Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/Lig3jO5FoYqgUjxYMebeZXEbDdY.roa
File: Lig3jO5FoYqgUjxYMebeZXEbDdY.roa (raw, json)
Hash identifier: uXcp5NjHSoOoi4Z3z7bEjV+rzPz85xPlzXDAmKI28Ws=
Subject key identifier: 2E:28:37:8C:EE:45:A1:8A:A0:52:3C:58:31:E6:DE:65:71:1B:0D:D6
Certificate issuer: /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial: 437B4E
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/Lig3jO5FoYqgUjxYMebeZXEbDdY.roa
Signing time: Tue 11 Jan 2022 12:39:10 +0000
ROA not before: Tue 11 Jan 2022 12:39:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44600
IP address blocks: 185.46.148.0/22 maxlen: 22
185.128.232.0/22 maxlen: 22
185.128.235.0/24 maxlen: 24
91.202.72.0/22 maxlen: 22
194.42.200.0/22 maxlen: 24
185.41.248.0/22 maxlen: 22
46.182.80.0/22 maxlen: 22
46.182.84.0/22 maxlen: 22
94.131.245.0/24 maxlen: 24
94.131.244.0/24 maxlen: 24
94.131.250.0/23 maxlen: 23
94.131.250.0/24 maxlen: 24
94.131.249.0/24 maxlen: 24
94.131.252.0/24 maxlen: 24
94.131.248.0/24 maxlen: 24
2a03:a600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4422478 (0x437b4e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Validity
Not Before: Jan 11 12:39:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2e28378cee45a18aa0523c5831e6de65711b0dd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ce:be:9d:4c:54:4b:83:ae:e5:d9:5d:e8:6a:
6e:bc:50:4f:f6:92:6a:cf:88:c1:f0:95:a6:2a:b0:
bc:ef:f6:94:0c:a9:3d:99:93:fb:b6:f6:2e:ad:ed:
5d:c1:18:3c:0e:b9:fa:02:49:cd:b5:57:f4:0e:fc:
7b:05:01:7e:9c:1b:b4:a1:9c:43:64:54:30:92:a5:
dd:b3:5b:71:49:c0:45:a6:31:e4:2e:c1:9b:bc:ba:
99:23:44:75:87:4a:0f:15:59:5c:fe:a2:de:37:6b:
9c:3b:60:1f:3b:cb:90:03:39:7b:bd:a6:14:67:a5:
43:22:eb:20:a6:aa:d6:6b:ba:c1:6f:bc:34:63:cd:
55:07:7a:43:72:b3:d1:50:40:db:99:63:97:5c:c0:
cf:3b:e5:c4:9b:15:2a:52:d5:6e:60:49:e3:df:d7:
eb:2f:3d:7e:19:d2:06:a2:77:e0:52:1d:dd:36:d6:
24:fa:5b:f0:85:d0:40:cf:c6:e4:79:ad:76:24:38:
d2:0c:a6:87:dd:62:21:43:de:01:74:d5:ae:6d:27:
0b:2f:dc:d2:03:b4:5b:b7:01:b3:25:5c:f9:f6:eb:
f1:68:20:d6:7a:4d:f1:fb:2f:5d:1b:5b:e6:2d:7d:
41:15:02:d1:b8:53:47:a3:5e:58:43:3e:93:ba:2e:
01:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:28:37:8C:EE:45:A1:8A:A0:52:3C:58:31:E6:DE:65:71:1B:0D:D6
X509v3 Authority Key Identifier:
keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/Lig3jO5FoYqgUjxYMebeZXEbDdY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.182.80.0/21
91.202.72.0/22
94.131.244.0/23
94.131.248.0-94.131.252.255
185.41.248.0/22
185.46.148.0/22
185.128.232.0/22
194.42.200.0/22
IPv6:
