Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/JEfN_lx3_m-VV0h_Q0oGQD6BhRs.roa
File: JEfN_lx3_m-VV0h_Q0oGQD6BhRs.roa (raw, json)
Hash identifier: cdMl8Oa7SFNXsiV5Z4LHmTw/+QIqyDMgPfaQdKdK8Ek=
Subject key identifier: 24:47:CD:FE:5C:77:FE:6F:95:57:48:7F:43:4A:06:40:3E:81:85:1B
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 01889F55AC430FEDF2618A4FF90A36C9E630
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/JEfN_lx3_m-VV0h_Q0oGQD6BhRs.roa
Signing time: Fri 09 Jun 2023 08:46:11 +0000
ROA not before: Fri 09 Jun 2023 08:46:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3302
IP address blocks: 185.82.0.0/22 maxlen: 22
213.136.128.0/18 maxlen: 24
217.29.160.0/20 maxlen: 20
194.20.0.0/16 maxlen: 24
213.149.192.0/19 maxlen: 19
212.90.0.0/19 maxlen: 24
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
194.153.192.0/20 maxlen: 24
83.211.0.0/16 maxlen: 24
212.110.0.0/19 maxlen: 24
62.94.0.0/16 maxlen: 24
194.153.212.0/23 maxlen: 24
195.62.224.0/19 maxlen: 24
194.153.208.0/22 maxlen: 24
213.198.128.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:9f:55:ac:43:0f:ed:f2:61:8a:4f:f9:0a:36:c9:e6:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Jun 9 08:46:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2447cdfe5c77fe6f9557487f434a06403e81851b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a1:48:b0:03:1c:4a:4b:54:21:57:30:13:42:
82:dd:ba:08:ef:66:ca:6e:5f:f4:0c:f7:66:cd:27:
5a:cd:47:bb:7b:98:77:1d:6d:32:74:8f:59:65:53:
26:f5:fc:f2:38:0e:4b:87:b9:a6:b0:46:b9:0f:91:
f7:16:0a:5f:bc:22:b2:92:b8:b5:54:60:0e:09:89:
5f:f7:8b:b4:9e:5e:46:65:75:4e:ce:fd:3e:5d:37:
03:70:be:e2:9c:d0:4d:9b:ff:6d:b2:c5:c8:94:d1:
99:63:34:df:14:09:ac:c3:c6:5c:32:88:6c:8f:bf:
68:7b:8f:ac:2b:95:86:bc:f0:17:ef:a0:77:a7:18:
a4:c3:33:10:f8:88:33:36:ba:80:b8:9f:b1:01:16:
8f:c5:07:44:d6:67:c2:e0:d6:ad:ae:0b:54:cd:2e:
40:99:f9:b8:3a:39:3c:c4:c9:2c:e7:c1:8f:66:41:
7e:71:17:d2:22:c9:3c:32:7d:3b:73:a2:b2:a5:7f:
b9:9b:f7:83:ae:a0:a1:e9:77:37:06:48:c6:ed:b6:
ba:a0:79:ce:f8:6c:5f:23:9a:fd:d3:7f:96:14:c6:
2d:8e:80:ee:c1:ef:e3:c0:f9:8c:1a:d9:35:96:cc:
cd:91:13:b3:0f:6a:81:42:d6:4f:bd:80:f5:06:cc:
e6:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:47:CD:FE:5C:77:FE:6F:95:57:48:7F:43:4A:06:40:3E:81:85:1B
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/JEfN_lx3_m-VV0h_Q0oGQD6BhRs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.94.0.0/16
83.211.0.0/16
185.82.0.0/22
194.20.0.0-194.21.63.255
