Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/KbnpyteNnB1GmhTsOzoLXeNhjGE.roa
File: KbnpyteNnB1GmhTsOzoLXeNhjGE.roa (raw, json)
Hash identifier: d83wp2M2J2FHHVc0H1xhqr4WHWREm9ZsiqtffAdhnZU=
Subject key identifier: 29:B9:E9:CA:D7:8D:9C:1D:46:9A:14:EC:3B:3A:0B:5D:E3:61:8C:61
Certificate issuer: /CN=66d337d330ba44efcfef555355132a6a2c69783c
Certificate serial: 018571A7BDB8A5CD296A59070A056076323B
Authority key identifier: 66:D3:37:D3:30:BA:44:EF:CF:EF:55:53:55:13:2A:6A:2C:69:78:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZtM30zC6RO_P71VTVRMqaixpeDw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/KbnpyteNnB1GmhTsOzoLXeNhjGE.roa
Signing time: Mon 02 Jan 2023 08:44:56 +0000
ROA not before: Mon 02 Jan 2023 08:44:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9147
IP address blocks: 185.176.57.0/24 maxlen: 24
185.176.58.0/24 maxlen: 24
185.176.56.0/24 maxlen: 24
185.176.56.0/22 maxlen: 22
185.176.59.0/24 maxlen: 24
78.31.232.0/24 maxlen: 24
78.31.232.0/22 maxlen: 22
78.31.233.0/24 maxlen: 24
78.31.234.0/24 maxlen: 24
78.31.235.0/24 maxlen: 24
185.119.240.0/22 maxlen: 22
212.86.64.0/19 maxlen: 19
185.119.240.0/24 maxlen: 24
212.86.64.0/24 maxlen: 24
212.86.65.0/24 maxlen: 24
212.86.70.0/24 maxlen: 24
212.86.69.0/24 maxlen: 24
212.86.67.0/24 maxlen: 24
212.86.66.0/24 maxlen: 24
185.119.242.0/24 maxlen: 24
212.86.68.0/24 maxlen: 24
185.119.243.0/24 maxlen: 24
212.86.71.0/24 maxlen: 24
185.119.241.0/24 maxlen: 24
212.86.72.0/24 maxlen: 24
212.86.73.0/24 maxlen: 24
212.86.76.0/24 maxlen: 24
212.86.74.0/24 maxlen: 24
212.86.75.0/24 maxlen: 24
212.86.77.0/24 maxlen: 24
212.86.78.0/24 maxlen: 24
212.86.79.0/24 maxlen: 24
212.86.80.0/24 maxlen: 24
212.86.83.0/24 maxlen: 24
212.86.81.0/24 maxlen: 24
212.86.82.0/24 maxlen: 24
212.86.84.0/24 maxlen: 24
212.86.85.0/24 maxlen: 24
212.86.86.0/24 maxlen: 24
212.86.87.0/24 maxlen: 24
212.86.90.0/24 maxlen: 24
212.86.88.0/24 maxlen: 24
212.86.89.0/24 maxlen: 24
212.86.91.0/24 maxlen: 24
212.86.95.0/24 maxlen: 24
212.86.93.0/24 maxlen: 24
212.86.94.0/24 maxlen: 24
212.86.92.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:a7:bd:b8:a5:cd:29:6a:59:07:0a:05:60:76:32:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66d337d330ba44efcfef555355132a6a2c69783c
Validity
Not Before: Jan 2 08:44:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29b9e9cad78d9c1d469a14ec3b3a0b5de3618c61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:52:7c:58:76:fa:05:ca:0a:1f:36:af:b8:16:
f9:e6:2b:8d:7c:37:25:3f:e5:33:d0:fa:a9:cd:3e:
09:ac:ff:26:f9:d1:f5:d9:4f:88:fd:8d:a6:5f:69:
fe:dd:20:b6:83:9f:5f:4e:a7:20:cc:b3:79:6d:d3:
62:a6:93:a8:a1:80:a7:f4:d6:a1:42:d1:fb:52:87:
59:71:01:d0:4d:51:f0:e1:dd:d7:b8:68:c0:73:df:
e0:82:e7:b7:9d:08:fa:59:7f:7f:b0:2c:fb:43:ed:
e2:64:9e:af:10:e1:a1:3a:c7:b9:a8:0f:42:65:55:
3a:6c:c4:08:9c:06:b5:fb:1f:1f:5d:37:97:cb:e2:
5e:f6:f7:37:3e:75:e7:cc:e8:ad:37:cb:c6:15:d7:
19:b7:f2:32:84:48:ce:6e:50:ac:36:a1:58:a2:2b:
21:36:de:c9:95:2d:14:1c:cb:95:39:76:45:11:1a:
79:67:02:5a:45:c3:91:d4:c3:43:4d:48:8e:ee:ba:
52:e5:ce:8f:dc:f2:22:f8:e2:76:81:06:7b:d2:96:
25:71:1a:36:4b:f1:c6:45:79:8f:3b:f2:b5:0e:9f:
d2:df:c4:1b:fc:fe:cf:2a:df:33:c2:40:ce:14:05:
