Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/4VoA1dfPYqxCLCj26VHjQ_qiEG8.roa
File: 4VoA1dfPYqxCLCj26VHjQ_qiEG8.roa (raw, json)
Hash identifier: recnpK601Yh6DXPG9CNeM8XkuIuIOhsb1cpVvfxqZH4=
Subject key identifier: E1:5A:00:D5:D7:CF:62:AC:42:2C:28:F6:E9:51:E3:43:FA:A2:10:6F
Certificate issuer: /CN=2ace126fa5830911083e45f583cadb08a63ec6f9
Certificate serial: 0185732834D84A9D7D592803C09985C05B6A
Authority key identifier: 2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/4VoA1dfPYqxCLCj26VHjQ_qiEG8.roa
Signing time: Mon 02 Jan 2023 15:44:52 +0000
ROA not before: Mon 02 Jan 2023 15:44:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206984
IP address blocks: 185.169.244.0/22 maxlen: 22
212.237.212.0/22 maxlen: 22
2a0a:7700::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:28:34:d8:4a:9d:7d:59:28:03:c0:99:85:c0:5b:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ace126fa5830911083e45f583cadb08a63ec6f9
Validity
Not Before: Jan 2 15:44:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e15a00d5d7cf62ac422c28f6e951e343faa2106f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:d1:39:9f:c6:02:fc:fb:b4:4f:1e:ac:76:ad:
14:d1:c7:b1:b6:d8:a6:ad:93:3e:9a:56:68:99:59:
21:d6:d0:f5:00:57:05:3e:75:42:0a:0b:90:31:8f:
f0:e2:df:11:8d:f8:01:eb:c3:73:65:41:1a:e4:40:
19:44:27:68:5f:4f:77:3a:ac:8e:40:21:7c:96:d7:
bb:ac:0a:16:62:26:a3:e5:cc:d8:98:9b:32:89:22:
fd:fd:86:9b:47:22:19:78:e5:c8:44:58:73:04:3e:
52:70:46:7c:04:4c:73:96:40:cb:38:72:dd:24:cc:
b4:2a:2a:dc:c8:6c:cc:c6:78:15:42:1e:be:88:42:
36:c5:42:63:5e:b3:18:54:59:2f:ea:2a:82:e0:93:
bc:cd:09:8a:32:6c:94:17:8e:2b:2b:02:4a:bb:62:
78:4c:f4:ed:31:de:64:bb:7b:b8:3e:08:85:07:e9:
a1:fc:d1:f1:f8:d2:1e:58:66:2a:2c:5e:48:b7:1f:
25:29:7b:f4:b1:9f:58:2f:62:0d:2e:7a:fa:f6:28:
3f:71:bb:ab:c8:80:91:fd:14:b0:2f:40:21:7a:be:
f3:9a:45:33:ff:47:97:30:42:20:16:e9:e2:91:d2:
f5:f2:1e:9f:4a:e7:03:67:61:f5:90:83:3b:b2:ed:
87:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:5A:00:D5:D7:CF:62:AC:42:2C:28:F6:E9:51:E3:43:FA:A2:10:6F
X509v3 Authority Key Identifier:
keyid:2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/4VoA1dfPYqxCLCj26VHjQ_qiEG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.169.244.0/22
212.237.212.0/22
IPv6:
2a0a:7700::/29
Signature Algorithm: sha256WithRSAEncryption
6a:a6:c3:17:e6:c9:27:4e:97:5d:aa:01:c2:62:cc:e3:cf:c3:
52:57:a8:8e:69:8b:71:03:45:c7:f2:b9:d4:2c:02:82:4b:fa:
b5:5b:a9:64:8d:b6:13:1c:6c:27:29:d3:ed:cb:51:ed:4b:0c:
a9:76:ee:13:9d:f7:79:95:b9:8f:74:9b:bd:be:13:14:6e:60:
f0:ef:2a:37:07:a8:eb:07:ae:8f:d0:18:3f:77:39:3e:98:14:
e0:c5:c4:95:36:49:cf:a8:46:e7:75:e1:b6:5f:3a:8e:e7:d2:
7d:92:a7:55:e8:1e:a9:7a:32:21:24:7f:bf:ac:18:81:3e:20:
4c:d1:0d:c3:4f:3f:7c:d7:b6:1f:43:97:53:35:96:62:2e:12:
35:ec:25:ea:c0:d2:ed:1e:34:d9:88:7a:4f:85:70:23:1f:a1:
cd:b9:7c:fc:89:79:44:4a:b2:78:3a:50:d7:14:9e:d9:d4:e7:
34:f6:80:39:c4:ad:67:9c:1a:d5:d3:ef:50:fc:92:30:f3:ac:
5d:4a:bf:9c:70:c8:2c:ec:ca:68:82:7a:3b:45:cd:88:51:79:
a3:9e:04:05:95:bb:9e:81:c7:89:44:96:7a:e3:0f:86:22:bb:
5f:92:ce:b6:36:01:a8:26:1c:ea:70:40:22:8e:6d:37:6f:b0:
44:43:02:4d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVzKDTYSp19WSgDwJmFwFtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhY2UxMjZmYTU4MzA5MTEwODNlNDVmNTgzY2FkYjA4YTYz
ZWM2ZjkwHhcNMjMwMTAyMTU0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTVhMDBkNWQ3Y2Y2MmFjNDIyYzI4ZjZlOTUxZTM0M2ZhYTIxMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtE5n8YC/Pu0Tx6sdq0U0cexttim
rZM+mlZomVkh1tD1AFcFPnVCCguQMY/w4t8RjfgB68NzZUEa5EAZRCdoX093OqyO
QCF8lte7rAoWYiaj5czYmJsyiSL9/YabRyIZeOXIRFhzBD5ScEZ8BExzlkDLOHLd
JMy0KircyGzMxngVQh6+iEI2xUJjXrMYVFkv6iqC4JO8zQmKMmyUF44rKwJKu2J4
TPTtMd5ku3u4PgiFB+mh/NHx+NIeWGYqLF5Itx8lKXv0sZ9YL2INLnr69ig/cbur
yICR/RSwL0Aher7zmkUz/0eXMEIgFunikdL18h6fSucDZ2H1kIM7su2HLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOFaANXXz2KsQiwo9ulR40P6ohBvMB8GA1UdIwQY
MBaAFCrOEm+lgwkRCD5F9YPK2wimPsb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQt
NmNiY2I3ZTNkOGQyLzEvNFZvQTFkZlBZcXhDTENqMjZWSGpRX3FpRUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQtNmNiY2I3ZTNkOGQy
LzEvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuan0AwQC
1O3UMA0EAgACMAcDBQMqCncAMA0GCSqGSIb3DQEBCwUAA4IBAQBqpsMX5sknTpdd
qgHCYszjz8NSV6iOaYtxA0XH8rnULAKCS/q1W6lkjbYTHGwnKdPty1HtSwypdu4T
nfd5lbmPdJu9vhMUbmDw7yo3B6jrB66P0Bg/dzk+mBTgxcSVNknPqEbndeG2XzqO
59J9kqdV6B6pejIhJH+/rBiBPiBM0Q3DTz9817YfQ5dTNZZiLhI17CXqwNLtHjTZ
iHpPhXAjH6HNuXz8iXlESrJ4OlDXFJ7Z1Oc09oA5xK1nnBrV0+9Q/JIw86xdSr+c
cMgs7Mpogno7Rc2IUXmjngQFlbuegceJRJZ64w+GIrtfks62NgGoJhzqcEAijm03
b7BEQwJN
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:38:11 2025 by rpki-client