194.21.128.0/18
194.153.192.0-194.153.213.255
195.62.224.0/19
212.90.0.0/19
212.110.0.0/19
213.136.128.0/18
213.149.192.0/19
213.198.128.0/18
217.29.160.0/20
Signature Algorithm: sha256WithRSAEncryption
44:5e:c5:eb:bf:18:e1:05:71:71:22:1e:40:ca:cd:e7:c9:4e:
15:6a:ea:49:87:43:5b:79:e4:f5:b6:09:2d:17:87:cc:2b:27:
53:61:79:c7:a1:20:c6:49:55:2c:5b:23:e1:b4:14:60:22:fe:
6f:d7:51:fa:d5:2a:d0:c0:45:a5:43:5e:59:76:7e:29:38:e2:
75:9d:4b:9a:60:c8:10:67:13:42:a3:c5:52:40:80:ee:68:e4:
4b:6c:5d:47:08:fc:02:5f:e8:87:bd:01:97:85:ed:19:e5:6e:
e7:8d:e0:14:43:b2:77:5d:7a:8a:6d:3d:a6:05:6e:e3:b9:03:
66:d0:21:02:b4:91:01:7d:7b:fe:8e:96:cc:94:a4:53:3b:26:
85:53:c2:f9:3d:10:4a:e9:89:de:00:cf:82:77:c0:14:8e:3b:
51:0b:2f:17:70:04:21:c9:9e:9e:43:10:04:9b:06:7c:d1:14:
7e:c7:43:0a:83:67:88:a3:9c:fa:3d:6c:bb:ea:a5:5d:67:16:
da:01:a5:ea:c3:19:bd:7c:86:e0:4e:4c:eb:a1:8f:df:5f:eb:
f4:f6:fe:62:ee:a7:7c:00:d9:91:95:c1:9a:1b:3e:b1:e4:72:
5c:a0:48:87:64:ac:64:07:6b:ef:14:a6:b0:fe:62:d8:60:9a:
bd:31:bf:a9
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYifVaxDD+3yYYpP+Qo2yeYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwNjA5MDg0NjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQ3Y2RmZTVjNzdmZTZmOTU1NzQ4N2Y0MzRhMDY0MDNlODE4NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6FIsAMcSktUIVcwE0KC3boI72bK
bl/0DPdmzSdazUe7e5h3HW0ydI9ZZVMm9fzyOA5Lh7mmsEa5D5H3FgpfvCKykri1
VGAOCYlf94u0nl5GZXVOzv0+XTcDcL7inNBNm/9tssXIlNGZYzTfFAmsw8ZcMohs
j79oe4+sK5WGvPAX76B3pxikwzMQ+IgzNrqAuJ+xARaPxQdE1mfC4NatrgtUzS5A
mfm4Ojk8xMks58GPZkF+cRfSIsk8Mn07c6KypX+5m/eDrqCh6Xc3BkjG7ba6oHnO
+GxfI5r903+WFMYtjoDuwe/jwPmMGtk1lszNkROzD2qBQtZPvYD1BszmMwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFCRHzf5cd/5vlVdIf0NKBkA+gYUbMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvSkVmTl9seDNfbS1WVjBoX1Ewb0dRRDZCaFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAATBbAwMAPl4DAwBT
0wMEArlSADALAwMCwhQDBAbCFQADBAbCFYAwDAMEBsKZwAMEAcKZ1AMEBcM+4AME
BdRaAAMEBdRuAAMEBtWIgAMEBdWVwAMEBtXGgAMEBNkdoDANBgkqhkiG9w0BAQsF
AAOCAQEARF7F678Y4QVxcSIeQMrN58lOFWrqSYdDW3nk9bYJLReHzCsnU2F5x6Eg
xklVLFsj4bQUYCL+b9dR+tUq0MBFpUNeWXZ+KTjidZ1LmmDIEGcTQqPFUkCA7mjk
S2xdRwj8Al/oh70Bl4XtGeVu543gFEOyd116im09pgVu47kDZtAhArSRAX17/o6W
zJSkUzsmhVPC+T0QSumJ3gDPgnfAFI47UQsvF3AEIcmenkMQBJsGfNEUfsdDCoNn
iKOc+j1su+qlXWcW2gGl6sMZvXyG4E5M66GP31/r9Pb+Yu6nfADZkZXBmhs+seRy
XKBIh2SsZAdr7xSmsP5i2GCavTG/qQ==
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:10:25 2025 by rpki-client