Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/u3W9PjSn_bKkAPd60uAZf5foEYo.roa
File: u3W9PjSn_bKkAPd60uAZf5foEYo.roa (raw, json)
Hash identifier: tMzz53XA+722bO9wZlHJt4K/aFDobUY3XwRCt0zmkFg=
Subject key identifier: BB:75:BD:3E:34:A7:FD:B2:A4:00:F7:7A:D2:E0:19:7F:97:E8:11:8A
Certificate issuer: /CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
Certificate serial: 0185720C82E3A2746B9646DFA074EDB4BE74
Authority key identifier: F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/u3W9PjSn_bKkAPd60uAZf5foEYo.roa
Signing time: Mon 02 Jan 2023 10:35:00 +0000
ROA not before: Mon 02 Jan 2023 10:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.162.144.0/24 maxlen: 24
185.162.145.0/24 maxlen: 24
185.162.146.0/24 maxlen: 24
185.162.147.0/24 maxlen: 24
185.171.24.0/24 maxlen: 24
185.171.26.0/24 maxlen: 24
185.171.25.0/24 maxlen: 24
185.171.27.0/24 maxlen: 24
185.247.136.0/24 maxlen: 24
185.247.139.0/24 maxlen: 24
185.247.137.0/24 maxlen: 24
185.247.138.0/24 maxlen: 24
45.136.105.0/24 maxlen: 24
45.136.104.0/24 maxlen: 24
185.26.144.0/24 maxlen: 24
185.26.145.0/24 maxlen: 24
185.26.146.0/24 maxlen: 24
185.26.147.0/24 maxlen: 24
185.126.179.0/24 maxlen: 24
185.126.177.0/24 maxlen: 24
185.126.178.0/24 maxlen: 24
185.126.176.0/24 maxlen: 24
45.136.106.0/24 maxlen: 24
45.136.107.0/24 maxlen: 24
185.153.228.0/24 maxlen: 24
185.153.229.0/24 maxlen: 24
185.153.230.0/24 maxlen: 24
185.153.231.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:0c:82:e3:a2:74:6b:96:46:df:a0:74:ed:b4:be:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
Validity
Not Before: Jan 2 10:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bb75bd3e34a7fdb2a400f77ad2e0197f97e8118a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:d3:10:f6:61:98:19:9f:20:d4:b1:5e:38:4b:
4d:26:c7:3e:30:41:e6:4e:42:0c:0d:08:8c:fe:86:
78:f4:ac:83:fe:29:dd:1b:12:c2:8b:da:04:b1:53:
f5:78:27:f0:a6:d5:5b:90:24:24:ee:ec:de:80:ee:
91:2e:70:e7:60:86:1c:b4:bb:5d:11:99:81:57:d9:
ce:0e:0a:ca:91:9f:48:89:27:f7:90:d7:21:63:f3:
ce:ed:09:98:b0:44:fb:a5:54:44:4c:bd:13:f2:5b:
1f:b8:26:61:55:57:1d:7d:1a:9a:17:b7:59:2e:9e:
24:33:89:fc:b6:2f:6d:8e:86:bb:42:6a:bd:28:2d:
73:2b:14:44:bd:4f:68:bc:c6:e6:13:8a:60:24:ed:
9b:cf:11:5b:93:9d:57:0f:ee:79:9b:80:ab:e6:01:
90:08:a7:8e:1f:9e:ae:ad:dc:72:c4:37:54:a3:e9:
f9:f3:80:37:97:3c:ec:03:9f:f5:a8:50:5c:8a:ee:
48:7c:a1:9b:2b:fb:21:44:84:10:64:a4:aa:a2:fa:
de:e0:3d:36:0c:35:60:87:d6:3b:88:43:42:c3:79:
40:b5:ce:e3:eb:35:48:7c:ad:43:a5:22:4a:3f:1d:
f0:74:29:7e:e0:a4:5e:ce:37:69:72:b7:93:6a:cd:
b3:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:75:BD:3E:34:A7:FD:B2:A4:00:F7:7A:D2:E0:19:7F:97:E8:11:8A
X509v3 Authority Key Identifier:
keyid:F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/u3W9PjSn_bKkAPd60uAZf5foEYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-CA6DAS4H-F2b6Qb0xtztYgYisc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.136.104.0/22
