Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/PlS1XMk1N4PF3_vGGkd9HyJ5tLI.roa
File: PlS1XMk1N4PF3_vGGkd9HyJ5tLI.roa (raw, json)
Hash identifier: b7twnYji4rDfwPiLrt/1qZfw5L9xgmHTS61y+oq34xA=
Subject key identifier: 3E:54:B5:5C:C9:35:37:83:C5:DF:FB:C6:1A:47:7D:1F:22:79:B4:B2
Certificate issuer: /CN=fad949f66253543ee89b9196390736b5a6ed7cb8
Certificate serial: 018C6D31C0C5636D5AE782902E97D10058D9
Authority key identifier: FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/PlS1XMk1N4PF3_vGGkd9HyJ5tLI.roa
Signing time: Fri 15 Dec 2023 11:17:06 +0000
ROA not before: Fri 15 Dec 2023 11:17:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 14445
IP address blocks: 185.218.2.0/24 maxlen: 24
2a11:2800:4f07::/48 maxlen: 48
2a11:2800:2047::/48 maxlen: 48
2a11:2800:b41d::/48 maxlen: 48
2a11:2800:215b::/48 maxlen: 48
2a11:2800:3dc6::/48 maxlen: 48
2a11:2800:792e::/48 maxlen: 48
2a11:2800:761::/48 maxlen: 48
2a11:2800:131c::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6d:31:c0:c5:63:6d:5a:e7:82:90:2e:97:d1:00:58:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fad949f66253543ee89b9196390736b5a6ed7cb8
Validity
Not Before: Dec 15 11:17:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e54b55cc9353783c5dffbc61a477d1f2279b4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:cf:37:63:67:8b:79:88:91:ac:a3:48:98:cd:
f8:c8:18:e1:7d:3b:22:f8:38:ee:36:ee:82:31:9c:
c0:ae:57:c4:2d:a1:72:05:36:08:2b:84:3c:b8:1a:
d2:d5:00:c5:f3:ea:12:cc:8b:5e:a7:e5:f5:ff:85:
34:f0:b6:63:ea:2d:4f:c8:ad:7b:19:1f:d1:12:6b:
80:68:2e:68:8f:f7:7d:76:d6:e7:27:81:e8:64:cd:
e6:c1:75:d2:3c:7d:1f:e0:12:77:40:6a:dd:23:8f:
71:d7:f7:5b:04:9e:dd:e5:b7:8b:36:91:62:71:a8:
b3:29:31:55:21:5e:f1:46:63:75:1d:9b:a2:7c:03:
9f:13:a9:c5:69:5a:05:3b:05:82:8c:93:19:93:2a:
21:5c:09:a7:60:ed:dc:77:79:0c:45:b5:28:83:f6:
be:51:9c:cf:bc:f8:98:42:02:6d:0e:a1:c4:e4:ad:
06:fa:2c:2b:7c:ba:a5:e4:6f:b1:31:7e:8c:01:42:
40:d8:8d:4d:05:51:d9:f3:dd:a9:78:48:dd:4b:53:
3b:43:2d:21:eb:e5:8d:c5:0a:c8:98:e1:83:1b:8a:
86:b7:7a:aa:b1:6f:7b:d5:04:a5:e0:9c:04:b9:b2:
83:75:03:2c:f0:40:a6:25:08:fb:10:fd:99:b2:98:
69:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:54:B5:5C:C9:35:37:83:C5:DF:FB:C6:1A:47:7D:1F:22:79:B4:B2
X509v3 Authority Key Identifier:
keyid:FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/PlS1XMk1N4PF3_vGGkd9HyJ5tLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.218.2.0/24
IPv6:
2a11:2800:761::/48
2a11:2800:131c::/48
2a11:2800:2047::/48
2a11:2800:215b::/48
2a11:2800:3dc6::/48
2a11:2800:4f07::/48
2a11:2800:792e::/48
2a11:2800:b41d::/48
Signature Algorithm: sha256WithRSAEncryption
