Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/kiHPNBFqKXOnNNLpPtIGkNz8Ri0.roa
File: kiHPNBFqKXOnNNLpPtIGkNz8Ri0.roa (raw, json)
Hash identifier: FqeCqqCw5DIfKTQfTBMxsEuOsWAT0AMM9o+ZLcPHG3k=
Subject key identifier: 92:21:CF:34:11:6A:29:73:A7:34:D2:E9:3E:D2:06:90:DC:FC:46:2D
Certificate issuer: /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial: 14F21EB4
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/kiHPNBFqKXOnNNLpPtIGkNz8Ri0.roa
Signing time: Sat 01 Jan 2022 13:06:24 +0000
ROA not before: Sat 01 Jan 2022 13:06:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 28809
IP address blocks: 85.91.104.0/24 maxlen: 24
85.91.115.0/24 maxlen: 24
81.26.157.0/24 maxlen: 24
85.91.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 351411892 (0x14f21eb4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
Validity
Not Before: Jan 1 13:06:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9221cf34116a2973a734d2e93ed20690dcfc462d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:14:26:22:61:a6:77:98:ac:7e:26:a8:2b:ff:
2f:46:bb:ad:2a:c2:24:95:10:a2:c6:c2:12:d8:f7:
e7:15:e3:a6:22:d6:30:d2:3f:69:8b:83:50:d3:49:
4e:bf:0b:14:57:4e:34:99:dd:f2:96:f8:df:44:8a:
9e:ff:61:06:6c:ba:a6:2e:e8:0a:58:80:ab:99:bd:
e4:96:6c:62:6b:51:29:1d:95:db:9a:79:97:69:d4:
6b:fe:c5:ca:56:d1:ba:39:92:9c:62:3d:6c:0e:44:
02:05:66:50:ba:f2:bf:40:e6:cf:55:5a:bd:1c:d2:
e7:84:10:a6:f1:58:51:cc:0b:d0:f1:f6:d6:bf:e8:
22:d2:d6:47:96:43:d7:d9:c1:3e:51:77:c6:ce:33:
08:18:b1:d6:3e:8e:d1:35:72:ec:4c:2c:20:9c:23:
9b:23:f0:8c:68:53:77:23:3e:d0:c9:70:b8:08:61:
63:cb:13:0c:41:df:7c:78:7e:fc:77:7d:ff:32:b9:
b8:7b:9b:bd:63:5e:81:42:74:3f:12:a0:98:27:39:
87:78:b7:0a:55:79:c5:74:bd:95:92:ad:cb:79:4d:
7a:9c:b4:21:d5:0e:9a:23:f7:17:1c:5e:05:41:29:
7c:3f:da:5a:6b:bd:28:01:33:e4:f2:05:41:2b:fd:
ee:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:21:CF:34:11:6A:29:73:A7:34:D2:E9:3E:D2:06:90:DC:FC:46:2D
X509v3 Authority Key Identifier:
keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/kiHPNBFqKXOnNNLpPtIGkNz8Ri0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.26.157.0/24
85.91.104.0/24
85.91.115.0/24
85.91.120.0/24
Signature Algorithm: sha256WithRSAEncryption
73:c8:db:df:7d:6b:20:e8:80:c6:42:19:98:a7:93:f3:59:dc:
4d:f6:45:04:85:c2:07:3d:e6:c9:e3:c4:26:f3:50:1f:a3:c3:
3e:ef:08:0a:5d:26:51:d6:76:f2:2c:7d:33:f9:a3:b6:2a:e2:
