Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/_7QFhn9JXsGKfAq_WvYAyGDPydg.roa
File: _7QFhn9JXsGKfAq_WvYAyGDPydg.roa (raw, json)
Hash identifier: /1to4GLFZuQGn0o2WlppEiB+AqrdYJ0QWBIf9neZuyo=
Subject key identifier: FF:B4:05:86:7F:49:5E:C1:8A:7C:0A:BF:5A:F6:00:C8:60:CF:C9:D8
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 034B008E
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/_7QFhn9JXsGKfAq_WvYAyGDPydg.roa
Signing time: Sat 19 Mar 2022 21:05:24 +0000
ROA not before: Sat 19 Mar 2022 21:05:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
185.92.152.0/22 maxlen: 24
89.207.248.0/21 maxlen: 24
185.92.160.0/22 maxlen: 24
185.92.168.0/22 maxlen: 24
185.92.180.0/22 maxlen: 24
185.92.188.0/22 maxlen: 24
185.92.204.0/22 maxlen: 24
2a05:ca80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 55246990 (0x34b008e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Mar 19 21:05:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ffb405867f495ec18a7c0abf5af600c860cfc9d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:dc:51:b8:ee:e4:f6:8f:a9:64:94:bd:30:99:
35:eb:12:3e:d6:87:36:bd:4a:03:1d:77:12:b4:40:
79:62:e0:ae:b1:a9:d5:71:00:95:67:c7:67:41:dd:
d0:2d:f1:5e:1b:26:33:70:aa:3c:12:3d:e4:87:33:
f6:96:55:b8:b7:d0:b2:9d:89:7b:3c:9d:c1:6a:d0:
19:50:77:87:7b:34:4c:79:9f:33:75:a2:33:c8:6b:
73:fa:9c:d3:31:56:5f:6e:4c:d7:31:16:37:d9:1a:
20:1d:93:e5:b5:19:f4:f3:09:40:3c:d2:2b:56:51:
18:13:7a:f4:86:c0:a8:8a:bd:21:3e:35:d9:69:c3:
fb:c9:aa:a5:a3:56:12:f2:82:6e:0d:30:b2:23:ef:
82:4b:bf:92:e2:37:fd:54:e6:16:e2:3e:18:70:3f:
19:d9:d0:d2:76:74:83:cb:40:83:9a:d7:7e:7a:a0:
55:c2:09:95:4b:48:5f:27:8a:79:41:bb:a7:55:22:
4c:76:5a:4f:1b:28:4c:92:f2:c7:85:6d:8d:2f:a1:
e7:5d:ec:fa:1d:80:6c:9a:54:9d:26:e0:1f:93:9e:
57:93:08:3f:d5:55:61:60:57:79:75:1e:69:b3:80:
f2:0d:64:d1:00:4f:32:c6:89:bd:15:a3:08:0f:ec:
e5:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:B4:05:86:7F:49:5E:C1:8A:7C:0A:BF:5A:F6:00:C8:60:CF:C9:D8
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/_7QFhn9JXsGKfAq_WvYAyGDPydg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
89.207.248.0/21
185.88.60.0/22
185.92.152.0/22
185.92.160.0/22
185.92.168.0/22
185.92.180.0/22
185.92.188.0/22
185.92.204.0/22
IPv6:
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
a0:3b:fd:eb:c2:16:b2:5e:81:2b:02:a8:4a:37:43:93:63:8f:
d6:0c:87:07:eb:29:45:a6:6d:75:44:fd:2d:0d:87:d9:e9:9b:
ac:0a:66:11:a3:a1:b9:ca:bb:9c:5c:85:2b:eb:4b:b6:00:44:
bc:e5:14:1a:a7:e6:22:5b:b6:af:4f:c6:6b:a5:dc:60:0b:a8:
ee:c8:61:09:74:d0:b0:c5:e3:72:e5:79:16:74:04:88:1b:04:
c8:15:24:0d:8b:97:b8:e4:9d:94:d4:42:df:4c:e0:f2:0c:a0:
e4:98:60:74:57:d6:4e:7b:8f:63:4e:c5:4a:92:2b:30:eb:2d:
35:1e:d7:1e:08:ab:50:20:c8:a4:c7:c0:de:70:16:8d:26:62:
ea:f2:50:8a:d7:20:c9:06:7c:59:62:55:12:55:bc:05:63:61:
b7:5b:73:45:d0:f9:7d:55:f3:d6:55:47:aa:90:0a:8a:2f:4f:
99:6a:7d:2b:c8:8a:18:18:b8:2a:e3:df:c3:c4:d9:06:07:e8:
e8:5b:ea:73:90:ee:45:aa:e8:2a:a9:e9:74:3a:fc:1e:89:ed:
6b:48:6a:97:f4:71:c5:72:59:b7:d8:a4:0a:3b:b3:f1:b7:51:
5b:47:96:c9:bf:fb:a2:1d:2f:b8:10:1d:cd:df:f6:f3:ae:99:
cf:40:4f:7f
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEA0sAjjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MTRlNDk5MjQwY2VhNTg4NTQxYTdkYzc0ZjMyMWM5MTQxNzQ0YmI2MB4XDTIyMDMx
OTIxMDUyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmZiNDA1ODY3ZjQ5
NWVjMThhN2MwYWJmNWFmNjAwYzg2MGNmYzlkODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbcUbju5PaPqWSUvTCZNesSPtaHNr1KAx13ErRAeWLgrrGp
1XEAlWfHZ0Hd0C3xXhsmM3CqPBI95Icz9pZVuLfQsp2JezydwWrQGVB3h3s0THmf
M3WiM8hrc/qc0zFWX25M1zEWN9kaIB2T5bUZ9PMJQDzSK1ZRGBN69IbAqIq9IT41
2WnD+8mqpaNWEvKCbg0wsiPvgku/kuI3/VTmFuI+GHA/GdnQ0nZ0g8tAg5rXfnqg
VcIJlUtIXyeKeUG7p1UiTHZaTxsoTJLyx4VtjS+h513s+h2AbJpUnSbgH5OeV5MI
P9VVYWBXeXUeabOA8g1k0QBPMsaJvRWjCA/s5dUCAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBT/tAWGf0lewYp8Cr9a9gDIYM/J2DAfBgNVHSMEGDAWgBShTkmSQM6liFQa
fcdPMhyRQXRLtjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29VNUpra0RPcFloVUduM0hUeklja1VGMFM3WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjMvMDgyOGU3LTFlNTctNDc0Ny04ZWExLTM2YTgwOGYzZDE0ZC8x
L183UUZobjlKWHNHS2ZBcV9XdllBeUdEUHlkZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMv
MDgyOGU3LTFlNTctNDc0Ny04ZWExLTM2YTgwOGYzZDE0ZC8xL29VNUpra0RPcFlo
VUduM0hUeklja1VGMFM3WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEAy4TmAMEA1nP+AMEArlYPAMEArlc
mAMEArlcoAMEArlcqAMEArlctAMEArlcvAMEArlczDANBAIAAjAHAwUDKgXKgDAN
BgkqhkiG9w0BAQsFAAOCAQEAoDv968IWsl6BKwKoSjdDk2OP1gyHB+spRaZtdUT9
LQ2H2embrApmEaOhucq7nFyFK+tLtgBEvOUUGqfmIlu2r0/Ga6XcYAuo7shhCXTQ
sMXjcuV5FnQEiBsEyBUkDYuXuOSdlNRC30zg8gyg5JhgdFfWTnuPY07FSpIrMOst
NR7XHgirUCDIpMfA3nAWjSZi6vJQitcgyQZ8WWJVElW8BWNht1tzRdD5fVXz1lVH
qpAKii9PmWp9K8iKGBi4KuPfw8TZBgfo6Fvqc5DuRaroKqnpdDr8Honta0hql/Rx
xXJZt9ikCjuz8bdRW0eWyb/7oh0vuBAdzd/2866Zz0BPfw==
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:12:52 2025 by rpki-client