02:a1:90:5d:b5:dc:3e:9c:47:27:39:80:ec:83:f4:
e1:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:B9:E9:CA:D7:8D:9C:1D:46:9A:14:EC:3B:3A:0B:5D:E3:61:8C:61
X509v3 Authority Key Identifier:
keyid:66:D3:37:D3:30:BA:44:EF:CF:EF:55:53:55:13:2A:6A:2C:69:78:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtM30zC6RO_P71VTVRMqaixpeDw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/KbnpyteNnB1GmhTsOzoLXeNhjGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2b5e7c-67b1-477d-895f-8f5fc92125db/1/ZtM30zC6RO_P71VTVRMqaixpeDw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.31.232.0/22
185.119.240.0/22
185.176.56.0/22
212.86.64.0/19
Signature Algorithm: sha256WithRSAEncryption
3b:e8:6a:9d:0f:d5:67:5f:a7:a9:cd:d4:dd:d9:e9:50:fd:4a:
c6:53:92:81:84:22:8e:92:ed:09:8b:30:30:bb:15:cd:31:54:
d3:a5:d8:ca:ed:52:e0:0e:bd:e7:9c:b8:1e:a5:01:ec:59:c7:
71:de:5c:bf:04:92:32:6c:c6:8f:f9:53:da:18:69:5e:41:f0:
80:56:cf:6c:a2:c5:d8:0d:41:08:b0:90:ba:28:8a:a1:df:a2:
46:97:e6:6d:da:08:1f:d2:25:23:00:1a:5f:e1:49:82:4e:d5:
a2:c5:77:ba:c1:71:29:33:0e:18:e8:c1:92:ba:f7:1c:d5:74:
ee:72:f4:f5:85:28:e2:5f:ca:96:05:26:b3:f3:fb:63:75:d5:
13:fd:83:d2:1d:16:71:a8:56:86:ab:ed:b3:19:c0:5a:f8:fd:
35:42:4b:ea:a3:05:be:bb:48:58:48:7e:74:1e:56:5b:3d:5c:
ff:30:de:79:b6:d6:35:de:bc:f7:e2:68:2e:44:69:99:06:57:
1e:6e:17:40:55:25:e3:6f:38:07:76:18:56:c6:60:b5:40:94:
55:6e:b5:a3:ea:d0:32:77:7b:70:92:7e:f0:dc:6e:52:22:9a:
8b:b6:47:0f:b9:24:33:37:66:d8:a0:59:88:bf:e6:5f:86:03:
fd:9e:9d:20
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxp724pc0palkHCgVgdjI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDMzN2QzMzBiYTQ0ZWZjZmVmNTU1MzU1MTMyYTZhMmM2
OTc4M2MwHhcNMjMwMTAyMDg0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI5ZTljYWQ3OGQ5YzFkNDY5YTE0ZWMzYjNhMGI1ZGUzNjE4YzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1J8WHb6BcoKHzavuBb55iuNfDcl
P+Uz0PqpzT4JrP8m+dH12U+I/Y2mX2n+3SC2g59fTqcgzLN5bdNippOooYCn9Nah
QtH7UodZcQHQTVHw4d3XuGjAc9/ggue3nQj6WX9/sCz7Q+3iZJ6vEOGhOse5qA9C
ZVU6bMQInAa1+x8fXTeXy+Je9vc3PnXnzOitN8vGFdcZt/IyhEjOblCsNqFYoish
Nt7JlS0UHMuVOXZFERp5ZwJaRcOR1MNDTUiO7rpS5c6P3PIi+OJ2gQZ70pYlcRo2
S/HGRXmPO/K1Dp/S38Qb/P7PKt8zwkDOFAUCoZBdtdw+nEcnOYDsg/ThpQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCm56crXjZwdRpoU7Ds6C13jYYxhMB8GA1UdIwQY
MBaAFGbTN9MwukTvz+9VU1UTKmosaXg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRNMzB6QzZST19QNzFWVFZSTXFhaXhwZUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYjVlN2MtNjdiMS00NzdkLTg5NWYt
OGY1ZmM5MjEyNWRiLzEvS2JucHl0ZU5uQjFHbWhUc096b0xYZU5oakdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYjVlN2MtNjdiMS00NzdkLTg5NWYtOGY1ZmM5MjEyNWRi
LzEvWnRNMzB6QzZST19QNzFWVFZSTXFhaXhwZUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCTh/oAwQC
uXfwAwQCubA4AwQF1FZAMA0GCSqGSIb3DQEBCwUAA4IBAQA76GqdD9VnX6epzdTd
2elQ/UrGU5KBhCKOku0JizAwuxXNMVTTpdjK7VLgDr3nnLgepQHsWcdx3ly/BJIy
bMaP+VPaGGleQfCAVs9sosXYDUEIsJC6KIqh36JGl+Zt2ggf0iUjABpf4UmCTtWi
xXe6wXEpMw4Y6MGSuvcc1XTucvT1hSjiX8qWBSaz8/tjddUT/YPSHRZxqFaGq+2z
GcBa+P01QkvqowW+u0hYSH50HlZbPVz/MN55ttY13rz34mguRGmZBlcebhdAVSXj
bzgHdhhWxmC1QJRVbrWj6tAyd3twkn7w3G5SIpqLtkcPuSQzN2bYoFmIv+ZfhgP9
np0g
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:17:51 2025 by rpki-client