Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/Gl1zzIGOwwgmLbLRPyzkaMfnRHk.roa
File: Gl1zzIGOwwgmLbLRPyzkaMfnRHk.roa (raw, json)
Hash identifier: h7ethxAKsy6XaYhmPHFZBNW+Wejl8ujxHMZ/3mkXtqI=
Subject key identifier: 1A:5D:73:CC:81:8E:C3:08:26:2D:B2:D1:3F:2C:E4:68:C7:E7:44:79
Certificate issuer: /CN=61b195d13050ff3c468a149778710b53582251d9
Certificate serial: 0187B80EF7C7E504DA231521BB52BD724BF8
Authority key identifier: 61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/Gl1zzIGOwwgmLbLRPyzkaMfnRHk.roa
Signing time: Tue 25 Apr 2023 10:56:41 +0000
ROA not before: Tue 25 Apr 2023 10:56:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15925
IP address blocks: 46.21.0.0/20 maxlen: 20
87.253.240.0/21 maxlen: 21
87.253.240.0/20 maxlen: 20
87.253.248.0/21 maxlen: 21
213.135.192.0/19 maxlen: 19
2a01:7f8::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:b8:0e:f7:c7:e5:04:da:23:15:21:bb:52:bd:72:4b:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b195d13050ff3c468a149778710b53582251d9
Validity
Not Before: Apr 25 10:56:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1a5d73cc818ec308262db2d13f2ce468c7e74479
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:d3:b2:ef:97:f2:c1:b5:e7:9c:24:1c:b8:5e:
1b:75:4c:1d:d2:10:5c:90:8b:97:bf:f2:23:35:61:
2d:de:4e:6b:a4:5b:c4:d8:8f:54:ee:76:bd:7f:80:
14:be:be:62:40:36:89:9d:2a:55:4a:87:de:e6:2f:
38:c4:0f:60:b9:dd:33:d4:8f:9f:c6:26:1a:76:18:
c8:18:c1:6c:0a:f8:72:9d:87:88:69:25:ce:e9:d3:
e5:14:2a:56:3b:27:f9:9f:5e:6b:e5:90:7f:d8:1e:
44:8f:57:5b:9f:ba:cd:e2:6e:d9:f8:e5:2e:2b:9a:
be:d7:e7:cd:ee:f6:db:4a:c6:0d:f5:79:67:be:4f:
93:36:a7:4b:7e:b8:67:73:e3:14:b8:cd:36:bf:1f:
9b:9c:1e:ab:6e:69:9b:80:3e:0f:a9:7e:3b:57:5f:
53:fb:b9:81:85:5c:f5:43:ee:2e:85:32:df:85:d4:
02:a5:38:03:ac:30:1f:6a:a4:8c:c6:f5:e4:c2:b4:
e8:49:c3:f1:b1:44:41:19:b6:88:f8:15:34:37:b4:
bd:fc:0b:cc:72:92:f4:73:0f:4c:1d:c3:69:c5:08:
68:d7:f4:08:5b:ac:0b:e0:97:81:e9:45:cc:4b:18:
94:1c:cb:3d:28:bc:9a:5d:5e:cd:a3:d1:d3:54:8d:
c8:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:5D:73:CC:81:8E:C3:08:26:2D:B2:D1:3F:2C:E4:68:C7:E7:44:79
X509v3 Authority Key Identifier:
keyid:61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/Gl1zzIGOwwgmLbLRPyzkaMfnRHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.0.0/20
87.253.240.0/20
213.135.192.0/19
IPv6:
2a01:7f8::/29
Signature Algorithm: sha256WithRSAEncryption