ca:3b:64:80:dc:16:ce:ab:22:14:d1:64:80:d2:5c:6d:74:fd:
25:cf:c5:cd:97:f7:66:08:60:89:b9:ef:61:77:e4:2a:81:2a:
3f:94:f8:db:df:35:6b:fb:2c:75:99:fc:88:b8:4d:23:35:91:
25:21:37:da:06:ad:88:e5:45:1b:89:8d:4d:51:63:e3:0c:e5:
2b:1a:6f:31:56:6f:bc:52:b5:bb:81:0a:02:a5:d8:3e:56:3e:
bf:24:e1:b0:5d:4f:0c:55:0c:49:36:84:0c:87:47:ca:7a:d2:
d0:b2:8d:ba:9a:54:ce:82:38:c6:f9:f1:2f:82:c7:2d:6f:79:
63:ce:06:76:c7:87:2b:d4:86:c7:3c:99:ec:96:3a:2e:60:c1:
df:6a:ee:50:98:85:47:64:ce:23:7b:ea:48:c1:54:95:57:4e:
9f:6c:6b:cc:6f:40:60:8d:41:cb:7a:37:fe:76:27:83:e1:05:
e5:09:d0:89:2f:c7:73:68:d0:22:69:fd:03:51:0c:b8:3b:42:
9a:4a:68:9e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEFPIetDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZjM4MTg1NTRhNTE4MDhlZWZiODI5ZWM3NDY1YTMyMjJmMjcwMTIzMB4XDTIyMDEw
MTEzMDYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTIyMWNmMzQxMTZh
Mjk3M2E3MzRkMmU5M2VkMjA2OTBkY2ZjNDYyZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKoUJiJhpneYrH4mqCv/L0a7rSrCJJUQosbCEtj35xXjpiLW
MNI/aYuDUNNJTr8LFFdONJnd8pb430SKnv9hBmy6pi7oCliAq5m95JZsYmtRKR2V
25p5l2nUa/7FylbRujmSnGI9bA5EAgVmULryv0Dmz1VavRzS54QQpvFYUcwL0PH2
1r/oItLWR5ZD19nBPlF3xs4zCBix1j6O0TVy7EwsIJwjmyPwjGhTdyM+0MlwuAhh
Y8sTDEHffHh+/Hd9/zK5uHubvWNegUJ0PxKgmCc5h3i3ClV5xXS9lZKty3lNepy0
IdUOmiP3FxxeBUEpfD/aWmu9KAEz5PIFQSv97q0CAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSSIc80EWopc6c00uk+0gaQ3PxGLTAfBgNVHSMEGDAWgBSPOBhVSlGAju+4
Kex0ZaMiLycBIzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2p6Z1lWVXBSZ0k3dnVDbnNkR1dqSWk4bkFTTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDYvMDlkYmE0LTFjOTMtNDlkNi04ODg4LWJmYjRiYTMwZTQ1YS8x
L2tpSFBOQkZxS1hPbk5OTHBQdElHa056OFJpMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYv
MDlkYmE0LTFjOTMtNDlkNi04ODg4LWJmYjRiYTMwZTQ1YS8xL2p6Z1lWVXBSZ0k3
dnVDbnNkR1dqSWk4bkFTTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFEanQMEAFVbaAMEAFVbcwMEAFVb
eDANBgkqhkiG9w0BAQsFAAOCAQEAc8jb331rIOiAxkIZmKeT81ncTfZFBIXCBz3m
yePEJvNQH6PDPu8ICl0mUdZ28ix9M/mjtiriyjtkgNwWzqsiFNFkgNJcbXT9Jc/F
zZf3ZghgibnvYXfkKoEqP5T42981a/ssdZn8iLhNIzWRJSE32gatiOVFG4mNTVFj
4wzlKxpvMVZvvFK1u4EKAqXYPlY+vyThsF1PDFUMSTaEDIdHynrS0LKNuppUzoI4
xvnxL4LHLW95Y84GdseHK9SGxzyZ7JY6LmDB32ruUJiFR2TOI3vqSMFUlVdOn2xr
zG9AYI1By3o3/nYng+EF5QnQiS/Hc2jQImn9A1EMuDtCmkpong==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:57:07 2025 by rpki-client