:05:3d:b4:02:40:7f:
16:92:47:d7:87:ef:c9:34:78:9b:41:f6:fa:7f:45:
3e:bd:00:33:06:3d:4a:09:50:65:b3:d9:05:27:e2:
81:dd:24:15:1b:bd:9d:27:c1:50:99:d8:06:50:33:
2e:d2:69:16:0f:11:44:ef:50:23:6f:8f:50:03:f5:
92:d5:2b:05:f7:7e:61:e2:1b:10:b1:fd:01:8f:66:
6d:34:91:3d:2c:10:3f:4e:5e:c9:6d:b1:fe:9e:1e:
cf:6f:9c:e3:80:e4:37:ee:88:4d:1c:f4:63:b9:c7:
28:f6:cd:9e:04:5e:48:57:67:96:83:1c:c8:6d:4a:
f9:84:11:de:5f:2e:b8:46:28:aa:07:27:fb:c7:bc:
42:4f:8e:e5:7d:7c:ea:31:e5:22:ce:28:ff:ac:ad:
58:d5:c7:36:40:0c:30:f6:87:65:b3:1d:c1:60:36:
28:36:8c:80:5c:c4:db:d8:08:bd:18:ff:dd:91:59:
13:2f:85:97:b7:58:a7:e2:9e:1c:ac:3e:7b:c4:61:
45:bf:fc:95:f8:2e:86:ce:aa:be:fb:23:be:e8:52:
cf:df:11:1d:d2:83:d8:a2:0b:e6:bd:6d:9c:39:57:
2e:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:71:45:AD:D3:8B:FE:E5:1E:24:64:E0:DC:2D:1C:17:81:01:16:49
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RHFFrdOL_uUeJGTg3C0cF4EBFkk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.112.212.0/22
185.173.116.0-185.173.123.255
212.139.133.0/24
212.139.148.0/22
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
37:a1:3c:68:7e:c4:c9:c9:9b:37:3c:7a:97:fe:a5:47:ee:7a:
b2:0a:97:1b:2e:b6:9d:f1:bf:0e:cc:6b:1c:3a:74:f9:4b:12:
bf:6d:7e:dc:54:f2:5c:5f:dc:6c:fc:7e:8f:c2:73:94:f0:30:
fe:08:3d:ea:dc:c9:d0:46:96:46:e0:e8:5d:66:7b:55:16:41:
44:86:c6:c4:29:02:30:54:d8:5c:e2:dd:df:72:b2:91:72:dc:
3d:3a:c7:a5:9d:56:12:03:fa:64:bb:3a:87:d9:fa:cf:63:1a:
96:18:23:92:e0:65:ac:6e:a1:cf:b2:59:11:f8:04:ac:b8:01:
b4:94:d7:05:06:40:d1:2b:58:6e:71:7e:75:8b:fb:93:6f:a9:
d6:f5:ba:75:16:81:fd:6f:18:82:46:9a:87:50:b6:b6:bb:56:
cd:00:bb:4c:bc:f0:4d:7e:c6:ea:e4:11:1e:5f:75:78:38:13:
dd:98:f7:1a:17:83:a8:d0:c2:8f:be:f1:e9:ba:dd:d2:82:01:
47:34:82:cd:3f:b7:3a:a9:85:fa:f2:63:bb:74:83:d3:e3:dd:
26:ed:95:e7:e8:54:18:d6:10:3c:d0:4a:24:b8:82:2d:9d:81:
e4:57:fb:d6:3d:94:75:b2:0e:da:b9:74:65:de:75:94:f0:e2:
74:28:0c:51
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYYVV6EDFEEetVUGii2orSCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwMjAzMDMzNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcxNDVhZGQzOGJmZWU1MWUyNDY0ZTBkYzJkMWMxNzgxMDExNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXaf33P2FMW9lTYEIJOc72ZFaT5a
sesFPbQCQH8WkkfXh+/JNHibQfb6f0U+vQAzBj1KCVBls9kFJ+KB3SQVG72dJ8FQ
mdgGUDMu0mkWDxFE71Ajb49QA/WS1SsF935h4hsQsf0Bj2ZtNJE9LBA/Tl7JbbH+
nh7Pb5zjgOQ37ohNHPRjucco9s2eBF5IV2eWgxzIbUr5hBHeXy64RiiqByf7x7xC
T47lfXzqMeUizij/rK1Y1cc2QAww9odlsx3BYDYoNoyAXMTb2Ai9GP/dkVkTL4WX
t1in4p4crD57xGFFv/yV+C6Gzqq++yO+6FLP3xEd0oPYogvmvW2cOVcumQIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFERxRa3Ti/7lHiRk4NwtHBeBARZJMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvUkhGRnJkT0xfdVVlSkdUZzNDMGNGNEVCRmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwUgQCAAEwTAMDAwJgAwQH
PhiAAwQFPvGgAwMDTpADAwJZ8AMEA1uScAMDBVwAAwQCuXDUMAwDBAK5rXQDBAK5
rXgDBADUi4UDBALUi5QDBATZRIAwIgQCAAIwHAMFACABB+ADBQUgAUoAAwUDKgvb
AAMFAyoL6QAwDQYJKoZIhvcNAQELBQADggEBADehPGh+xMnJmzc8epf+pUfuerIK
lxsutp3xvw7Maxw6dPlLEr9tftxU8lxf3Gz8fo/Cc5TwMP4IPercydBGlkbg6F1m
e1UWQUSGxsQpAjBU2Fzi3d9yspFy3D06x6WdVhID+mS7OofZ+s9jGpYYI5LgZaxu
oc+yWRH4BKy4AbSU1wUGQNErWG5xfnWL+5Nvqdb1unUWgf1vGIJGmodQtra7Vs0A
u0y88E1+xurkER5fdXg4E92Y9xoXg6jQwo++8em63dKCAUc0gs0/tzqphfryY7t0
g9Pj3SbtlefoVBjWEDzQSiS4gi2dgeRX+9Y9lHWyDtq5dGXedZTw4nQoDFE=
-----END CERTIFICATE-----
Generated at Tue Apr 15 00:57:00 2025 by rpki-client