Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/bPgfhhEZubwxJcFFNkEXnsl51YQ.roa
File: bPgfhhEZubwxJcFFNkEXnsl51YQ.roa (raw, json)
Hash identifier: MUTXDgvMMXrOFzST9mGpphpuvb8w0QsufqhIGoAH0FU=
Subject key identifier: 6C:F8:1F:86:11:19:B9:BC:31:25:C1:45:36:41:17:9E:C9:79:D5:84
Certificate issuer: /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial: 01AC4922
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/bPgfhhEZubwxJcFFNkEXnsl51YQ.roa
Signing time: Tue 10 May 2022 10:25:01 +0000
ROA not before: Tue 10 May 2022 10:25:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34248
IP address blocks: 185.169.16.0/22 maxlen: 22
85.90.213.0/24 maxlen: 24
85.90.209.0/24 maxlen: 24
85.90.208.0/24 maxlen: 24
85.90.210.0/24 maxlen: 24
85.90.219.0/24 maxlen: 24
85.90.218.0/24 maxlen: 24
85.90.214.0/24 maxlen: 24
85.90.221.0/24 maxlen: 24
85.90.220.0/24 maxlen: 24
82.117.242.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28068130 (0x1ac4922)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Validity
Not Before: May 10 10:25:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6cf81f861119b9bc3125c1453641179ec979d584
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:e7:44:ac:87:37:22:20:bb:32:25:0e:08:8a:
04:ff:d3:d7:33:cf:ae:a9:53:4f:63:3e:db:eb:94:
6c:1f:54:4a:18:e4:f1:78:01:42:a7:13:66:45:e8:
f2:ad:50:43:d3:0c:0c:68:6f:7e:e0:d7:5a:00:2b:
02:8d:d4:ac:4f:ec:ab:57:e9:78:fd:85:0e:39:1e:
05:90:cb:2e:da:01:a6:47:b9:8b:06:14:0d:04:23:
b5:b4:f9:80:1e:86:90:a3:c1:6b:20:c9:fb:66:32:
de:44:0e:7a:b6:1e:c9:2d:87:6a:2d:f2:94:79:72:
75:c5:40:f6:2c:65:a2:8e:20:5d:4a:37:55:84:d0:
7f:e1:c8:52:f9:26:68:bd:e2:7b:c5:45:1b:a0:b4:
51:18:17:d1:04:86:00:32:f1:94:63:27:45:b2:cd:
7c:e5:09:0e:e2:85:70:48:79:21:3b:16:46:b1:26:
b4:ad:13:ed:3e:c2:cc:15:4a:7f:72:e2:a0:ad:39:
c4:7f:24:e6:86:07:e5:de:88:cd:a5:e4:18:bc:ca:
d5:80:ce:5d:57:7b:32:1f:ec:9a:4a:e0:82:94:8a:
9d:21:22:76:b9:cd:ce:7e:3b:9d:d5:94:81:0e:bc:
5e:45:b2:8f:ce:c4:65:98:3c:5b:aa:65:5b:01:c1:
cf:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:F8:1F:86:11:19:B9:BC:31:25:C1:45:36:41:17:9E:C9:79:D5:84
X509v3 Authority Key Identifier:
keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/bPgfhhEZubwxJcFFNkEXnsl51YQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.117.242.0/23
85.90.208.0-85.90.210.255
85.90.213.0-85.90.214.255
85.90.218.0-85.90.221.255
185.169.16.0/22
Signature Algorithm: sha256WithRSAEncryption
08:90:9e:03:3d:80:51:97:2b:f7:1f:86:fb:6d:0a:67:6a:98:
