Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/T32jFffh8fdMOYcOgHyyilvAacc.roa
File: T32jFffh8fdMOYcOgHyyilvAacc.roa (raw, json)
Hash identifier: 0H8udQEAJqRyQ8CTjH9741tkxYG99GACk7TGS1IHbM0=
Subject key identifier: 4F:7D:A3:15:F7:E1:F1:F7:4C:39:87:0E:80:7C:B2:8A:5B:C0:69:C7
Certificate issuer: /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial: 018CC64AE35127BC6F1BC36A1CD8B069F53E
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/T32jFffh8fdMOYcOgHyyilvAacc.roa
Signing time: Mon 01 Jan 2024 18:30:45 +0000
ROA not before: Mon 01 Jan 2024 18:30:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29119
IP address blocks: 62.122.231.0/24 maxlen: 24
62.122.230.0/24 maxlen: 24
62.122.228.0/22 maxlen: 22
62.122.228.0/24 maxlen: 24
185.167.181.0/24 maxlen: 24
5.253.158.0/24 maxlen: 24
185.204.203.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:e3:51:27:bc:6f:1b:c3:6a:1c:d8:b0:69:f5:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Validity
Not Before: Jan 1 18:30:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4f7da315f7e1f1f74c39870e807cb28a5bc069c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f4:9d:a5:2f:0a:bf:64:2a:4f:3c:ff:d1:f1:
ac:f7:3e:f0:d7:a5:c7:2e:aa:20:1a:05:b4:67:f8:
08:b1:a9:d0:84:a3:d0:1c:f6:ca:4c:2b:6f:5e:c2:
ff:05:c9:e7:7b:59:6a:de:e1:3e:b6:f1:c2:ca:ba:
31:68:7d:48:73:74:5d:e1:54:0e:f7:c8:03:e0:da:
83:b5:41:fe:35:3e:91:f3:ba:2e:36:4a:cd:24:e2:
37:0e:50:ff:4b:30:c7:70:02:d5:b1:88:8d:e7:80:
a1:f4:c1:fd:8c:a6:3b:dc:ea:21:b4:da:6c:d8:8b:
d4:71:f5:e7:33:7f:55:8e:56:20:58:86:8b:74:f9:
04:db:a9:a6:74:de:2d:78:6b:fc:8c:b1:ca:22:ba:
81:1a:3c:a7:59:07:e8:ae:8e:9e:df:c5:2b:5e:b9:
2a:95:b4:01:ea:0f:95:e6:6e:14:d7:94:40:e8:4c:
3b:f9:67:68:f7:f0:7a:ea:5f:aa:ce:24:17:75:31:
0b:bc:f5:e4:74:65:d5:f2:83:a7:99:c9:a1:02:a6:
d5:fc:d8:9c:d5:f5:86:46:53:71:33:12:a9:0a:b6:
e3:47:21:9d:6e:70:fd:bf:61:78:e8:76:45:e6:1a:
7b:c6:6b:09:12:85:ed:8d:f8:92:a4:ca:43:12:72:
f9:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:7D:A3:15:F7:E1:F1:F7:4C:39:87:0E:80:7C:B2:8A:5B:C0:69:C7
X509v3 Authority Key Identifier:
keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/T32jFffh8fdMOYcOgHyyilvAacc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.158.0/24
62.122.228.0/22
185.167.181.0/24
185.204.203.0/24
Signature Algorithm: sha256WithRSAEncryption
58:4d:9c:fa:69:15:70:65:8b:3a:67:c6:5c:35:98:40:89:b9:
f3:62:47:4f:d4:20:e4:c3:fe:4c:24:03:74:1e:79:64:38:13:
6c:66:ee:2e:e0:73:14:a7:a9:71:3d:70:bc:ef:50:23:71:06:
d8:7b:bc:fc:c8:ea:9f:2b:69:87:cc:ac:58:06:14:03:4b:ab:
70:42:05:c2:ea:7a:fc:a4:56:85:54:b2:d1:eb:b9:7b:aa:cf:
8d:b4:05:2b:a2:8b:f5:3e:0a:89:10:1c:03:67:92:da:52:b2:
94:e8:8b:26:16:61:32:60:04:7c:be:14:ef:d4:00:d8:a7:f0:
37:10:72:5e:2e:b1:14:fe:ca:8b:34:ab:4b:72:96:cf:1c:2d:
d7:43:32:95:92:c4:37:6a:a2:9b:7a:79:05:46:1f:67:59:79:
43:43:d0:54:f9:5e:b1:46:0d:17:63:1f:f3:92:18:8d:36:b6:
64:c1:47:7b:29:a7:8b:db:a0:a3:1f:82:6e:a4:b7:31:e1:ab:
4c:24:4b:3f:2c:6d:50:16:b2:32:02:84:7d:75:12:6f:4c:85:
d5:2b:19:cd:9b:6d:12:1e:f2:69:91:46:ee:9c:0b:73:fd:43:
21:e3:22:87:4d:5a:85:0d:c8:25:9a:a8:d3:e7:21:de:37:c3:
ce:8d:c5:0a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSuNRJ7xvG8NqHNiwafU+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjdkYTMxNWY3ZTFmMWY3NGMzOTg3MGU4MDdjYjI4YTViYzA2OWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfSdpS8Kv2QqTzz/0fGs9z7w16XH
LqogGgW0Z/gIsanQhKPQHPbKTCtvXsL/Bcnne1lq3uE+tvHCyroxaH1Ic3Rd4VQO
98gD4NqDtUH+NT6R87ouNkrNJOI3DlD/SzDHcALVsYiN54Ch9MH9jKY73OohtNps
2IvUcfXnM39VjlYgWIaLdPkE26mmdN4teGv8jLHKIrqBGjynWQforo6e38UrXrkq
lbQB6g+V5m4U15RA6Ew7+Wdo9/B66l+qziQXdTELvPXkdGXV8oOnmcmhAqbV/Nic
1fWGRlNxMxKpCrbjRyGdbnD9v2F46HZF5hp7xmsJEoXtjfiSpMpDEnL5/wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE99oxX34fH3TDmHDoB8sopbwGnHMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvVDMyakZmZmg4ZmRNT1ljT2dIeXlpbHZBYWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABf2eAwQC
PnrkAwQAuae1AwQAuczLMA0GCSqGSIb3DQEBCwUAA4IBAQBYTZz6aRVwZYs6Z8Zc
NZhAibnzYkdP1CDkw/5MJAN0HnlkOBNsZu4u4HMUp6lxPXC871AjcQbYe7z8yOqf
K2mHzKxYBhQDS6twQgXC6nr8pFaFVLLR67l7qs+NtAUroov1PgqJEBwDZ5LaUrKU
6IsmFmEyYAR8vhTv1ADYp/A3EHJeLrEU/sqLNKtLcpbPHC3XQzKVksQ3aqKbenkF
Rh9nWXlDQ9BU+V6xRg0XYx/zkhiNNrZkwUd7KaeL26CjH4JupLcx4atMJEs/LG1Q
FrIyAoR9dRJvTIXVKxnNm20SHvJpkUbunAtz/UMh4yKHTVqFDcglmqjT5yHeN8PO
jcUK
-----END CERTIFICATE-----
Generated at Tue Apr 22 06:16:43 2025 by rpki-client