Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/rj7Xd-ZDG2FOmEPG21wtf2DJtCg.roa
File: rj7Xd-ZDG2FOmEPG21wtf2DJtCg.roa (raw, json)
Hash identifier: 7w2ZW9V9116STf7Y5tufz2P1/jKCawHkVw5KBxhbZeY=
Subject key identifier: AE:3E:D7:77:E6:43:1B:61:4E:98:43:C6:DB:5C:2D:7F:60:C9:B4:28
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0186181B54A1F88988DC49D997054BBE0D3B
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/rj7Xd-ZDG2FOmEPG21wtf2DJtCg.roa
Signing time: Fri 03 Feb 2023 16:28:09 +0000
ROA not before: Fri 03 Feb 2023 16:28:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13285
IP address blocks: 78.144.0.0/13 maxlen: 24
2.96.0.0/13 maxlen: 24
217.68.128.0/20 maxlen: 24
185.173.120.0/22 maxlen: 24
92.0.0.0/11 maxlen: 24
62.24.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
91.146.112.0/21 maxlen: 24
62.241.160.0/19 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
212.139.133.0/24 maxlen: 24
2001:4a00::/27 maxlen: 27
2001:7e0::/32 maxlen: 32
2a0b:e900::/29 maxlen: 29
2a0b:db00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:18:1b:54:a1:f8:89:88:dc:49:d9:97:05:4b:be:0d:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Feb 3 16:28:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae3ed777e6431b614e9843c6db5c2d7f60c9b428
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:79:b7:1a:9c:cf:49:ac:be:74:62:ef:bf:e5:
e5:9b:a3:98:09:3f:b1:73:db:06:22:5a:12:1f:ec:
91:1f:c6:bb:34:d1:4d:47:82:02:84:23:cd:88:5f:
cb:96:85:6b:67:cd:3a:22:51:1f:50:73:a5:ca:21:
b3:18:74:f7:55:c4:77:4b:6d:3d:14:5b:54:07:fc:
b2:3e:83:9b:c5:19:f5:09:13:cb:37:ea:44:e5:ad:
d4:8b:a0:ad:12:89:b4:c5:0d:c5:04:fa:1e:eb:48:
3b:e5:29:07:a8:41:f6:74:8a:3b:c7:81:0e:93:1c:
60:8a:27:cc:ba:5c:74:7f:a4:6e:fd:ce:32:83:5a:
16:06:13:d2:c6:e7:a3:48:82:fd:06:2d:44:73:9a:
a6:61:b7:1d:73:3d:9a:1b:b9:5b:42:00:97:7b:2b:
40:9d:33:15:29:b1:66:43:7d:9a:00:56:6b:d8:ef:
a5:26:ff:f3:3b:8a:41:ae:22:d9:ce:c8:c9:de:49:
64:6c:0f:05:f9:fb:39:4b:71:51:eb:75:5a:b0:9f:
87:dd:43:cb:a9:3f:29:bd:91:01:68:84:d2:d9:75:
ec:f8:ff:7f:26:4d:c0:1f:fe:41:db:ff:28:54:a8:
8f:d0:57:06:d3:fd:f8:c0:22:86:e1:ea:19:97:42:
0e:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:3E:D7:77:E6:43:1B:61:4E:98:43:C6:DB:5C:2D:7F:60:C9:B4:28
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/rj7Xd-ZDG2FOmEPG21wtf2DJtCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.112.212.0/22
