Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BCJruW4WIm8iCkkYe38xV3nmLs0.roa
File: BCJruW4WIm8iCkkYe38xV3nmLs0.roa (raw, json)
Hash identifier: qrFZLxOkSysOsyZnft6DAB9qzHSw7tlnpFx71ZUfJcw=
Subject key identifier: 04:22:6B:B9:6E:16:22:6F:22:0A:49:18:7B:7F:31:57:79:E6:2E:CD
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 0187BDD1E1D91079EE0B3F38C4904C7450B3
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BCJruW4WIm8iCkkYe38xV3nmLs0.roa
Signing time: Wed 26 Apr 2023 13:47:41 +0000
ROA not before: Wed 26 Apr 2023 13:47:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3302
IP address blocks: 185.82.0.0/22 maxlen: 22
213.136.128.0/18 maxlen: 24
194.20.0.0/16 maxlen: 24
213.149.192.0/19 maxlen: 19
212.90.0.0/19 maxlen: 24
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
194.153.192.0/20 maxlen: 24
83.211.0.0/16 maxlen: 24
212.110.0.0/19 maxlen: 24
62.94.0.0/16 maxlen: 24
195.62.224.0/19 maxlen: 24
213.198.128.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bd:d1:e1:d9:10:79:ee:0b:3f:38:c4:90:4c:74:50:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Apr 26 13:47:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=04226bb96e16226f220a49187b7f315779e62ecd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:4d:2d:f3:54:01:5f:58:ab:14:a9:e1:fb:bc:
da:b5:f4:ab:8c:ee:20:52:89:df:e5:34:fa:eb:a1:
cc:44:b8:a0:6d:64:9d:e7:ba:e2:23:28:bc:72:97:
7e:d9:83:d9:c7:02:59:d0:2a:74:c5:32:3b:e3:ab:
02:44:79:2a:15:b7:40:54:9a:af:d2:d1:0b:a7:14:
77:bd:02:02:fb:10:1a:a7:39:ed:ce:75:17:89:87:
53:89:0b:56:c7:18:ae:e8:7e:97:5d:0a:89:40:e6:
33:e8:8c:65:b0:41:f9:a6:1a:fe:74:8e:e9:f6:72:
0a:a7:97:d0:ae:1e:30:1e:bd:7c:e3:f6:b6:64:20:
10:66:8c:4e:31:74:6b:d2:4c:70:a6:72:c7:99:8a:
ac:97:48:04:e8:ba:99:28:56:1f:4f:3b:bf:75:38:
1e:2c:22:d9:0e:f0:2a:7e:1d:e9:83:91:58:52:0c:
70:ec:a2:20:2f:39:72:22:f2:d6:07:48:23:71:06:
19:12:5c:aa:b8:33:e9:67:f2:8f:d4:ae:a6:93:ec:
b9:ad:59:42:2c:b6:c6:eb:ca:39:f5:d7:d4:77:bc:
91:26:63:62:b2:fe:23:26:b6:78:eb:b2:f2:67:2a:
50:c5:38:6d:43:a9:ba:47:c5:c8:b5:93:98:17:76:
61:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:22:6B:B9:6E:16:22:6F:22:0A:49:18:7B:7F:31:57:79:E6:2E:CD
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BCJruW4WIm8iCkkYe38xV3nmLs0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.94.0.0/16
83.211.0.0/16
185.82.0.0/22
194.20.0.0-194.21.63.255
194.21.128.0/18
194.153.192.0/20
195.62.224.0/19
212.90.0.0/19
212.110.0.0/19
213.136.128.0/18
213.149.192.0/19
213.198.128.0/18
Signature Algorithm: sha256WithRSAEncryption
34:88:8d:89:84:80:17:c8:96:c9:b6:a8:35:bf:de:5e:6d:97:
ce:51:7e:ae:6c:f9:ce:fd:91:7a:2a:84:f8:a6:6e:cc:49:26:
21:9a:db:a9:ff:bb:73:57:9b:11:b4:c9:0b:11:b5:ea:e2:96:
1c:35:f3:55:73:8b:a8:e5:d0:50:48:99:c2:3b:52:a3:8d:36:
5e:93:39:22:e6:bc:8c:71:9f:f0:ad:90:aa:2b:91:30:a8:ae:
74:0f:42:18:a8:c3:66:3c:eb:7f:80:8a:6f:d7:7c:c4:2c:44:
c8:2c:35:22:cc:18:b4:b9:59:39:02:85:84:eb:8b:c9:07:5a:
81:08:93:1d:a9:4d:10:5c:32:e6:65:c1:8f:71:73:00:f4:4b:
95:cf:54:b2:6f:b4:19:4b:f4:d7:71:96:d2:97:7b:b7:da:86:
79:c8:06:1f:5c:95:1f:bc:e4:f7:f4:00:85:38:fe:e8:4c:71:
e0:42:c3:3a:af:51:99:78:60:c7:ff:b9:c7:02:45:d3:4f:ca:
b1:06:67:8b:00:e2:a4:6f:ce:5f:75:91:d7:58:cc:f6:e0:86:
60:e1:eb:26:f4:00:d0:ef:37:8f:04:88:6c:05:5d:14:ae:9c:
3f:b0:4d:f0:b0:07:42:4a:56:46:6b:69:40:a8:fd:5f:7f:9a:
92:f7:97:40
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYe90eHZEHnuCz84xJBMdFCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwNDI2MTM0NzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDIyNmJiOTZlMTYyMjZmMjIwYTQ5MTg3YjdmMzE1Nzc5ZTYyZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo00t81QBX1irFKnh+7zatfSrjO4g
Uonf5TT666HMRLigbWSd57riIyi8cpd+2YPZxwJZ0Cp0xTI746sCRHkqFbdAVJqv
0tELpxR3vQIC+xAapzntznUXiYdTiQtWxxiu6H6XXQqJQOYz6IxlsEH5phr+dI7p
9nIKp5fQrh4wHr184/a2ZCAQZoxOMXRr0kxwpnLHmYqsl0gE6LqZKFYfTzu/dTge
LCLZDvAqfh3pg5FYUgxw7KIgLzlyIvLWB0gjcQYZElyquDPpZ/KP1K6mk+y5rVlC
LLbG68o59dfUd7yRJmNisv4jJrZ467LyZypQxThtQ6m6R8XItZOYF3Zh5wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFAQia7luFiJvIgpJGHt/MVd55i7NMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvQkNKcnVXNFdJbThpQ2trWWUzOHhWM25tTHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAATBNAwMAPl4DAwBT
0wMEArlSADALAwMCwhQDBAbCFQADBAbCFYADBATCmcADBAXDPuADBAXUWgADBAXU
bgADBAbViIADBAXVlcADBAbVxoAwDQYJKoZIhvcNAQELBQADggEBADSIjYmEgBfI
lsm2qDW/3l5tl85Rfq5s+c79kXoqhPimbsxJJiGa26n/u3NXmxG0yQsRterilhw1
81Vzi6jl0FBImcI7UqONNl6TOSLmvIxxn/CtkKorkTCornQPQhiow2Y863+Aim/X
fMQsRMgsNSLMGLS5WTkChYTri8kHWoEIkx2pTRBcMuZlwY9xcwD0S5XPVLJvtBlL
9NdxltKXe7fahnnIBh9clR+85Pf0AIU4/uhMceBCwzqvUZl4YMf/uccCRdNPyrEG
Z4sA4qRvzl91kddYzPbghmDh6yb0ANDvN48EiGwFXRSunD+wTfCwB0JKVkZraUCo
/V9/mpL3l0A=
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:18:32 2025 by rpki-client