Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_tKfgq4FAU-kVf_IBcpbUFaphY8.roa
File: _tKfgq4FAU-kVf_IBcpbUFaphY8.roa (raw, json)
Hash identifier: 7tsWCV9khKf5iiUueGOcADUdewm/Iyyw+G0N2ZAI7rw=
Subject key identifier: FE:D2:9F:82:AE:05:01:4F:A4:55:FF:C8:05:CA:5B:50:56:A9:85:8F
Certificate issuer: /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial: 018CC6B8F1D17E05C78E26232BF99D8C0E2B
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_tKfgq4FAU-kVf_IBcpbUFaphY8.roa
Signing time: Mon 01 Jan 2024 20:30:58 +0000
ROA not before: Mon 01 Jan 2024 20:30:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203020
IP address blocks: 91.132.114.0/23 maxlen: 32
103.53.82.0/23 maxlen: 32
193.28.237.0/24 maxlen: 32
45.114.12.0/22 maxlen: 32
193.28.182.0/24 maxlen: 32
193.28.191.0/24 maxlen: 32
193.28.202.0/24 maxlen: 32
103.240.180.0/22 maxlen: 32
103.53.216.0/22 maxlen: 32
146.19.206.0/24 maxlen: 24
193.19.204.0/24 maxlen: 32
193.19.205.0/24 maxlen: 32
193.19.206.0/24 maxlen: 32
193.19.207.0/24 maxlen: 32
45.145.104.0/22 maxlen: 32
146.19.37.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:f1:d1:7e:05:c7:8e:26:23:2b:f9:9d:8c:0e:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Validity
Not Before: Jan 1 20:30:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fed29f82ae05014fa455ffc805ca5b5056a9858f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:5a:14:a8:52:47:a1:1c:f8:c5:99:ea:ff:df:
c2:c0:bf:ae:72:8c:8e:7d:35:e0:59:41:a3:f0:05:
82:cc:c2:da:06:db:67:05:58:36:c6:e1:bb:65:a6:
1d:1e:cc:4f:45:6d:a5:a0:85:08:8c:c8:84:56:f5:
29:6d:6b:19:ed:be:d0:77:85:8d:b7:af:ed:22:9c:
67:22:21:da:ba:ed:c3:33:81:bb:f2:cc:9d:27:de:
43:b8:35:6a:cf:57:4c:0e:f1:96:4f:1a:a3:87:00:
45:5a:3d:ad:14:e4:c5:a5:1b:45:4a:ee:53:9f:89:
9e:7d:d5:39:4d:3f:b0:dc:05:26:f3:12:4d:94:c6:
2c:a8:06:f6:ae:05:33:01:28:86:72:69:8c:3b:c3:
7a:15:14:c0:08:94:cb:7f:de:21:2a:0e:f7:bc:b3:
09:15:4b:91:1d:99:3e:51:64:95:f7:52:fa:be:f5:
d7:52:2a:31:e8:0e:b7:87:24:9e:6a:07:8c:c5:7b:
06:c2:29:9c:16:b8:63:c5:16:b9:5a:6d:41:02:ca:
8c:55:84:68:7e:5c:1c:69:c1:19:1a:89:ba:81:53:
d3:bb:af:1c:21:e6:3b:61:02:97:d6:89:8b:e2:2e:
2b:a9:62:f2:32:22:91:05:f4:e0:1f:b0:0e:a9:44:
41:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:D2:9F:82:AE:05:01:4F:A4:55:FF:C8:05:CA:5B:50:56:A9:85:8F
X509v3 Authority Key Identifier:
keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/_tKfgq4FAU-kVf_IBcpbUFaphY8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.114.12.0/22
