Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/x0F1kNbqx0aKqFeagcnA_IZoQM8.roa
File: x0F1kNbqx0aKqFeagcnA_IZoQM8.roa (raw, json)
Hash identifier: HQpq5WaI+YRux+Qd6B+Rfuz5OCvkgaIggY8RYgcmpKE=
Subject key identifier: C7:41:75:90:D6:EA:C7:46:8A:A8:57:9A:81:C9:C0:FC:86:68:40:CF
Certificate issuer: /CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Certificate serial: 018CC9BCE0C80D630C88905202E67DB1D744
Authority key identifier: E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/x0F1kNbqx0aKqFeagcnA_IZoQM8.roa
Signing time: Tue 02 Jan 2024 10:34:07 +0000
ROA not before: Tue 02 Jan 2024 10:34:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47165
IP address blocks: 185.13.176.0/22 maxlen: 22
62.182.192.0/21 maxlen: 21
178.74.64.0/18 maxlen: 18
94.137.16.0/20 maxlen: 20
94.137.32.0/20 maxlen: 20
94.137.48.0/20 maxlen: 20
176.62.64.0/18 maxlen: 18
109.120.0.0/20 maxlen: 20
109.120.16.0/20 maxlen: 20
46.233.192.0/18 maxlen: 18
217.25.208.0/20 maxlen: 20
109.120.32.0/20 maxlen: 20
94.137.0.0/20 maxlen: 20
109.120.48.0/20 maxlen: 20
2a02:ddc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:e0:c8:0d:63:0c:88:90:52:02:e6:7d:b1:d7:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Validity
Not Before: Jan 2 10:34:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c7417590d6eac7468aa8579a81c9c0fc866840cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:24:33:ce:4c:f6:03:57:bd:1d:73:30:35:75:
b3:c9:20:99:37:68:44:28:b2:91:73:d8:d2:9d:0d:
74:e2:42:79:3c:0a:ce:24:b9:f1:4b:1c:79:76:4c:
3d:2c:98:74:1e:f2:6b:1e:57:f5:7c:fd:74:c8:b6:
8f:87:ae:22:9f:5e:fe:79:4d:bb:4c:9d:a2:48:15:
28:7c:88:b1:56:c2:db:db:56:0a:6e:e3:b9:ff:06:
c8:a4:d8:a7:6c:49:f9:47:b6:62:04:a3:2e:87:e0:
0c:15:a7:3c:ac:b2:d1:e0:94:f5:f8:78:68:dd:41:
b2:e6:c2:07:44:f1:7a:1d:eb:40:4b:90:2a:b3:d3:
02:42:8d:27:1e:1f:e7:9f:3f:d7:55:7b:34:01:d2:
61:f1:38:95:2a:bf:c3:2e:23:83:6e:f1:33:91:aa:
c3:27:02:91:d2:cd:bd:f6:ca:b0:dc:18:b1:3d:47:
32:d2:33:1a:1e:25:c8:74:e7:40:6f:dd:fc:0d:f8:
c1:20:87:59:cf:d8:91:23:64:94:5d:98:d1:a2:3f:
f5:05:f6:40:82:c5:b7:0d:2d:97:16:f1:f2:b6:18:
01:6d:f2:39:3d:82:fd:de:2c:7d:d2:e4:a0:a2:80:
0d:d5:71:26:8d:9a:a4:e0:54:6b:27:51:d6:84:85:
79:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:41:75:90:D6:EA:C7:46:8A:A8:57:9A:81:C9:C0:FC:86:68:40:CF
X509v3 Authority Key Identifier:
keyid:E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/x0F1kNbqx0aKqFeagcnA_IZoQM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.233.192.0/18
62.182.192.0/21
94.137.0.0/18
