Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/r3CmXb3iGFTRQusaIdPzOo2kzlw.roa
File: r3CmXb3iGFTRQusaIdPzOo2kzlw.roa (raw, json)
Hash identifier: c4KBGZIzfq+c1IgEBTABDBk85UBy4GxijSndNZGwb7c=
Subject key identifier: AF:70:A6:5D:BD:E2:18:54:D1:42:EB:1A:21:D3:F3:3A:8D:A4:CE:5C
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 0A292390
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/r3CmXb3iGFTRQusaIdPzOo2kzlw.roa
Signing time: Wed 16 Mar 2022 14:11:27 +0000
ROA not before: Wed 16 Mar 2022 14:11:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 28761
IP address blocks: 193.138.84.0/24 maxlen: 24
194.9.26.0/23 maxlen: 24
193.238.108.0/24 maxlen: 24
193.238.111.0/24 maxlen: 24
193.238.109.0/24 maxlen: 24
91.194.163.0/24 maxlen: 24
193.238.110.0/24 maxlen: 24
195.3.244.0/22 maxlen: 24
193.27.242.0/24 maxlen: 24
193.27.243.0/24 maxlen: 24
2a05:5840::/32 maxlen: 32
2a05:5841::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 170468240 (0xa292390)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Mar 16 14:11:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=af70a65dbde21854d142eb1a21d3f33a8da4ce5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:56:2f:4a:05:dd:ca:21:de:cb:13:e1:f7:fc:
45:31:55:df:43:ed:ea:55:df:9c:62:66:0d:c8:59:
8d:0f:e6:64:e3:e3:d9:75:70:0d:2e:d4:e5:eb:88:
f0:fc:fc:58:28:c1:b9:9e:77:ed:a6:93:7f:f2:6a:
1a:7e:a7:85:33:61:d1:91:47:26:68:50:7e:48:8a:
03:c4:fd:00:1c:c8:e9:0d:62:96:ca:28:a5:eb:5c:
49:6d:95:ff:6f:09:ad:c2:4a:95:5f:cd:4d:d8:12:
3f:c7:e8:d2:3e:95:6e:bf:dd:bc:03:24:de:4d:2c:
42:ec:ba:be:b3:5a:c1:b9:77:e0:81:ec:4d:be:2c:
99:0e:ff:eb:87:10:7a:81:85:5c:b6:98:3f:14:cd:
8d:a8:f8:4f:a0:d4:f6:cb:63:df:b6:13:3b:77:7a:
46:92:98:cb:e9:d3:c1:c5:a4:92:5b:d0:49:50:b9:
98:db:19:fd:b4:e5:61:94:f0:9d:a3:8c:8a:d2:db:
bf:0c:3a:52:14:c8:db:2f:b8:81:94:6d:de:81:81:
e5:6c:a3:6b:e7:c7:2a:dc:c8:a8:87:af:bf:dd:67:
ed:ef:a3:2f:b7:e3:f5:90:2f:ea:8a:b5:c8:f8:75:
f8:9b:d1:3e:02:c7:88:fb:15:48:4a:d1:52:93:cb:
03:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:70:A6:5D:BD:E2:18:54:D1:42:EB:1A:21:D3:F3:3A:8D:A4:CE:5C
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/r3CmXb3iGFTRQusaIdPzOo2kzlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.163.0/24
193.27.242.0/23
193.138.84.0/24
193.238.108.0/22
194.9.26.0/23
195.3.244.0/22
IPv6:
2a05:5840::/31
Signature Algorithm: sha256WithRSAEncryption
19:eb:33:b6:18:5b:28:d5:ae:25:fe:8f:2a:99:93:0c:e1:f2:
e7:8d:62:6a:c3:d9:45:1e:78:f4:a4:f5:a2:64:4f:c1:c3:7f:
3d:73:b0:54:c2:77:a6:9a:b2:95:ed:07:f9:94:92:77:a4:1f:
ff:4b:70:f1:e8:bf:07:3f:51:88:83:67:13:77:fd:5f:38:b6:
af:00:3a:35:1e:5e:1b:b3:2c:e3:b2:3f:cb:c9:48:fd:fe:f3:
f0:2f:88:82:87:02:96:4a:b3:14:6e:fc:97:65:39:87:08:b0:
0c:a0:93:01:fc:7e:78:2b:bd:cd:48:b1:95:ac:97:d3:18:d6:
36:77:52:c8:3b:9d:04:17:8c:85:31:06:a6:1b:26:43:14:3d:
71:2c:e3:ec:06:57:f6:31:e5:6d:c0:21:2d:3a:2f:ed:92:4c:
1b:f5:e0:a1:49:e0:a1:66:52:19:b3:b0:e9:18:66:77:49:3d:
ab:ed:12:0f:6b:c8:38:4f:9a:7c:f5:6f:5c:ab:7a:23:66:09:
8c:d1:da:9a:51:3c:c5:68:de:a4:e5:25:c8:63:c7:1a:fd:52:
d2:a3:06:60:dd:ce:c3:23:0b:e7:ac:6f:1e:94:15:98:7e:ba:
87:e5:51:c6:7d:ef:4b:97:a4:61:b6:70:e9:73:00:ab:77:5c:
c7:2d:9f:23
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIECikjkDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTJlY2U5YzlhMzI0ZDQ1YzM1Zjk1NTlmMzI5ZDg4NjlkYWI1M2JhMB4XDTIyMDMx
NjE0MTEyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWY3MGE2NWRiZGUy
MTg1NGQxNDJlYjFhMjFkM2YzM2E4ZGE0Y2U1YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK9WL0oF3coh3ssT4ff8RTFV30Pt6lXfnGJmDchZjQ/mZOPj
2XVwDS7U5euI8Pz8WCjBuZ537aaTf/JqGn6nhTNh0ZFHJmhQfkiKA8T9ABzI6Q1i
lsoopetcSW2V/28JrcJKlV/NTdgSP8fo0j6Vbr/dvAMk3k0sQuy6vrNawbl34IHs
Tb4smQ7/64cQeoGFXLaYPxTNjaj4T6DU9stj37YTO3d6RpKYy+nTwcWkklvQSVC5
mNsZ/bTlYZTwnaOMitLbvww6UhTI2y+4gZRt3oGB5Wyja+fHKtzIqIevv91n7e+j
L7fj9ZAv6oq1yPh1+JvRPgLHiPsVSErRUpPLA7ECAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBSvcKZdveIYVNFC6xoh0/M6jaTOXDAfBgNVHSMEGDAWgBSFLs6cmjJNRcNf
lVnzKdiGnatTujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hTN09uSm95VFVYRFg1Vlo4eW5ZaHAyclU3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8x
L3IzQ21YYjNpR0ZUUlF1c2FJZFB6T28ya3psdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
ZDNjY2U2LWI0N2ItNGQwNi1hMzBmLWViMjQxMWQyMTJhYi8xL2hTN09uSm95VFVY
RFg1Vlo4eW5ZaHAyclU3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAFvCowMEAcEb8gMEAMGKVAMEAsHu
bAMEAcIJGgMEAsMD9DANBAIAAjAHAwUBKgVYQDANBgkqhkiG9w0BAQsFAAOCAQEA
GeszthhbKNWuJf6PKpmTDOHy541iasPZRR549KT1omRPwcN/PXOwVMJ3ppqyle0H
+ZSSd6Qf/0tw8ei/Bz9RiINnE3f9Xzi2rwA6NR5eG7Ms47I/y8lI/f7z8C+IgocC
lkqzFG78l2U5hwiwDKCTAfx+eCu9zUixlayX0xjWNndSyDudBBeMhTEGphsmQxQ9
cSzj7AZX9jHlbcAhLTov7ZJMG/XgoUngoWZSGbOw6Rhmd0k9q+0SD2vIOE+afPVv
XKt6I2YJjNHamlE8xWjepOUlyGPHGv1S0qMGYN3OwyML56xvHpQVmH66h+VRxn3v
S5ekYbZw6XMAq3dcxy2fIw==
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:57:42 2025 by rpki-client