25:41:b3:4d:11:b2:a3:d1:b0:a1:93:de:9d:18:53:f5:37:42:
90:8c:96:da:3a:d4:e7:ee:0f:0e:a6:d0:5f:7f:e9:c1:11:06:
e0:eb:41:d2:50:63:0d:7a:b7:ae:57:14:fa:a8:be:36:de:56:
4a:ab:6e:00:c9:69:b1:f6:d7:f8:95:1c:0c:87:9d:7e:54:ce:
25:25:5a:86:af:2d:91:c2:b6:b5:79:b1:a0:8b:92:9a:f1:f3:
e0:d3:e5:67:57:6b:79:2c:13:a5:22:bc:c8:48:71:a2:80:7b:
02:e9:7f:e4:73:87:8d:cd:30:39:f3:a1:99:ff:cb:b5:49:59:
7e:c4:ae:4b:56:dd:c2:b4:cc:0f:2c:0e:0f:37:59:a7:a7:bc:
1f:38:b5:bb:0a:8d:bd:43:ed:c4:90:1f:13:8f:c5:73:82:f0:
9b:d9:a8:77:e6:0d:e7:61:6e:67:22:cd:89:50:8b:57:fd:93:
f7:41:c8:0f:c6:98:86:fc:6b:08:cb:14:21:ac:33:5c:1e:04:
fd:b8:03:41:b3:4c:f3:23:3a:7a:25:db:40:8c:0c:f5:a9:d8:
1d:ae:10:e5:58:92:79:48:a4:dd:1d:03:4f:9d:52:38:5c:df:
93:9d:08:7b:c9:dc:d0:cf:c6:c0:52:ae:02:8a:26:4c:d1:5d:
a5:5b:18:01
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYe4DvfH5QTaIxUhu1K9ckv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjE5NWQxMzA1MGZmM2M0NjhhMTQ5Nzc4NzEwYjUzNTgy
MjUxZDkwHhcNMjMwNDI1MTA1NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVkNzNjYzgxOGVjMzA4MjYyZGIyZDEzZjJjZTQ2OGM3ZTc0NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtOy75fywbXnnCQcuF4bdUwd0hBc
kIuXv/IjNWEt3k5rpFvE2I9U7na9f4AUvr5iQDaJnSpVSofe5i84xA9gud0z1I+f
xiYadhjIGMFsCvhynYeIaSXO6dPlFCpWOyf5n15r5ZB/2B5Ej1dbn7rN4m7Z+OUu
K5q+1+fN7vbbSsYN9Xlnvk+TNqdLfrhnc+MUuM02vx+bnB6rbmmbgD4PqX47V19T
+7mBhVz1Q+4uhTLfhdQCpTgDrDAfaqSMxvXkwrToScPxsURBGbaI+BU0N7S9/AvM
cpL0cw9MHcNpxQho1/QIW6wL4JeB6UXMSxiUHMs9KLyaXV7No9HTVI3IBwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBpdc8yBjsMIJi2y0T8s5GjH50R5MB8GA1UdIwQY
MBaAFGGxldEwUP88RooUl3hxC1NYIlHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2It
YmFjNDcyYWI3YjZhLzEvR2wxenpJR093d2dtTGJMUlB5emthTWZuUkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2ItYmFjNDcyYWI3YjZh
LzEvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQELhUAAwQE
V/3wAwQF1YfAMA0EAgACMAcDBQMqAQf4MA0GCSqGSIb3DQEBCwUAA4IBAQAlQbNN
EbKj0bChk96dGFP1N0KQjJbaOtTn7g8OptBff+nBEQbg60HSUGMNereuVxT6qL42
3lZKq24AyWmx9tf4lRwMh51+VM4lJVqGry2Rwra1ebGgi5Ka8fPg0+VnV2t5LBOl
IrzISHGigHsC6X/kc4eNzTA586GZ/8u1SVl+xK5LVt3CtMwPLA4PN1mnp7wfOLW7
Co29Q+3EkB8Tj8VzgvCb2ah35g3nYW5nIs2JUItX/ZP3QcgPxpiG/GsIyxQhrDNc
HgT9uANBs0zzIzp6JdtAjAz1qdgdrhDlWJJ5SKTdHQNPnVI4XN+TnQh7ydzQz8bA
Uq4CiiZM0V2lWxgB
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:50:41 2025 by rpki-client