Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/KM3VrY14nagmmbATRw1yVeDILyQ.roa
File: KM3VrY14nagmmbATRw1yVeDILyQ.roa (raw, json)
Hash identifier: joMwmXfeD7aQDLO/rCfy4vObtH6LDHZ9GqlKdBx23yM=
Subject key identifier: 28:CD:D5:AD:8D:78:9D:A8:26:99:B0:13:47:0D:72:55:E0:C8:2F:24
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 029DEFC7
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/KM3VrY14nagmmbATRw1yVeDILyQ.roa
Signing time: Sat 01 Jan 2022 15:07:08 +0000
ROA not before: Sat 01 Jan 2022 15:07:08 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.92.160.0/22 maxlen: 24
185.106.244.0/22 maxlen: 24
185.92.168.0/22 maxlen: 24
185.106.252.0/22 maxlen: 24
185.107.4.0/22 maxlen: 24
185.92.180.0/22 maxlen: 24
185.92.188.0/22 maxlen: 24
185.107.20.0/22 maxlen: 24
185.92.204.0/22 maxlen: 24
185.88.60.0/22 maxlen: 24
185.92.152.0/22 maxlen: 24
89.207.248.0/21 maxlen: 24
2a05:ca80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 43904967 (0x29defc7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Jan 1 15:07:08 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=28cdd5ad8d789da82699b013470d7255e0c82f24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:e5:98:6f:43:78:36:51:8f:56:43:36:5a:87:
19:b7:b6:73:7b:64:35:e5:7f:ec:98:56:0e:5a:d2:
40:dc:32:cf:ff:b2:73:34:1b:70:47:82:90:c5:6a:
32:4e:79:4c:26:1f:ce:7e:30:53:8e:74:6d:41:70:
b1:f3:bd:96:30:d6:aa:be:3c:64:3f:58:54:98:4f:
e7:e5:7c:3a:7c:a4:a0:df:06:b5:e9:06:b7:05:83:
b3:8b:08:e6:fc:4a:65:aa:f6:c2:f5:31:00:3b:38:
e4:58:97:9b:aa:2e:53:36:21:9f:b3:88:63:cf:87:
ad:97:2e:4f:47:ff:e9:53:4c:1f:8c:0e:2d:e3:97:
1c:f2:38:60:e5:7f:71:cf:e0:c2:53:b4:33:31:4d:
69:ee:84:4d:9c:3f:5f:24:7f:35:c3:0d:d2:71:c0:
87:66:3c:b3:99:a0:a2:62:2e:d0:7f:cf:91:77:52:
a1:9f:f0:54:0e:bf:84:f3:b1:ed:f6:22:12:8f:82:
b3:38:a7:37:98:91:da:b0:15:fb:78:b0:59:22:17:
fe:af:ff:46:17:83:75:b6:64:14:41:ed:e2:47:c3:
eb:15:7f:94:e4:e3:7a:91:9c:ea:69:94:93:90:b7:
10:d2:bb:73:c4:f1:26:2d:5f:40:66:4b:36:39:91:
1f:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:CD:D5:AD:8D:78:9D:A8:26:99:B0:13:47:0D:72:55:E0:C8:2F:24
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/KM3VrY14nagmmbATRw1yVeDILyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
89.207.248.0/21
185.88.60.0/22
185.92.152.0/22
185.92.160.0/22
185.92.168.0/22
185.92.180.0/22
185.92.188.0/22
185.92.204.0/22
185.106.244.0/22
185.106.252.0/22
185.107.4.0/22
185.107.20.0/22
IPv6:
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
17:e8:00:36:b3:f9:9d:cc:c8:18:7e:d4:25:94:60:6c:42:c3:
a4:20:11:4e:6e:fd:92:ab:f8:24:eb:ae:8d:d4:95:3e:ae:37:
08:88:b2:89:5b:50:3c:94:07:79:b8:1d:be:61:90:a9:ec:ce:
c9:44:87:b1:74:5d:47:76:f2:41:fe:bf:0e:81:85:46:06:3b:
97:11:8b:eb:37:7b:bd:e2:19:79:fc:66:2b:29:88:3a:fa:e7:
83:5e:d1:e1:64:0a:c3:6a:08:44:e9:d6:8e:16:fe:7b:98:b4:
69:03:36:0c:9e:6e:1e:62:36:14:f9:d6:98:83:0a:8c:22:0d:
72:6d:ad:4b:02:aa:98:fb:c1:9c:77:c1:d1:b5:f1:19:0b:da:
05:4e:13:a4:23:eb:ee:fd:74:70:8a:a1:64:e7:47:65:d3:c7:
aa:32:fd:19:02:5a:4e:3a:1e:0f:3b:04:2f:78:4b:05:63:05:
03:df:ef:e7:a4:dc:0d:69:4f:e8:d0:78:5b:56:46:fe:61:ce:
2a:cb:20:af:18:ca:8c:29:f7:a5:5b:97:dc:8b:c6:a8:d4:86:
56:0f:40:48:1b:52:b7:e5:f7:13:77:d7:28:db:48:2d:47:cb:
d9:cc:62:17:14:99:53:b7:54:01:2e:35:84:53:6d:4c:26:ca:
bc:cc:05:f1
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEAp3vxzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MTRlNDk5MjQwY2VhNTg4NTQxYTdkYzc0ZjMyMWM5MTQxNzQ0YmI2MB4XDTIyMDEw
MTE1MDcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjhjZGQ1YWQ4ZDc4
OWRhODI2OTliMDEzNDcwZDcyNTVlMGM4MmYyNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKXlmG9DeDZRj1ZDNlqHGbe2c3tkNeV/7JhWDlrSQNwyz/+y
czQbcEeCkMVqMk55TCYfzn4wU450bUFwsfO9ljDWqr48ZD9YVJhP5+V8OnykoN8G
tekGtwWDs4sI5vxKZar2wvUxADs45FiXm6ouUzYhn7OIY8+HrZcuT0f/6VNMH4wO
LeOXHPI4YOV/cc/gwlO0MzFNae6ETZw/XyR/NcMN0nHAh2Y8s5mgomIu0H/PkXdS
oZ/wVA6/hPOx7fYiEo+CszinN5iR2rAV+3iwWSIX/q//RheDdbZkFEHt4kfD6xV/
lOTjepGc6mmUk5C3ENK7c8TxJi1fQGZLNjmRH+kCAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBQozdWtjXidqCaZsBNHDXJV4MgvJDAfBgNVHSMEGDAWgBShTkmSQM6liFQa
fcdPMhyRQXRLtjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29VNUpra0RPcFloVUduM0hUeklja1VGMFM3WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjMvMDgyOGU3LTFlNTctNDc0Ny04ZWExLTM2YTgwOGYzZDE0ZC8x
L0tNM1ZyWTE0bmFnbW1iQVRSdzF5VmVESUx5US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMv
MDgyOGU3LTFlNTctNDc0Ny04ZWExLTM2YTgwOGYzZDE0ZC8xL29VNUpra0RPcFlo
VUduM0hUeklja1VGMFM3WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEAy4TmAMEA1nP+AMEArlYPAMEArlc
mAMEArlcoAMEArlcqAMEArlctAMEArlcvAMEArlczAMEArlq9AMEArlq/AMEArlr
BAMEArlrFDANBAIAAjAHAwUDKgXKgDANBgkqhkiG9w0BAQsFAAOCAQEAF+gANrP5
nczIGH7UJZRgbELDpCARTm79kqv4JOuujdSVPq43CIiyiVtQPJQHebgdvmGQqezO
yUSHsXRdR3byQf6/DoGFRgY7lxGL6zd7veIZefxmKymIOvrng17R4WQKw2oIROnW
jhb+e5i0aQM2DJ5uHmI2FPnWmIMKjCINcm2tSwKqmPvBnHfB0bXxGQvaBU4TpCPr
7v10cIqhZOdHZdPHqjL9GQJaTjoeDzsEL3hLBWMFA9/v56TcDWlP6NB4W1ZG/mHO
KssgrxjKjCn3pVuX3IvGqNSGVg9ASBtSt+X3E3fXKNtILUfL2cxiFxSZU7dUAS41
hFNtTCbKvMwF8Q==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:15:54 2025 by rpki-client