c7:6a:ee:e3:04:3d:d0:6d:52:eb:b9:8d:65:f9:72:69:b6:8f:
ea:ad:2f:33:2d:bf:1d:cc:88:d2:a6:5e:33:8f:a0:14:8d:1a:
68:98:4f:2a:cb:70:59:1e:af:d3:62:f5:64:6c:5a:9a:c5:59:
18:f5:df:07:6a:98:65:05:04:fd:39:69:54:d4:92:95:46:55:
2d:7c:ed:37:56:fc:00:cc:48:43:56:05:91:d2:4e:c7:81:08:
e5:be:37:a7:94:16:3f:ae:e2:49:4e:03:ae:6c:43:1e:e6:b4:
32:63:11:6e:72:55:4f:d2:ea:f9:4f:41:14:25:dd:c1:85:27:
c5:86:d3:cc:07:c5:5f:ab:20:9d:46:e6:cc:62:2c:bc:12:0e:
2b:ba:87:12:4e:af:82:28:5a:e9:c6:2b:3c:4c:b5:10:04:8f:
75:6b:24:b5:c1:9d:d1:45:19:83:ff:ef:8c:5f:61:db:59:86:
4d:08:50:7b:a5:2a:95:6e:c8:42:8e:4f:0d:ca:f2:00:50:fb:
34:2e:19:06:b9:b1:53:2d:5f:57:5d:ef:e2:ec:64:ec:8e:92:
ad:fc:57:97:58:0b:70:2c:21:14:b6:a9:fd:63:5b:0a:7f:8e:
bd:d6:f5:eb
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEAaxJIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NGQ5OGU4ZmVjNjgwNzc1YTE1NzI2NmUwYzZiNzhiMTQxYTM0ZjVlMB4XDTIyMDUx
MDEwMjUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmNmODFmODYxMTE5
YjliYzMxMjVjMTQ1MzY0MTE3OWVjOTc5ZDU4NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJfnRKyHNyIguzIlDgiKBP/T1zPPrqlTT2M+2+uUbB9UShjk
8XgBQqcTZkXo8q1QQ9MMDGhvfuDXWgArAo3UrE/sq1fpeP2FDjkeBZDLLtoBpke5
iwYUDQQjtbT5gB6GkKPBayDJ+2Yy3kQOerYeyS2Hai3ylHlydcVA9ixloo4gXUo3
VYTQf+HIUvkmaL3ie8VFG6C0URgX0QSGADLxlGMnRbLNfOUJDuKFcEh5ITsWRrEm
tK0T7T7CzBVKf3LioK05xH8k5oYH5d6IzaXkGLzK1YDOXVd7Mh/smkrggpSKnSEi
drnNzn47ndWUgQ68XkWyj87EZZg8W6plWwHBzw0CAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBRs+B+GERm5vDElwUU2QReeyXnVhDAfBgNVHSMEGDAWgBSU2Y6P7GgHdaFX
Jm4Ma3ixQaNPXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xObU9qLXhvQjNXaFZ5WnVER3Q0c1VHalQxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvN2FlM2M3LTY3ZTQtNDRkZS1iMTM5LTg3ZDE3ZGY3NGM3ZS8x
L2JQZ2ZoaEVadWJ3eEpjRkZOa0VYbnNsNTFZUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
N2FlM2M3LTY3ZTQtNDRkZS1iMTM5LTg3ZDE3ZGY3NGM3ZS8xL2xObU9qLXhvQjNX
aFZ5WnVER3Q0c1VHalQxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAVJ18jAMAwQEVVrQAwQAVVrSMAwD
BABVWtUDBABVWtYwDAMEAVVa2gMEAVVa3AMEArmpEDANBgkqhkiG9w0BAQsFAAOC
AQEACJCeAz2AUZcr9x+G+20KZ2qYx2ru4wQ90G1S67mNZflyabaP6q0vMy2/HcyI
0qZeM4+gFI0aaJhPKstwWR6v02L1ZGxamsVZGPXfB2qYZQUE/TlpVNSSlUZVLXzt
N1b8AMxIQ1YFkdJOx4EI5b43p5QWP67iSU4DrmxDHua0MmMRbnJVT9Lq+U9BFCXd
wYUnxYbTzAfFX6sgnUbmzGIsvBIOK7qHEk6vgiha6cYrPEy1EASPdWsktcGd0UUZ
g//vjF9h21mGTQhQe6UqlW7IQo5PDcryAFD7NC4ZBrmxUy1fV13v4uxk7I6SrfxX
l1gLcCwhFLap/WNbCn+Ovdb16w==
-----END CERTIFICATE-----
Generated at Wed Apr 9 03:42:19 2025 by rpki-client