185.173.116.0-185.173.123.255
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
af:b2:c6:5c:8d:de:3f:5c:dd:c6:fb:64:99:dc:57:5f:b9:67:
93:51:0c:d9:cc:54:7a:fd:cf:77:ab:4d:88:9d:c2:02:5c:8d:
7a:51:aa:0b:6d:18:eb:45:21:bf:ec:0e:92:95:d4:33:7d:48:
aa:93:13:d6:31:ae:bf:58:a7:8b:58:ae:f2:c0:98:d1:05:d5:
0b:4f:ea:de:c6:8f:eb:68:06:e8:4e:ff:4f:38:bf:50:e7:c0:
59:8a:3c:64:87:80:e6:f6:13:24:b6:1d:56:5c:c3:c6:b8:3c:
b7:ca:39:61:cd:e3:14:8f:42:b1:96:f7:a1:7a:06:be:16:d7:
cd:66:a2:6c:b8:a8:32:c7:ee:e3:46:1f:0f:c8:4d:15:21:05:
50:70:8e:03:84:13:ed:00:53:c8:49:eb:ef:80:41:45:86:8d:
0f:7f:2d:f2:a3:7f:81:77:78:1a:da:f0:d2:84:43:e2:1f:af:
bf:36:13:e1:8a:0c:bc:46:f3:c1:f6:df:ce:bd:f8:9c:6e:08:
a8:f5:58:f9:da:99:fa:45:cf:da:45:f6:23:40:57:b9:eb:35:
a3:e9:75:d9:2a:be:90:3b:8b:b3:da:10:8d:e3:5b:69:48:93:
97:f5:7b:50:3d:fd:3b:0d:aa:32:77:d6:0e:c2:7e:40:6d:de:
e8:04:d1:d6
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYYYG1Sh+ImI3EnZlwVLvg07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwMjAzMTYyODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTNlZDc3N2U2NDMxYjYxNGU5ODQzYzZkYjVjMmQ3ZjYwYzliNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHm3GpzPSay+dGLvv+Xlm6OYCT+x
c9sGIloSH+yRH8a7NNFNR4IChCPNiF/LloVrZ806IlEfUHOlyiGzGHT3VcR3S209
FFtUB/yyPoObxRn1CRPLN+pE5a3Ui6CtEom0xQ3FBPoe60g75SkHqEH2dIo7x4EO
kxxgiifMulx0f6Ru/c4yg1oWBhPSxuejSIL9Bi1Ec5qmYbcdcz2aG7lbQgCXeytA
nTMVKbFmQ32aAFZr2O+lJv/zO4pBriLZzsjJ3klkbA8F+fs5S3FR63VasJ+H3UPL
qT8pvZEBaITS2XXs+P9/Jk3AH/5B2/8oVKiP0FcG0/34wCKG4eoZl0IOWwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFK4+13fmQxthTphDxttcLX9gybQoMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvcmo3WGQtWkRHMkZPbUVQRzIxd3RmMkRKdENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MFgEAgABMFIDAwMCYAME
Bz4YgAMEBT7xoAMDA06QAwMCWfADBANbknADAwVcAAMEArlw1DAMAwQCua10AwQC
ua14AwQA1IsYAwQA1IuFAwQC1IuUAwQE2USAMCIEAgACMBwDBQAgAQfgAwUFIAFK
AAMFAyoL2wADBQMqC+kAMA0GCSqGSIb3DQEBCwUAA4IBAQCvssZcjd4/XN3G+2SZ
3FdfuWeTUQzZzFR6/c93q02IncICXI16UaoLbRjrRSG/7A6SldQzfUiqkxPWMa6/
WKeLWK7ywJjRBdULT+rexo/raAboTv9POL9Q58BZijxkh4Dm9hMkth1WXMPGuDy3
yjlhzeMUj0Kxlvehega+FtfNZqJsuKgyx+7jRh8PyE0VIQVQcI4DhBPtAFPISevv
gEFFho0Pfy3yo3+Bd3ga2vDShEPiH6+/NhPhigy8RvPB9t/Ovficbgio9Vj52pn6
Rc/aRfYjQFe56zWj6XXZKr6QO4uz2hCN41tpSJOX9XtQPf07Daoyd9YOwn5Abd7o
BNHW
-----END CERTIFICATE-----
Generated at Tue Apr 15 00:57:43 2025 by rpki-client