45.145.104.0/22
91.132.114.0/23
103.53.82.0/23
103.53.216.0/22
103.240.180.0/22
146.19.37.0/24
146.19.206.0/24
193.19.204.0/22
193.28.182.0/24
193.28.191.0/24
193.28.202.0/24
193.28.237.0/24
Signature Algorithm: sha256WithRSAEncryption
82:bb:53:c7:db:14:cd:2e:28:1f:75:31:4f:e2:7c:1c:0c:b0:
7c:6a:09:c4:4e:1b:1e:04:b7:8f:2f:cb:27:08:f3:0a:33:ba:
39:b9:dd:29:6b:d7:8a:b8:69:c8:75:83:0a:7f:1f:3b:68:4a:
b1:64:d9:e0:94:b2:b7:51:45:c5:27:f2:ee:cd:78:f2:c6:c8:
9a:8c:14:51:23:8e:b3:83:5b:1d:dd:f6:fa:d4:37:6d:3e:56:
a1:d6:05:1f:1a:57:3e:00:ed:65:ea:9d:16:07:78:eb:7c:34:
5b:30:34:66:4f:66:bc:48:eb:c4:4f:30:3b:ce:6b:f1:c2:b4:
d3:40:bf:e9:01:c1:4d:ba:c7:d6:c6:1b:0c:77:5a:7f:05:e6:
d1:b0:99:02:02:e9:2e:4d:ad:3d:be:9a:6a:6e:19:d7:3a:d5:
8a:4a:18:df:d4:06:4d:6a:ab:98:50:c2:5a:50:5e:19:c8:99:
e0:bd:69:a9:93:e6:1b:cf:e2:49:ca:bb:ae:a4:da:5b:66:76:
af:d0:40:2f:be:34:3e:88:f3:2d:5b:4f:b8:da:d4:c8:95:35:
e4:25:48:bc:ce:38:95:3b:97:ff:8f:fd:d2:5d:75:b5:cc:f4:
28:69:9d:03:05:2c:af:a8:95:39:ca:fd:c1:ae:3f:78:b8:c1:
df:e5:97:d7
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYzGuPHRfgXHjiYjK/mdjA4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQyOWY4MmFlMDUwMTRmYTQ1NWZmYzgwNWNhNWI1MDU2YTk4NThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1oUqFJHoRz4xZnq/9/CwL+ucoyO
fTXgWUGj8AWCzMLaBttnBVg2xuG7ZaYdHsxPRW2loIUIjMiEVvUpbWsZ7b7Qd4WN
t6/tIpxnIiHauu3DM4G78sydJ95DuDVqz1dMDvGWTxqjhwBFWj2tFOTFpRtFSu5T
n4mefdU5TT+w3AUm8xJNlMYsqAb2rgUzASiGcmmMO8N6FRTACJTLf94hKg73vLMJ
FUuRHZk+UWSV91L6vvXXUiox6A63hySeageMxXsGwimcFrhjxRa5Wm1BAsqMVYRo
flwcacEZGom6gVPTu68cIeY7YQKX1omL4i4rqWLyMiKRBfTgH7AOqURBBwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFP7Sn4KuBQFPpFX/yAXKW1BWqYWPMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvX3RLZmdxNEZBVS1rVmZfSUJjcGJVRmFwaFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCLXIMAwQC
LZFoAwQBW4RyAwQBZzVSAwQCZzXYAwQCZ/C0AwQAkhMlAwQAkhPOAwQCwRPMAwQA
wRy2AwQAwRy/AwQAwRzKAwQAwRztMA0GCSqGSIb3DQEBCwUAA4IBAQCCu1PH2xTN
LigfdTFP4nwcDLB8agnEThseBLePL8snCPMKM7o5ud0pa9eKuGnIdYMKfx87aEqx
ZNnglLK3UUXFJ/LuzXjyxsiajBRRI46zg1sd3fb61DdtPlah1gUfGlc+AO1l6p0W
B3jrfDRbMDRmT2a8SOvETzA7zmvxwrTTQL/pAcFNusfWxhsMd1p/BebRsJkCAuku
Ta09vppqbhnXOtWKShjf1AZNaquYUMJaUF4ZyJngvWmpk+Ybz+JJyruupNpbZnav
0EAvvjQ+iPMtW0+42tTIlTXkJUi8zjiVO5f/j/3SXXW1zPQoaZ0DBSyvqJU5yv3B
rj94uMHf5ZfX
-----END CERTIFICATE-----
Generated at Tue Mar 11 05:02:48 2025 by rpki-client