2a03:a600::/29
Signature Algorithm: sha256WithRSAEncryption
56:a3:c7:aa:dd:ee:aa:06:e0:fc:98:c2:07:33:61:25:04:b6:
06:a0:50:53:39:9a:34:1e:33:57:9f:32:2a:e5:59:f1:78:37:
cc:1a:a7:64:30:66:95:51:b2:16:f8:67:a0:50:95:bd:6b:14:
9c:a3:bf:59:ae:99:39:a7:fe:07:5d:e9:60:91:ac:98:29:6f:
26:84:7e:cf:a8:84:9d:de:04:7e:e3:7d:78:c1:73:4d:8a:03:
bb:b7:31:82:8f:c7:31:a9:fc:f0:b3:5b:6e:94:08:f5:51:af:
4b:77:a1:85:bd:28:9b:d5:a3:6c:ce:c6:48:b0:8f:42:87:49:
d4:23:69:4f:c8:66:58:21:b7:a0:3d:f5:94:57:27:57:6e:1d:
3a:c6:b5:1b:1d:35:67:dc:2f:81:c3:73:9b:e1:78:6c:fe:d8:
f4:78:7f:0b:24:bd:f0:14:c6:91:a3:75:58:40:a4:69:b0:83:
17:10:b8:b9:b2:5f:39:d2:5a:3c:d9:da:47:17:ce:c2:1a:a3:
53:5d:21:6e:e3:5c:17:19:98:2b:3f:80:fd:53:fa:59:2f:c0:
c4:96:60:ba:76:7d:30:a9:0a:d1:e3:36:8f:18:c0:f0:04:e1:
43:c5:61:be:bb:4d:89:3d:72:b0:37:b1:df:c0:89:0c:17:c5:
b7:6e:0b:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIDQ3tOMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDVj
NmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2YwM2MwMTkwHhcNMjIwMTEx
MTIzOTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyZTI4Mzc4Y2VlNDVh
MThhYTA1MjNjNTgzMWU2ZGU2NTcxMWIwZGQ2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAs86+nUxUS4Ou5dld6GpuvFBP9pJqz4jB8JWmKrC87/aUDKk9
mZP7tvYure1dwRg8Drn6AknNtVf0Dvx7BQF+nBu0oZxDZFQwkqXds1txScBFpjHk
LsGbvLqZI0R1h0oPFVlc/qLeN2ucO2AfO8uQAzl7vaYUZ6VDIusgpqrWa7rBb7w0
Y81VB3pDcrPRUEDbmWOXXMDPO+XEmxUqUtVuYEnj39frLz1+GdIGonfgUh3dNtYk
+lvwhdBAz8bkea12JDjSDKaH3WIhQ94BdNWubScLL9zSA7RbtwGzJVz59uvxaCDW
ek3x+y9dG1vmLX1BFQLRuFNHo15YQz6Tui4B3wIDAQABo4ICSjCCAkYwHQYDVR0O
BBYEFC4oN4zuRaGKoFI8WDHm3mVxGw3WMB8GA1UdIwQYMBaAFFxrDAAamatiluJC
Fzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJiLzEv
TGlnM2pPNUZvWXFnVWp4WU1lYmVaWEViRGRZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9j
ODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJiLzEvWEdzTUFCcVpxMktX
NGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGAG
CCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQDLrZQAwQCW8pIAwQBXoP0MAwDBANe
g/gDBABeg/wDBAK5KfgDBAK5LpQDBAK5gOgDBALCKsgwDQQCAAIwBwMFAyoDpgAw
DQYJKoZIhvcNAQELBQADggEBAFajx6rd7qoG4PyYwgczYSUEtgagUFM5mjQeM1ef
MirlWfF4N8wap2QwZpVRshb4Z6BQlb1rFJyjv1mumTmn/gdd6WCRrJgpbyaEfs+o
hJ3eBH7jfXjBc02KA7u3MYKPxzGp/PCzW26UCPVRr0t3oYW9KJvVo2zOxkiwj0KH
SdQjaU/IZlght6A99ZRXJ1duHTrGtRsdNWfcL4HDc5vheGz+2PR4fwskvfAUxpGj
dVhApGmwgxcQuLmyXznSWjzZ2kcXzsIao1NdIW7jXBcZmCs/gP1T+lkvwMSWYLp2
fTCpCtHjNo8YwPAE4UPFYb67TYk9crA3sd/AiQwXxbduCxA=
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:49:21 2025 by rpki-client