Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CvigIVBC3CKq8gNZc1QTuIF2t9o.roa
File: CvigIVBC3CKq8gNZc1QTuIF2t9o.roa (raw, json)
Hash identifier: vI4UX4YvgWB9rq34g0UwKveBOIDC6NCAOJ0KlGezmVo=
Subject key identifier: 0A:F8:A0:21:50:42:DC:22:AA:F2:03:59:73:54:13:B8:81:76:B7:DA
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 15C15898
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CvigIVBC3CKq8gNZc1QTuIF2t9o.roa
Signing time: Thu 03 Mar 2022 08:33:15 +0000
ROA not before: Thu 03 Mar 2022 08:33:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.63.0/24 maxlen: 24
94.240.60.0/22 maxlen: 22
212.7.223.0/24 maxlen: 24
91.106.30.0/23 maxlen: 23
94.240.0.0/19 maxlen: 19
94.240.0.0/18 maxlen: 18
91.106.26.0/23 maxlen: 23
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 364992664 (0x15c15898)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Mar 3 08:33:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0af8a0215042dc22aaf20359735413b88176b7da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:e1:84:86:79:a8:2c:ea:22:2e:63:4d:18:e9:
d7:ee:99:a3:00:1f:6a:b8:7d:83:ac:b4:5b:47:95:
04:48:93:1e:39:32:93:3b:b9:36:ab:d8:a7:dc:54:
66:d8:73:db:51:45:ec:90:90:2b:3f:0a:3c:2a:57:
ab:6b:c2:e5:5d:4e:6d:cc:01:c3:67:fa:80:da:10:
5b:29:75:67:76:48:01:16:74:a8:eb:ad:ae:48:bb:
ea:00:0a:62:19:b5:b3:73:46:2f:f1:2a:4d:37:8c:
5d:b9:76:c5:01:ad:95:48:a5:28:e7:75:c2:cd:57:
58:63:62:08:43:bf:97:af:47:fc:27:35:d4:a8:73:
7c:a6:e5:86:fc:21:59:4d:a3:17:af:29:ff:db:c4:
f1:4b:ee:16:f2:d2:ce:61:4d:31:36:fc:c6:ea:8a:
5d:84:88:26:52:02:b2:cb:0f:a9:1c:c7:a2:44:21:
32:d2:df:82:b2:88:95:81:52:dd:03:5a:07:23:2c:
82:47:81:dc:4c:e8:18:c7:54:90:c8:aa:12:8b:b2:
4c:3e:8e:21:41:b9:f9:0d:91:b3:e7:e4:ce:51:a1:
75:85:58:9d:af:3b:b8:d4:b4:f0:e4:ff:40:ec:f0:
f2:9c:21:a8:e0:6d:93:fd:9a:7a:7d:f6:a0:fe:9f:
d8:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:F8:A0:21:50:42:DC:22:AA:F2:03:59:73:54:13:B8:81:76:B7:DA
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CvigIVBC3CKq8gNZc1QTuIF2t9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0/18
185.139.16.0/22
194.152.46.0/23
212.7.223.0/24
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
2d:77:8c:8b:37:46:45:97:f6:af:2e:ce:c4:8e:13:ec:64:ed:
f3:8b:31:92:ff:74:00:44:3d:52:4b:fb:0c:46:84:ad:71:ce:
88:56:b8:39:8a:9f:f5:73:58:06:e3:3d:41:e8:13:ca:cc:49:
a2:a9:ab:4a:39:2f:0d:f4:d1:2f:3e:b1:9e:b5:3f:3f:a6:7a:
e3:48:7d:d8:2b:00:89:4e:52:27:fc:f2:31:85:cb:06:22:87:
3e:80:24:4f:20:e8:64:f1:af:a2:4f:79:4e:ad:77:c1:24:53:
b2:3c:3b:a3:1e:70:2c:0c:77:d6:f8:01:7b:c9:25:86:8f:a3:
5c:cf:a4:c8:dd:9a:f0:da:66:fe:ee:20:87:6a:5b:3b:26:d1:
0a:df:fa:f8:9f:1e:1a:5d:2e:5a:09:24:7c:ba:b0:31:31:d5:
5d:ca:4f:25:fc:5b:4c:06:aa:e7:66:11:9b:a3:ed:56:53:09:
b6:97:25:fa:04:49:65:3e:d6:78:d9:55:3c:9d:00:6c:68:f4:
b4:0e:0d:c7:d4:f9:bc:40:9e:63:1e:95:ff:c2:a0:9a:e8:59:
6b:ee:07:9f:43:bf:ce:64:63:29:5e:a5:c9:95:97:8b:b0:c1:
a8:b0:16:60:d0:9f:77:8a:07:1a:c1:5d:c4:f1:c9:74:0a:8e:
0d:5b:09:96
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEFcFYmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTFhMmZkNmY1ZTVhZjg3ZDVjZWEwOTUwNjZmYmNjM2QzZTU0NmE0MB4XDTIyMDMw
MzA4MzMxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGFmOGEwMjE1MDQy
ZGMyMmFhZjIwMzU5NzM1NDEzYjg4MTc2YjdkYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM7hhIZ5qCzqIi5jTRjp1+6ZowAfarh9g6y0W0eVBEiTHjky
kzu5NqvYp9xUZthz21FF7JCQKz8KPCpXq2vC5V1ObcwBw2f6gNoQWyl1Z3ZIARZ0
qOutrki76gAKYhm1s3NGL/EqTTeMXbl2xQGtlUilKOd1ws1XWGNiCEO/l69H/Cc1
1KhzfKblhvwhWU2jF68p/9vE8UvuFvLSzmFNMTb8xuqKXYSIJlICsssPqRzHokQh
MtLfgrKIlYFS3QNaByMsgkeB3EzoGMdUkMiqEouyTD6OIUG5+Q2Rs+fkzlGhdYVY
na87uNS08OT/QOzw8pwhqOBtk/2aen32oP6f2EkCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBQK+KAhUELcIqryA1lzVBO4gXa32jAfBgNVHSMEGDAWgBQ1Gi/W9eWvh9XO
oJUGb7zD0+VGpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Sb3YxdlhscjRmVnpxQ1ZCbS04dzlQbFJxUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvY2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8x
L0N2aWdJVkJDM0NLcThnTlpjMVFUdUlGMnQ5by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
Y2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8xL05Sb3YxdlhscjRm
VnpxQ1ZCbS04dzlQbFJxUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAltqGAMEAVtqHgMEBl7wAAMEArmL
EAMEAcKYLgMEANQH3zANBAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsFAAOCAQEA
LXeMizdGRZf2ry7OxI4T7GTt84sxkv90AEQ9Ukv7DEaErXHOiFa4OYqf9XNYBuM9
QegTysxJoqmrSjkvDfTRLz6xnrU/P6Z640h92CsAiU5SJ/zyMYXLBiKHPoAkTyDo
ZPGvok95Tq13wSRTsjw7ox5wLAx31vgBe8klho+jXM+kyN2a8Npm/u4gh2pbOybR
Ct/6+J8eGl0uWgkkfLqwMTHVXcpPJfxbTAaq52YRm6PtVlMJtpcl+gRJZT7WeNlV
PJ0AbGj0tA4Nx9T5vECeYx6V/8KgmuhZa+4Hn0O/zmRjKV6lyZWXi7DBqLAWYNCf
d4oHGsFdxPHJdAqODVsJlg==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:02:52 2025 by rpki-client