Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/ONJSvboube1CLmZGrQC6KATH2Io.roa
File: ONJSvboube1CLmZGrQC6KATH2Io.roa (raw, json)
Hash identifier: fnkIqpw/ABBJuQLk7edWXYp/nXf5amDynCv1ojVzuLE=
Subject key identifier: 38:D2:52:BD:BA:2E:6D:ED:42:2E:66:46:AD:00:BA:28:04:C7:D8:8A
Certificate issuer: /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial: 131D749E
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/ONJSvboube1CLmZGrQC6KATH2Io.roa
Signing time: Sat 01 Jan 2022 12:59:31 +0000
ROA not before: Sat 01 Jan 2022 12:59:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21472
IP address blocks: 185.149.176.0/22 maxlen: 22
195.49.144.0/22 maxlen: 22
5.2.16.0/21 maxlen: 21
5.2.16.0/23 maxlen: 23
5.2.18.0/23 maxlen: 23
5.2.20.0/23 maxlen: 23
5.2.23.0/24 maxlen: 24
78.143.254.0/24 maxlen: 24
185.79.56.0/24 maxlen: 24
185.79.56.0/22 maxlen: 22
2a00:e740::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 320697502 (0x131d749e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Validity
Not Before: Jan 1 12:59:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=38d252bdba2e6ded422e6646ad00ba2804c7d88a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:03:b4:23:ea:35:5d:b7:95:de:19:b7:4a:4f:
15:a8:39:de:65:66:93:f7:19:77:4c:8e:f5:de:9a:
30:e2:f8:06:a9:45:ba:44:cb:51:92:97:5e:70:b3:
50:3e:ef:7f:30:40:42:80:f7:90:e3:03:c8:5c:81:
54:b9:2e:c4:07:21:12:7d:70:d2:29:03:90:74:89:
27:6f:3f:a2:04:5e:ed:10:c8:38:84:af:75:04:e5:
ae:0c:a5:f4:23:1b:ba:a4:75:ec:73:dd:5c:4a:45:
a4:81:73:92:a2:7c:04:94:68:dc:69:9d:31:b9:5f:
00:22:bb:6c:2e:07:7a:7b:0b:68:39:4c:94:c6:3a:
ff:9f:81:3c:f4:b0:a3:54:ae:64:3d:6f:b8:f9:bd:
63:0b:c5:98:0a:46:f5:4e:d8:6a:ef:12:93:a3:5a:
71:a9:12:09:6d:ec:fa:ac:5d:32:aa:79:b5:32:0d:
23:6c:36:71:8f:cf:92:57:24:0b:9f:3d:cd:fb:c9:
eb:00:fa:56:cc:ac:e6:1a:43:0c:50:5a:ea:5f:2d:
31:ad:19:38:b6:fa:07:14:4c:af:38:cb:71:14:62:
65:70:ef:31:11:b4:72:a6:f7:14:11:96:01:6d:7c:
c7:f9:23:3c:37:3d:c6:c3:6a:19:42:5e:a3:b5:14:
84:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:D2:52:BD:BA:2E:6D:ED:42:2E:66:46:AD:00:BA:28:04:C7:D8:8A
X509v3 Authority Key Identifier:
keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/ONJSvboube1CLmZGrQC6KATH2Io.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.16.0/21
78.143.254.0/24
185.79.56.0/22
185.149.176.0/22
195.49.144.0/22
IPv6:
2a00:e740::/32
Signature Algorithm: sha256WithRSAEncryption
56:41:6e:86:41:34:6a:9f:23:75:5d:1b:2a:32:47:02:a4:05:
3a:d3:2c:69:e8:9f:75:9c:50:08:03:63:94:b7:27:36:d4:f3:
a2:77:24:36:dc:4c:a7:5a:0a:c6:95:34:fa:fa:9c:84:3b:58:
f1:33:33:fa:7f:23:f6:0d:b9:4a:68:cf:38:2c:3d:e3:e0:99:
fb:27:37:d1:a6:20:cc:18:7d:2e:71:e4:89:0b:fe:7d:c2:a3:
bf:3a:70:0a:47:2f:8f:c6:0f:a1:ca:3e:a4:1f:e9:d9:ec:65:
1a:c9:26:0c:fa:ee:97:5c:80:7a:15:69:84:74:60:c9:dc:7f:
29:99:30:6a:15:3f:2e:28:20:5d:f0:81:ce:56:5d:93:e7:f8:
0f:75:c1:b6:38:3c:53:c5:c7:70:09:75:fe:03:f0:a2:a9:b5:
f1:eb:53:00:0b:3d:8b:57:02:5a:c5:3e:5d:eb:15:15:65:90:
66:e0:f2:a9:d6:aa:17:4a:9e:ac:35:3c:42:39:d8:28:ee:d4:
13:33:de:30:2e:42:fa:e9:aa:e0:14:94:c5:2a:03:ed:db:7c:
4b:d6:b2:ff:11:89:a6:47:6a:c1:6d:7c:7f:6a:1b:d3:d3:74:
59:7b:a5:7d:09:9b:b7:c0:53:2f:ad:a0:ef:a5:e9:4b:ef:1c:
a4:4e:34:7e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEEx10njANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ODk1M2E1ZjExYTgyNzljZGY4Nzk4OTYwZGUxZTIyZWIxMjI3ZDk1MB4XDTIyMDEw
MTEyNTkzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhkMjUyYmRiYTJl
NmRlZDQyMmU2NjQ2YWQwMGJhMjgwNGM3ZDg4YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIsDtCPqNV23ld4Zt0pPFag53mVmk/cZd0yO9d6aMOL4BqlF
ukTLUZKXXnCzUD7vfzBAQoD3kOMDyFyBVLkuxAchEn1w0ikDkHSJJ28/ogRe7RDI
OISvdQTlrgyl9CMbuqR17HPdXEpFpIFzkqJ8BJRo3GmdMblfACK7bC4HensLaDlM
lMY6/5+BPPSwo1SuZD1vuPm9YwvFmApG9U7Yau8Sk6NacakSCW3s+qxdMqp5tTIN
I2w2cY/PklckC589zfvJ6wD6Vsys5hpDDFBa6l8tMa0ZOLb6BxRMrzjLcRRiZXDv
MRG0cqb3FBGWAW18x/kjPDc9xsNqGUJeo7UUhBsCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBQ40lK9ui5t7UIuZkatALooBMfYijAfBgNVHSMEGDAWgBQIlTpfEagnnN+H
mJYN4eIusSJ9lTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NKVTZYeEdvSjV6Zmg1aVdEZUhpTHJFaWZaVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGMvY2M5NGM4LTcyZTQtNDM5OC1iMzdiLTcxMTY5NTY3ZTM5Yy8x
L09OSlN2Ym91YmUxQ0xtWkdyUUM2S0FUSDJJby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMv
Y2M5NGM4LTcyZTQtNDM5OC1iMzdiLTcxMTY5NTY3ZTM5Yy8xL0NKVTZYeEdvSjV6
Zmg1aVdEZUhpTHJFaWZaVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAwUCEAMEAE6P/gMEArlPOAMEArmV
sAMEAsMxkDANBAIAAjAHAwUAKgDnQDANBgkqhkiG9w0BAQsFAAOCAQEAVkFuhkE0
ap8jdV0bKjJHAqQFOtMsaeifdZxQCANjlLcnNtTzonckNtxMp1oKxpU0+vqchDtY
8TMz+n8j9g25SmjPOCw94+CZ+yc30aYgzBh9LnHkiQv+fcKjvzpwCkcvj8YPoco+
pB/p2exlGskmDPrul1yAehVphHRgydx/KZkwahU/LiggXfCBzlZdk+f4D3XBtjg8
U8XHcAl1/gPwoqm18etTAAs9i1cCWsU+XesVFWWQZuDyqdaqF0qerDU8QjnYKO7U
EzPeMC5C+umq4BSUxSoD7dt8S9ay/xGJpkdqwW18f2ob09N0WXulfQmbt8BTL62g
76XpS+8cpE40fg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:03:03 2025 by rpki-client