Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/GzbW4ONvbippur9FxLFEOLNBDa0.roa
File: GzbW4ONvbippur9FxLFEOLNBDa0.roa (raw, json)
Hash identifier: Hr3Qn/ajhSFBHPhqig7z2HbfoZmkjnhdDM+fWt0Y+xE=
Subject key identifier: 1B:36:D6:E0:E3:6F:6E:2A:69:BA:BF:45:C4:B1:44:38:B3:41:0D:AD
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 018689BAA5B339847021A2CF23D05C973F1C
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/GzbW4ONvbippur9FxLFEOLNBDa0.roa
Signing time: Sat 25 Feb 2023 17:59:16 +0000
ROA not before: Sat 25 Feb 2023 17:59:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49223
IP address blocks: 141.105.130.0/23 maxlen: 23
212.79.112.0/22 maxlen: 22
141.105.140.0/22 maxlen: 22
212.79.116.0/22 maxlen: 22
212.79.120.0/23 maxlen: 23
212.87.160.0/21 maxlen: 21
212.87.172.0/22 maxlen: 22
212.87.176.0/22 maxlen: 22
212.87.184.0/22 maxlen: 22
212.87.182.0/23 maxlen: 23
212.87.188.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:89:ba:a5:b3:39:84:70:21:a2:cf:23:d0:5c:97:3f:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Feb 25 17:59:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1b36d6e0e36f6e2a69babf45c4b14438b3410dad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:7d:47:8d:1f:97:7c:5c:bf:b6:7d:23:2f:aa:
f1:6f:ed:84:a7:12:b9:41:98:d6:f9:fc:9f:f3:25:
77:6d:0e:b8:e3:f6:b9:29:e5:af:a5:71:4e:0d:35:
1e:90:14:a9:ba:7d:f2:4c:c9:2c:32:4a:bd:ac:88:
34:8c:1b:ca:45:82:2c:ea:cb:c3:fe:25:00:07:ae:
c3:33:2a:f0:46:91:8c:13:16:f2:58:a1:60:4c:45:
17:59:73:3c:ee:0a:ff:b9:21:17:d5:28:74:8e:49:
98:29:b6:f4:6c:51:20:89:c2:a6:1b:12:57:18:7d:
0f:b9:cf:39:13:9a:bb:d1:ec:38:fc:1c:dc:2c:c3:
b6:4e:ba:47:20:ab:ed:34:f6:fc:47:67:75:e0:ab:
13:5e:78:2e:83:e2:d0:04:e8:64:d2:a5:4e:50:28:
b2:99:c3:47:ca:7f:67:b2:f7:7a:0a:e6:78:86:8d:
b3:dd:31:e3:1f:3a:3f:61:a9:4a:fa:7c:6f:36:dc:
42:14:a8:ae:c0:dd:37:19:4d:4e:b0:0f:e5:c8:43:
df:5e:3b:fa:c1:b7:ec:59:cf:b4:2b:d1:65:66:c4:
a9:50:64:b7:c3:37:83:b9:34:b2:97:2f:30:4e:18:
82:5d:cd:b9:df:8f:ca:ed:38:50:a8:fb:5a:8d:96:
67:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:36:D6:E0:E3:6F:6E:2A:69:BA:BF:45:C4:B1:44:38:B3:41:0D:AD
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/GzbW4ONvbippur9FxLFEOLNBDa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.130.0/23
141.105.140.0/22
212.79.112.0-212.79.121.255
212.87.160.0/21
212.87.172.0-212.87.179.255
212.87.182.0-212.87.191.255
Signature Algorithm: sha256WithRSAEncryption
b7:5e:12:e9:ca:78:70:86:09:dd:c1:55:9a:37:13:14:a5:a5:
63:2e:25:ef:cc:e0:16:56:3a:e8:2f:ce:db:1a:cf:ff:3d:cf:
6c:d9:1b:ce:11:0a:3d:38:7a:ee:94:5c:33:57:c5:2f:ce:b0:
dd:5b:53:fc:bb:f3:74:c9:93:42:ad:9e:e0:6d:55:12:87:71:
ac:1f:7b:dd:84:66:e9:87:b1:6f:7d:d9:bf:ad:b4:66:71:73:
5a:ee:87:04:5c:55:8a:49:61:4d:08:87:dc:5f:6b:7f:18:b6:
a6:1d:59:0c:6c:92:fb:4f:78:46:65:10:4e:36:cb:bd:a3:b9:
c2:0e:05:81:0d:3f:f3:10:f1:62:84:d4:ec:32:70:df:4b:56:
3a:fd:1d:fa:d2:76:0c:fb:c0:1f:c0:c0:2e:ad:78:d3:59:ea:
0b:c8:5c:6a:03:59:c4:62:54:8d:dc:0d:0b:00:bf:7b:1d:89:
6f:cf:cf:97:e0:5f:9a:a6:12:bc:fc:79:80:22:45:08:ac:bc:
ec:31:7e:bb:7b:74:7b:cd:a6:b8:81:2e:a3:81:d0:9f:7a:3c:
c5:e5:f3:69:1b:f2:fb:13:96:29:15:06:b6:0f:b9:e0:00:0a:
50:c2:a6:0b:ad:fc:44:28:37:bd:03:99:88:bf:6a:ab:53:51:
9e:b4:6e:91
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYaJuqWzOYRwIaLPI9Bclz8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjMwMjI1MTc1OTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjM2ZDZlMGUzNmY2ZTJhNjliYWJmNDVjNGIxNDQzOGIzNDEwZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjn1HjR+XfFy/tn0jL6rxb+2EpxK5
QZjW+fyf8yV3bQ644/a5KeWvpXFODTUekBSpun3yTMksMkq9rIg0jBvKRYIs6svD
/iUAB67DMyrwRpGMExbyWKFgTEUXWXM87gr/uSEX1Sh0jkmYKbb0bFEgicKmGxJX
GH0Puc85E5q70ew4/BzcLMO2TrpHIKvtNPb8R2d14KsTXngug+LQBOhk0qVOUCiy
mcNHyn9nsvd6CuZ4ho2z3THjHzo/YalK+nxvNtxCFKiuwN03GU1OsA/lyEPfXjv6
wbfsWc+0K9FlZsSpUGS3wzeDuTSyly8wThiCXc2534/K7ThQqPtajZZnIwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBs21uDjb24qabq/RcSxRDizQQ2tMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvR3piVzRPTnZiaXBwdXI5RnhMRkVPTE5CRGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBjWmCAwQC
jWmMMAwDBATUT3ADBAHUT3gDBAPUV6AwDAMEAtRXrAMEAtRXsDAMAwQB1Fe2AwQG
1FeAMA0GCSqGSIb3DQEBCwUAA4IBAQC3XhLpynhwhgndwVWaNxMUpaVjLiXvzOAW
VjroL87bGs//Pc9s2RvOEQo9OHrulFwzV8UvzrDdW1P8u/N0yZNCrZ7gbVUSh3Gs
H3vdhGbph7Fvfdm/rbRmcXNa7ocEXFWKSWFNCIfcX2t/GLamHVkMbJL7T3hGZRBO
Nsu9o7nCDgWBDT/zEPFihNTsMnDfS1Y6/R360nYM+8AfwMAurXjTWeoLyFxqA1nE
YlSN3A0LAL97HYlvz8+X4F+aphK8/HmAIkUIrLzsMX67e3R7zaa4gS6jgdCfejzF
5fNpG/L7E5YpFQa2D7ngAApQwqYLrfxEKDe9A5mIv2qrU1GetG6R
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:44:12 2025 by rpki-client