Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/P6MtaMMQOnCwtKb7TegBFCNEJyw.roa
File: P6MtaMMQOnCwtKb7TegBFCNEJyw.roa (raw, json)
Hash identifier: whO9aj2nPwexLy6ElnE4WfpXCjERiYXxv/FgTqhwvxM=
Subject key identifier: 3F:A3:2D:68:C3:10:3A:70:B0:B4:A6:FB:4D:E8:01:14:23:44:27:2C
Certificate issuer: /CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
Certificate serial: 01885251FD0DCB286AABFC51EF1D31B8079B
Authority key identifier: F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/P6MtaMMQOnCwtKb7TegBFCNEJyw.roa
Signing time: Thu 25 May 2023 09:51:24 +0000
ROA not before: Thu 25 May 2023 09:51:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57558
IP address blocks: 45.129.248.0/22 maxlen: 22
185.197.10.0/24 maxlen: 24
185.197.11.0/24 maxlen: 24
185.197.8.0/23 maxlen: 23
185.15.168.0/22 maxlen: 22
45.148.212.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:52:51:fd:0d:cb:28:6a:ab:fc:51:ef:1d:31:b8:07:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
Validity
Not Before: May 25 09:51:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fa32d68c3103a70b0b4a6fb4de801142344272c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:f5:cc:7b:f4:a4:97:51:a9:c9:82:9f:fb:77:
d0:46:43:92:3c:60:ef:e3:3b:d3:83:e4:50:15:67:
aa:fc:06:21:e4:9d:df:3e:17:78:d5:82:0d:56:e1:
33:7c:23:c4:ef:db:70:47:2a:2f:39:ee:8a:3e:0d:
c4:7e:c4:73:bc:98:48:bf:c3:c1:ea:d1:00:7a:f9:
7e:8f:ba:ff:78:3b:e9:de:b1:39:54:81:29:90:4b:
98:c5:ed:3e:9e:2d:20:8e:ec:df:6c:49:a3:71:47:
4f:c7:b6:75:bc:6a:44:8e:d9:c5:56:42:1a:7e:c6:
41:ac:50:b1:b9:76:6a:35:93:43:82:6b:b6:8c:1a:
fe:c3:42:de:73:c4:c3:4b:b2:ee:0a:ed:8a:c3:bc:
3b:13:a8:b8:2b:44:00:6c:bd:0a:b3:6f:d1:af:9a:
f5:e3:cb:d6:f0:ec:5f:74:4b:79:d4:0c:72:95:66:
b7:0f:56:11:68:f4:69:1d:eb:9c:9f:90:f5:2f:d0:
15:4a:a7:6b:6d:8c:1c:26:05:02:ad:27:ac:5e:21:
d3:41:9d:c9:45:84:02:4e:c2:d2:0f:ad:64:bb:1a:
1d:f8:64:f8:89:d3:ba:78:60:34:0b:3d:7a:86:65:
71:a4:ef:f4:6b:8c:ac:55:a5:67:b5:ae:3d:a8:c1:
2b:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:A3:2D:68:C3:10:3A:70:B0:B4:A6:FB:4D:E8:01:14:23:44:27:2C
X509v3 Authority Key Identifier:
keyid:F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/P6MtaMMQOnCwtKb7TegBFCNEJyw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.248.0/22
45.148.212.0/22
185.15.168.0/22
185.197.8.0/22
Signature Algorithm: sha256WithRSAEncryption
ae:f7:66:ec:3a:e8:70:89:96:9d:c3:40:b6:5f:8d:91:fc:27:
78:f8:fb:aa:e3:29:a8:a9:04:ed:cb:3b:ab:3f:21:97:b2:88:
99:e6:c7:ee:d4:09:d2:5f:76:b8:d3:6f:6e:c9:78:6f:1e:1a:
c1:50:73:bd:f3:de:77:3b:f2:d8:0e:64:49:08:ec:da:c9:35:
5e:36:13:3c:26:7c:a6:85:01:7f:1c:de:2e:41:88:f2:5e:96:
25:e1:02:07:f3:5c:16:c0:bc:9b:e5:eb:59:2d:09:20:5a:f1:
0f:45:99:46:d7:c5:64:25:e1:4d:fc:8f:f0:2a:4a:7b:62:2a:
43:a7:a6:a0:af:73:9c:76:bc:26:f4:30:ac:4d:77:5c:20:98:
b3:72:2c:25:13:d3:2b:e7:7e:7e:b5:0b:c0:05:8c:e5:02:72:
02:67:ad:9d:43:1c:d1:08:39:ad:df:98:bd:4d:08:b1:e4:21:
07:a8:8f:1c:dc:55:c5:c4:3f:58:38:60:2c:bd:10:62:30:32:
02:80:4a:01:4f:f3:dc:c1:ee:0e:16:b0:24:4b:c1:be:0f:59:
7f:dc:00:c7:68:c4:03:df:be:4a:7d:bd:71:69:a8:b3:82:0c:
79:e7:3e:a5:44:c9:db:0d:4d:b8:49:dc:c0:a4:65:2a:f4:29:
d2:b8:50:f7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhSUf0Nyyhqq/xR7x0xuAebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZWY1ZGJhMTAwYTkyYjI0NDRmM2U1MTJkMDFhNTkyYzAx
OTUxYzIwHhcNMjMwNTI1MDk1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmEzMmQ2OGMzMTAzYTcwYjBiNGE2ZmI0ZGU4MDExNDIzNDQyNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfXMe/Skl1GpyYKf+3fQRkOSPGDv
4zvTg+RQFWeq/AYh5J3fPhd41YINVuEzfCPE79twRyovOe6KPg3EfsRzvJhIv8PB
6tEAevl+j7r/eDvp3rE5VIEpkEuYxe0+ni0gjuzfbEmjcUdPx7Z1vGpEjtnFVkIa
fsZBrFCxuXZqNZNDgmu2jBr+w0Lec8TDS7LuCu2Kw7w7E6i4K0QAbL0Ks2/Rr5r1
48vW8OxfdEt51AxylWa3D1YRaPRpHeucn5D1L9AVSqdrbYwcJgUCrSesXiHTQZ3J
RYQCTsLSD61kuxod+GT4idO6eGA0Cz16hmVxpO/0a4ysVaVnta49qMErSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD+jLWjDEDpwsLSm+03oARQjRCcsMB8GA1UdIwQY
MBaAFPTvXboQCpKyRE8+US0BpZLAGVHCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDct
YWQwMjdlOTVjNWM3LzEvUDZNdGFNTVFPbkN3dEtiN1RlZ0JGQ05FSnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDctYWQwMjdlOTVjNWM3
LzEvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYH4AwQC
LZTUAwQCuQ+oAwQCucUIMA0GCSqGSIb3DQEBCwUAA4IBAQCu92bsOuhwiZadw0C2
X42R/Cd4+Puq4ymoqQTtyzurPyGXsoiZ5sfu1AnSX3a4029uyXhvHhrBUHO98953
O/LYDmRJCOzayTVeNhM8JnymhQF/HN4uQYjyXpYl4QIH81wWwLyb5etZLQkgWvEP
RZlG18VkJeFN/I/wKkp7YipDp6agr3Ocdrwm9DCsTXdcIJizciwlE9Mr535+tQvA
BYzlAnICZ62dQxzRCDmt35i9TQix5CEHqI8c3FXFxD9YOGAsvRBiMDICgEoBT/Pc
we4OFrAkS8G+D1l/3ADHaMQD375Kfb1xaaizggx55z6lRMnbDU24SdzApGUq9CnS
uFD3
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:44:27 2025 by rpki-client