109.120.0.0/18
176.62.64.0/18
178.74.64.0/18
185.13.176.0/22
217.25.208.0/20
IPv6:
2a02:ddc0::/29
Signature Algorithm: sha256WithRSAEncryption
00:fd:72:1a:fc:02:cf:65:d3:f5:15:c0:2d:8d:0c:2a:8b:89:
51:9b:d4:dd:43:cd:25:fb:7d:20:d3:81:72:c3:42:15:54:34:
50:b0:56:1b:13:d7:b6:4d:36:a5:c4:e2:a3:1d:62:a6:8f:d1:
a3:ff:3b:8e:5a:1e:01:a8:af:f6:cf:91:12:7c:53:12:2e:98:
7c:8d:36:12:9d:0a:88:ba:68:ce:dc:dd:a7:03:8e:03:6f:2d:
c7:5e:7c:1a:5a:43:02:11:30:3a:d2:cf:75:2d:70:b0:2b:2f:
3e:91:0a:30:46:c9:85:67:a2:02:5e:6b:26:59:c6:98:74:16:
f9:22:c5:48:83:b8:d8:fa:28:5a:e1:a9:be:9b:81:db:f4:ec:
7d:22:18:09:b2:0d:ea:94:64:52:45:33:91:26:bc:a6:fc:a0:
4d:89:2f:59:6d:e2:43:2b:7e:02:bc:35:02:49:21:7d:f4:a9:
a5:0f:2e:b8:5d:ad:8d:51:c3:02:b3:0a:d5:ee:53:a9:d4:c6:
1a:90:d1:fd:90:c5:c6:7d:02:da:a0:94:56:48:ce:88:75:0d:
17:d2:18:87:f3:99:19:75:98:3a:a3:99:97:1c:2d:c4:c9:74:
8e:c5:0a:00:3a:8c:a0:3d:07:6f:3e:2d:cf:3c:dc:a8:9b:46:
4f:b2:18:ed
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzJvODIDWMMiJBSAuZ9sddEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjEzMDYxMDFjYzllYzlmY2U5ODUyODBjMWRiMGYzN2Mx
MzVhM2EwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQxNzU5MGQ2ZWFjNzQ2OGFhODU3OWE4MWM5YzBmYzg2Njg0MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCQzzkz2A1e9HXMwNXWzySCZN2hE
KLKRc9jSnQ104kJ5PArOJLnxSxx5dkw9LJh0HvJrHlf1fP10yLaPh64in17+eU27
TJ2iSBUofIixVsLb21YKbuO5/wbIpNinbEn5R7ZiBKMuh+AMFac8rLLR4JT1+Hho
3UGy5sIHRPF6HetAS5Aqs9MCQo0nHh/nnz/XVXs0AdJh8TiVKr/DLiODbvEzkarD
JwKR0s299sqw3BixPUcy0jMaHiXIdOdAb938DfjBIIdZz9iRI2SUXZjRoj/1BfZA
gsW3DS2XFvHythgBbfI5PYL93ix90uSgooAN1XEmjZqk4FRrJ1HWhIV5aQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFMdBdZDW6sdGiqhXmoHJwPyGaEDPMB8GA1UdIwQY
MBaAFOSxMGEBzJ7J/OmFKAwdsPN8E1o6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUt
ZmE2MzQ4ZjY5NWI1LzEveDBGMWtOYnF4MGFLcUZlYWdjbkFfSVpvUU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUtZmE2MzQ4ZjY5NWI1
LzEvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQGLunAAwQD
PrbAAwQGXokAAwQGbXgAAwQGsD5AAwQGskpAAwQCuQ2wAwQE2RnQMA0EAgACMAcD
BQMqAt3AMA0GCSqGSIb3DQEBCwUAA4IBAQAA/XIa/ALPZdP1FcAtjQwqi4lRm9Td
Q80l+30g04Fyw0IVVDRQsFYbE9e2TTalxOKjHWKmj9Gj/zuOWh4BqK/2z5ESfFMS
Lph8jTYSnQqIumjO3N2nA44Dby3HXnwaWkMCETA60s91LXCwKy8+kQowRsmFZ6IC
XmsmWcaYdBb5IsVIg7jY+iha4am+m4Hb9Ox9IhgJsg3qlGRSRTORJrym/KBNiS9Z
beJDK34CvDUCSSF99KmlDy64Xa2NUcMCswrV7lOp1MYakNH9kMXGfQLaoJRWSM6I
dQ0X0hiH85kZdZg6o5mXHC3EyXSOxQoAOoygPQdvPi3PPNyom0ZPshjt
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:21:22 2025 by rpki-client