26:ab:6e:56:9d:c5:ff:61:13:dc:41:0b:b7:ee:61:df:62:a5:
30:0c:c9:77:99:41:29:94:c9:8d:b0:4d:78:fa:83:14:7e:c5:
e0:9a:49:ac:8b:97:33:4d:90:7a:78:af:32:97:f0:4e:99:6f:
2e:7b:9c:69:4f:6b:06:03:3e:62:02:0b:ce:36:cd:bd:ca:3b:
14:b2:ac:76:c6:9d:2a:10:05:07:50:a9:5f:5d:43:f0:55:02:
f6:87:8f:3d:9e:af:4a:e6:44:43:ee:b4:6d:0a:72:86:ab:b1:
29:f3:79:4e:29:4d:69:65:db:ad:da:d1:bd:41:70:cd:65:2e:
f9:dd:6a:77:24:82:05:ca:c1:d2:9e:ce:4b:c8:ee:7e:a3:15:
ad:39:b1:45:04:15:87:fc:ad:4c:3a:87:17:9c:5a:bb:bd:45:
97:cd:72:56:2e:9e:52:1f:63:22:34:e4:6f:08:ad:f4:55:af:
4d:06:14:77:dc:6e:b4:a5:ec:19:e6:d5:b4:4d:5e:fb:c1:55:
2d:19:33:a6:c2:5c:74:d9:cc:b1:a5:65:72:bb:6b:cb:42:e2:
2c:34:66:77:d2:9f:47:2f:c7:f0:77:8f:48:7c:e7:ae:a7:bf:
9a:81:52:13:eb:d6:8d:0d:51:31:d1:09:a4:e4:b5:b7:b2:a9:
03:90:37:e0
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYxtMcDFY21a54KQLpfRAFjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDk0OWY2NjI1MzU0M2VlODliOTE5NjM5MDczNmI1YTZl
ZDdjYjgwHhcNMjMxMjE1MTExNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTU0YjU1Y2M5MzUzNzgzYzVkZmZiYzYxYTQ3N2QxZjIyNzliNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps83Y2eLeYiRrKNImM34yBjhfTsi
+DjuNu6CMZzArlfELaFyBTYIK4Q8uBrS1QDF8+oSzItep+X1/4U08LZj6i1PyK17
GR/REmuAaC5oj/d9dtbnJ4HoZM3mwXXSPH0f4BJ3QGrdI49x1/dbBJ7d5beLNpFi
caizKTFVIV7xRmN1HZuifAOfE6nFaVoFOwWCjJMZkyohXAmnYO3cd3kMRbUog/a+
UZzPvPiYQgJtDqHE5K0G+iwrfLql5G+xMX6MAUJA2I1NBVHZ892peEjdS1M7Qy0h
6+WNxQrImOGDG4qGt3qqsW971QSl4JwEubKDdQMs8ECmJQj7EP2ZsphpDwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFD5UtVzJNTeDxd/7xhpHfR8iebSyMB8GA1UdIwQY
MBaAFPrZSfZiU1Q+6JuRljkHNrWm7Xy4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10bEo5bUpUVkQ3b201R1dPUWMydGFidGZMZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3
LTY0ZWVjYWVkMTFkYy8xL1BsUzFYTWsxTjRQRjNfdkdHa2Q5SHlKNXRMSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3LTY0ZWVjYWVkMTFk
Yy8xLzEtdGxKOW1KVFZEN29tNUdXT1FjMnRhYnRmTGcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwbwYIKwYBBQUHAQcBAf8EYDBeMAwEAgABMAYDBAC52gIw
TgQCAAIwSAMHACoRKAAHYQMHACoRKAATHAMHACoRKAAgRwMHACoRKAAhWwMHACoR
KAA9xgMHACoRKABPBwMHACoRKAB5LgMHACoRKAC0HTANBgkqhkiG9w0BAQsFAAOC
AQEAJqtuVp3F/2ET3EELt+5h32KlMAzJd5lBKZTJjbBNePqDFH7F4JpJrIuXM02Q
enivMpfwTplvLnucaU9rBgM+YgILzjbNvco7FLKsdsadKhAFB1CpX11D8FUC9oeP
PZ6vSuZEQ+60bQpyhquxKfN5TilNaWXbrdrRvUFwzWUu+d1qdySCBcrB0p7OS8ju
fqMVrTmxRQQVh/ytTDqHF5xau71Fl81yVi6eUh9jIjTkbwit9FWvTQYUd9xutKXs
GebVtE1e+8FVLRkzpsJcdNnMsaVlcrtry0LiLDRmd9KfRy/H8HePSHznrqe/moFS
E+vWjQ1RMdEJpOS1t7KpA5A34A==
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:00:43 2025 by rpki-client