185.26.144.0/22
185.126.176.0/22
185.153.228.0/22
185.162.144.0/22
185.171.24.0/22
185.247.136.0/22
Signature Algorithm: sha256WithRSAEncryption
15:6b:52:d4:db:ba:e2:a8:3f:8f:27:0f:7d:cb:77:0b:e3:67:
35:73:b3:06:02:88:3a:8c:4e:03:f0:85:6b:25:da:af:9d:13:
5e:96:18:8b:b5:15:6e:24:d0:59:8f:2a:9e:0d:b5:de:8a:ba:
3d:f6:86:bb:6a:f3:d2:d6:71:8c:72:4c:4e:40:c9:26:14:3b:
0c:c0:3c:ca:9c:35:c1:09:e4:7a:06:04:4a:cb:cb:55:93:11:
31:d5:9c:6b:a8:dc:cc:6c:67:89:b0:f3:90:f1:42:f0:74:5d:
9a:d9:13:23:a0:ab:a5:ee:97:46:3a:db:14:7c:ae:e4:47:5c:
a0:1c:d8:fe:b2:f4:95:a6:ca:8f:0c:2b:6d:59:9a:10:54:14:
c7:ab:1c:a1:ae:27:be:25:2b:8e:35:02:7f:f8:f6:31:4d:ab:
86:a1:85:5b:c0:ee:62:d8:df:f7:d0:43:e9:29:4a:a6:6a:06:
00:9f:df:5e:a6:0b:17:ea:59:e8:22:49:2c:f0:15:db:ec:ee:
04:44:28:68:c5:52:64:be:5d:e8:bf:7f:51:e6:bd:db:7c:32:
a9:4c:60:86:de:b3:c8:16:aa:67:ea:90:8a:51:9b:5b:f1:bd:
17:ee:32:35:51:15:5d:2c:df:87:05:d9:b7:77:53:30:a8:cb:
3e:68:4d:6f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVyDILjonRrlkbfoHTttL50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjAzYTBjMDRiODFmZTE3NjZmYTQxYmQzMWI3M2I1ODgx
ODhhYzcwHhcNMjMwMTAyMTAzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjc1YmQzZTM0YTdmZGIyYTQwMGY3N2FkMmUwMTk3Zjk3ZTgxMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtMQ9mGYGZ8g1LFeOEtNJsc+MEHm
TkIMDQiM/oZ49KyD/indGxLCi9oEsVP1eCfwptVbkCQk7uzegO6RLnDnYIYctLtd
EZmBV9nODgrKkZ9IiSf3kNchY/PO7QmYsET7pVRETL0T8lsfuCZhVVcdfRqaF7dZ
Lp4kM4n8ti9tjoa7Qmq9KC1zKxREvU9ovMbmE4pgJO2bzxFbk51XD+55m4Cr5gGQ
CKeOH56urdxyxDdUo+n584A3lzzsA5/1qFBciu5IfKGbK/shRIQQZKSqovre4D02
DDVgh9Y7iENCw3lAtc7j6zVIfK1DpSJKPx3wdCl+4KRezjdpcreTas2zZwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFLt1vT40p/2ypAD3etLgGX+X6BGKMB8GA1UdIwQY
MBaAFPggOgwEuB/hdm+kG9Mbc7WIGIrHMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DQTZEQVM0SC1GMmI2UWIweHR6dFlnWWlzYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvZTE0Y2EzLWRhOGUtNGI1OC04NjNh
LTMzODk2MjBjMWJkNy8xL3UzVzlQalNuX2JLa0FQZDYwdUFaZjVmb0VZby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvZTE0Y2EzLWRhOGUtNGI1OC04NjNhLTMzODk2MjBjMWJk
Ny8xLzEtQ0E2REFTNEgtRjJiNlFiMHh0enRZZ1lpc2MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAItiGgD
BAK5GpADBAK5frADBAK5meQDBAK5opADBAK5qxgDBAK594gwDQYJKoZIhvcNAQEL
BQADggEBABVrUtTbuuKoP48nD33LdwvjZzVzswYCiDqMTgPwhWsl2q+dE16WGIu1
FW4k0FmPKp4Ntd6Kuj32hrtq89LWcYxyTE5AySYUOwzAPMqcNcEJ5HoGBErLy1WT
ETHVnGuo3MxsZ4mw85DxQvB0XZrZEyOgq6Xul0Y62xR8ruRHXKAc2P6y9JWmyo8M
K21ZmhBUFMerHKGuJ74lK441An/49jFNq4ahhVvA7mLY3/fQQ+kpSqZqBgCf316m
CxfqWegiSSzwFdvs7gREKGjFUmS+Xei/f1Hmvdt8MqlMYIbes8gWqmfqkIpRm1vx
vRfuMjVRFV0s34cF2bd3UzCoyz5oTW8=
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:08:13 2025 by rpki-client