Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/opnbpgmjQSgwlrdwrKNY_eHBXEM.roa
File: opnbpgmjQSgwlrdwrKNY_eHBXEM.roa (raw, json)
Hash identifier: SyF+6VEk1lo9tjW7+53nIHYBMAyjtvJu7w/WqZI8j9k=
Subject key identifier: A2:99:DB:A6:09:A3:41:28:30:96:B7:70:AC:A3:58:FD:E1:C1:5C:43
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0226E450
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/opnbpgmjQSgwlrdwrKNY_eHBXEM.roa
Signing time: Tue 22 Feb 2022 15:13:28 +0000
ROA not before: Tue 22 Feb 2022 15:13:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 62.182.172.0/22 maxlen: 22
62.182.168.0/22 maxlen: 22
185.65.68.0/24 maxlen: 24
194.15.152.0/22 maxlen: 22
83.97.100.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 36103248 (0x226e450)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Feb 22 15:13:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a299dba609a341283096b770aca358fde1c15c43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:71:14:ba:8f:e0:05:86:25:d2:84:f9:e7:58:
6e:26:c5:d6:f4:50:20:89:54:7b:c0:e6:52:33:42:
43:8e:3f:d4:16:e2:6f:73:41:ab:25:9b:04:f5:45:
6c:92:ac:7e:b4:2a:c2:5a:81:b8:c3:fb:b6:2d:f2:
6c:46:d7:7b:97:26:4e:8f:27:ca:3c:47:6e:72:0c:
44:94:ef:d5:a7:a1:40:be:4a:a8:c7:3f:26:d8:9c:
8e:bf:2a:71:9a:99:b5:16:6a:d0:de:30:69:80:a3:
ae:24:e1:97:b4:d8:e9:4b:d2:99:56:f9:f8:62:47:
b1:3f:90:29:9b:13:5b:76:dd:63:67:a4:e6:d8:07:
43:b4:ba:18:bc:41:93:b4:1c:fa:3c:4f:f8:f5:ca:
ac:21:59:7f:14:e6:73:7b:1b:90:9d:d5:91:dd:83:
b5:f1:2e:5a:83:62:a5:53:a1:ba:f8:30:aa:e0:6e:
2c:ac:a7:e7:99:fb:bd:6a:e4:b8:41:2d:db:8f:20:
0a:d1:ea:c5:45:9c:d8:4f:17:a7:d3:5e:a0:78:e1:
d8:be:02:e4:bb:7f:5b:35:88:98:dd:15:68:e6:35:
8d:2a:e7:24:86:cf:f3:d2:c0:2c:98:7b:54:dc:95:
92:08:dd:01:dc:54:b1:f7:8b:2f:9c:40:7f:cf:e1:
8c:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:99:DB:A6:09:A3:41:28:30:96:B7:70:AC:A3:58:FD:E1:C1:5C:43
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/opnbpgmjQSgwlrdwrKNY_eHBXEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/21
83.97.100.0/22
185.65.68.0/24
194.15.152.0/22
Signature Algorithm: sha256WithRSAEncryption
47:1f:9d:0d:f8:bd:84:83:1f:01:87:c7:96:0b:fb:63:d2:e0:
fe:e9:10:b5:36:e8:e7:84:ae:1f:53:29:79:81:c3:5b:67:52:
06:c7:61:b9:f2:66:8b:0e:c4:1c:25:1a:4f:65:13:7a:0b:e7:
c3:1c:a8:27:29:a7:dc:3a:e0:5b:4c:72:4a:c0:e9:61:a9:b4:
29:71:77:5e:a5:c7:d2:b4:71:e9:b7:ac:af:b0:51:0e:cf:57:
4c:4a:01:dd:45:f8:29:c6:74:f5:ee:ce:58:82:1f:f0:ec:0e:
c0:2d:d6:57:08:f1:df:ee:16:d1:70:8b:f1:8a:20:d1:fa:11:
84:83:a3:ea:d0:15:8e:48:78:c3:7a:dd:48:39:cd:81:a5:10:
ff:4c:87:f2:0a:d3:40:6f:1d:6a:35:7b:d8:07:5e:65:8b:eb:
43:9f:ff:a1:d0:4c:07:46:9d:19:8b:ed:61:b2:d9:f1:2d:c0:
b7:fb:e5:5d:44:4c:d2:14:8b:d9:96:1c:5a:b0:cb:85:86:03:
49:57:b0:eb:d0:91:2e:05:33:b1:a2:13:db:b0:23:a0:39:1e:
04:d0:1b:dd:ef:27:30:8b:04:80:9f:5c:e7:8d:a0:8f:d6:2c:
0a:1a:4d:ae:25:e1:da:d7:48:11:91:d8:f2:9e:7a:b9:a8:0f:
6e:19:fc:94
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEAibkUDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YzRlZDk0MmU1Yzc0MmU3N2JmYjliZWI5NTRmODcyNTM0ZjUyODQ4MB4XDTIyMDIy
MjE1MTMyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTI5OWRiYTYwOWEz
NDEyODMwOTZiNzcwYWNhMzU4ZmRlMWMxNWM0MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMFxFLqP4AWGJdKE+edYbibF1vRQIIlUe8DmUjNCQ44/1Bbi
b3NBqyWbBPVFbJKsfrQqwlqBuMP7ti3ybEbXe5cmTo8nyjxHbnIMRJTv1aehQL5K
qMc/Jticjr8qcZqZtRZq0N4waYCjriThl7TY6UvSmVb5+GJHsT+QKZsTW3bdY2ek
5tgHQ7S6GLxBk7Qc+jxP+PXKrCFZfxTmc3sbkJ3Vkd2DtfEuWoNipVOhuvgwquBu
LKyn55n7vWrkuEEt248gCtHqxUWc2E8Xp9NeoHjh2L4C5Lt/WzWImN0VaOY1jSrn
JIbP89LALJh7VNyVkgjdAdxUsfeLL5xAf8/hjCMCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSimdumCaNBKDCWt3Cso1j94cFcQzAfBgNVHSMEGDAWgBQ8TtlC5cdC53v7
m+uVT4clNPUoSDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BFN1pRdVhIUXVkNy01dnJsVS1ISlRUMUtFZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjYvMWJiNDVhLTU1MWMtNDk2Ny05NWNhLTc3MzQ0YmNjOTE5MS8x
L29wbmJwZ21qUVNnd2xyZHdyS05ZX2VIQlhFTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYv
MWJiNDVhLTU1MWMtNDk2Ny05NWNhLTc3MzQ0YmNjOTE5MS8xL1BFN1pRdVhIUXVk
Ny01dnJsVS1ISlRUMUtFZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAz62qAMEAlNhZAMEALlBRAMEAsIP
mDANBgkqhkiG9w0BAQsFAAOCAQEARx+dDfi9hIMfAYfHlgv7Y9Lg/ukQtTbo54Su
H1MpeYHDW2dSBsdhufJmiw7EHCUaT2UTegvnwxyoJymn3DrgW0xySsDpYam0KXF3
XqXH0rRx6besr7BRDs9XTEoB3UX4KcZ09e7OWIIf8OwOwC3WVwjx3+4W0XCL8Yog
0foRhIOj6tAVjkh4w3rdSDnNgaUQ/0yH8grTQG8dajV72AdeZYvrQ5//odBMB0ad
GYvtYbLZ8S3At/vlXURM0hSL2ZYcWrDLhYYDSVew69CRLgUzsaIT27AjoDkeBNAb
3e8nMIsEgJ9c542gj9YsChpNriXh2tdIEZHY8p56uagPbhn8lA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:36:31 2025 by rpki-client