Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/FFVO3UWrmCwy50nHuSGr5YXdX-I.roa
File: FFVO3UWrmCwy50nHuSGr5YXdX-I.roa (raw, json)
Hash identifier: BXf3hmk21BeXan2ysr+1+1BiUWfMtBc+ok5mPNt01Aw=
Subject key identifier: 14:55:4E:DD:45:AB:98:2C:32:E7:49:C7:B9:21:AB:E5:85:DD:5F:E2
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 01854D4F031ABE60F9A085F6F6E9B9FF53AE
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/FFVO3UWrmCwy50nHuSGr5YXdX-I.roa
Signing time: Mon 26 Dec 2022 07:21:41 +0000
ROA not before: Mon 26 Dec 2022 07:21:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41789
IP address blocks: 185.244.51.0/24 maxlen: 24
185.233.186.0/24 maxlen: 24
185.250.44.0/23 maxlen: 23
185.250.46.0/23 maxlen: 23
193.39.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:4d:4f:03:1a:be:60:f9:a0:85:f6:f6:e9:b9:ff:53:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Dec 26 07:21:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=14554edd45ab982c32e749c7b921abe585dd5fe2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:9f:85:7f:4e:e7:76:9b:c2:2a:d5:9e:32:6b:
7d:8e:97:b0:7e:45:12:67:a2:9c:e9:d3:5f:d1:45:
15:1a:91:bd:62:86:e1:73:e0:1c:0e:f0:8b:84:b2:
e2:aa:59:e2:32:0e:53:2c:7b:75:06:c0:fa:48:56:
c7:24:b8:bd:05:5a:69:74:46:5d:8e:42:86:7c:6a:
f5:60:d0:bd:69:66:36:c9:6f:d7:71:ec:a7:db:53:
6a:32:64:10:35:17:94:a9:ce:8d:12:eb:43:84:55:
79:25:75:26:0c:ce:a3:43:58:93:16:ae:f0:fb:41:
7a:2f:7e:09:55:45:ab:63:4b:90:68:23:04:ef:62:
84:16:95:17:10:a5:2d:c9:14:87:95:25:65:d1:98:
ef:4a:40:e4:1a:b1:27:8c:e4:eb:c9:42:12:e5:a3:
23:43:7a:cb:a5:95:55:4c:2d:21:d8:7c:26:92:c1:
04:11:2b:d6:fd:9c:33:98:10:45:48:55:13:40:dc:
0b:9b:4f:49:c1:42:02:50:f0:2a:05:b2:40:29:67:
60:0f:a7:d3:0f:60:70:3c:2e:2e:69:36:74:c4:95:
07:a5:e2:c5:01:29:d8:b4:4d:ed:d0:34:a9:0a:72:
be:d8:fe:04:8e:37:c3:a9:9a:fa:df:bc:78:b5:b8:
09:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:55:4E:DD:45:AB:98:2C:32:E7:49:C7:B9:21:AB:E5:85:DD:5F:E2
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/FFVO3UWrmCwy50nHuSGr5YXdX-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.233.186.0/24
185.244.51.0/24
185.250.44.0/22
193.39.171.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:e6:0b:b1:82:1b:57:7f:eb:bd:46:5c:ec:1a:3f:3f:d5:0f:
98:f8:f2:2f:c2:ba:fe:6c:97:44:c8:91:59:c5:e2:15:d3:c8:
d0:48:ff:a1:8c:3d:5b:b9:f3:64:58:74:6f:5f:29:2b:b1:fd:
0a:3d:8e:4c:c0:4c:e8:13:9b:47:31:29:8f:a2:24:5a:e9:e2:
53:60:8f:56:ff:58:9d:cb:ee:07:c2:65:c3:d7:a3:9b:ab:8e:
9e:b9:5a:2d:96:77:6c:4f:78:42:53:49:42:93:c5:86:89:85:
99:f1:01:a6:e4:1f:d4:51:b2:cc:58:51:9b:b3:ec:34:8f:97:
a2:30:33:ea:79:9a:81:f2:99:61:4b:81:17:9f:0a:f1:a7:3c:
6f:0e:b3:68:00:ed:e4:ac:b7:6c:5b:53:63:63:de:5e:19:95:
e9:9e:9c:da:40:b2:85:a0:94:21:37:ce:e9:a2:c3:aa:9c:f4:
50:db:bc:b9:3c:79:ac:8f:d8:18:d0:4e:30:e1:f8:b0:e4:b7:
c3:ff:14:7f:e5:59:5a:aa:6a:1b:54:84:62:c5:af:86:f4:34:
5b:98:b6:a4:c9:d3:81:27:04:14:23:de:84:b5:96:8c:d1:08:
a1:47:cb:db:e0:b1:0c:25:88:ed:2a:36:57:05:18:7d:bc:d3:
37:e1:8f:8d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVNTwMavmD5oIX29um5/1OuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjIxMjI2MDcyMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU1NGVkZDQ1YWI5ODJjMzJlNzQ5YzdiOTIxYWJlNTg1ZGQ1ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJ+Ff07ndpvCKtWeMmt9jpewfkUS
Z6Kc6dNf0UUVGpG9Yobhc+AcDvCLhLLiqlniMg5TLHt1BsD6SFbHJLi9BVppdEZd
jkKGfGr1YNC9aWY2yW/Xceyn21NqMmQQNReUqc6NEutDhFV5JXUmDM6jQ1iTFq7w
+0F6L34JVUWrY0uQaCME72KEFpUXEKUtyRSHlSVl0ZjvSkDkGrEnjOTryUIS5aMj
Q3rLpZVVTC0h2HwmksEEESvW/ZwzmBBFSFUTQNwLm09JwUICUPAqBbJAKWdgD6fT
D2BwPC4uaTZ0xJUHpeLFASnYtE3t0DSpCnK+2P4EjjfDqZr637x4tbgJkwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBRVTt1Fq5gsMudJx7khq+WF3V/iMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvRkZWTzNVV3JtQ3d5NTBuSHVTR3I1WVhkWC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuem6AwQA
ufQzAwQCufosAwQAwSerMA0GCSqGSIb3DQEBCwUAA4IBAQCc5guxghtXf+u9Rlzs
Gj8/1Q+Y+PIvwrr+bJdEyJFZxeIV08jQSP+hjD1bufNkWHRvXykrsf0KPY5MwEzo
E5tHMSmPoiRa6eJTYI9W/1idy+4HwmXD16Obq46euVotlndsT3hCU0lCk8WGiYWZ
8QGm5B/UUbLMWFGbs+w0j5eiMDPqeZqB8plhS4EXnwrxpzxvDrNoAO3krLdsW1Nj
Y95eGZXpnpzaQLKFoJQhN87posOqnPRQ27y5PHmsj9gY0E4w4fiw5LfD/xR/5Vla
qmobVIRixa+G9DRbmLakydOBJwQUI96EtZaM0QihR8vb4LEMJYjtKjZXBRh9vNM3
4Y+N
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:39 2025 by rpki-client