Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/KHb81TaWQX4TlpT-2heHor8kTHs.roa
File: KHb81TaWQX4TlpT-2heHor8kTHs.roa (raw, json)
Hash identifier: AEh1lrbMk5rGAIFiFgtAsoMUtRqhOL/hRQeliiZSb8o=
Subject key identifier: 28:76:FC:D5:36:96:41:7E:13:96:94:FE:DA:17:87:A2:BF:24:4C:7B
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 01938494E32DAC7B137879D3029379917676
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/KHb81TaWQX4TlpT-2heHor8kTHs.roa
Signing time: Sun 01 Dec 2024 23:36:10 +0000
ROA not before: Sun 01 Dec 2024 23:36:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.216.0/24 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
91.186.218.0/23 maxlen: 23
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:84:94:e3:2d:ac:7b:13:78:79:d3:02:93:79:91:76:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 1 23:36:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2876fcd53696417e139694feda1787a2bf244c7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:4a:28:db:8e:65:0d:04:31:ec:db:e7:2d:31:
68:7f:ed:e3:55:9e:af:57:5b:77:4b:a4:54:55:b6:
f5:22:3f:c3:97:81:52:33:78:69:31:85:70:60:35:
90:da:1a:a0:87:25:9f:79:35:2c:de:5e:4d:67:06:
5c:2d:23:0e:bf:47:dc:4a:a7:48:e6:eb:1f:c4:97:
05:5b:14:62:52:02:f6:1b:46:25:0b:f2:a8:cc:4b:
2d:52:47:35:40:f5:7e:3a:82:ad:89:a2:34:b3:7b:
b3:62:62:50:4c:08:9c:e0:58:e0:0c:d4:1a:88:78:
90:c2:d2:37:3f:7d:41:72:ad:5c:9c:15:93:84:d0:
8e:9d:ec:de:73:fb:20:31:7f:c7:a3:42:20:b2:ff:
0a:aa:dd:a0:63:31:2a:55:2b:c1:67:a3:4d:9f:c8:
e8:d5:70:3d:18:80:27:e0:4a:f7:78:c0:b7:93:28:
71:1e:6a:83:6c:e9:1d:a2:0b:12:a1:45:51:8b:c0:
00:1e:6f:b5:4f:ef:e0:6e:0a:9f:3b:44:af:05:e7:
fd:c4:0b:54:3a:19:8a:ca:ee:4b:0d:28:30:c9:62:
a8:36:00:ed:66:b3:69:8a:a3:98:b4:6e:5d:a7:6c:
1b:e7:3e:08:01:b6:d2:1b:e0:c6:ad:2a:9a:19:e9:
5b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:76:FC:D5:36:96:41:7E:13:96:94:FE:DA:17:87:A2:BF:24:4C:7B
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/KHb81TaWQX4TlpT-2heHor8kTHs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.216.0/24
83.147.244.0/22
91.186.200.0/21
91.186.218.0/23
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
38:3b:79:0a:3f:46:b6:05:b3:29:50:c4:ab:0d:a3:ac:59:cb:
46:d4:a3:6e:5c:a2:cb:27:3d:00:ea:dd:56:cd:7d:c3:25:af:
7e:8e:44:91:23:98:0f:1c:86:14:23:a0:81:52:ce:2e:2d:5d:
a3:02:d6:0b:84:ce:09:98:53:4a:2c:4d:48:e7:6e:2d:aa:6d:
ca:b6:92:ae:5a:82:a3:29:41:6e:e9:2a:6c:12:29:86:cc:ea:
75:ca:17:d5:78:76:4f:ee:f3:99:0f:f6:fe:d8:5f:f0:40:c9:
01:e3:b8:97:96:f2:8f:ac:35:df:e9:37:e3:d9:db:5b:c3:13:
ad:bf:c3:95:90:52:85:85:99:69:38:6e:0e:6a:33:a1:e2:91:
57:d8:59:10:b9:f0:07:c3:e8:d1:3a:56:5f:38:a6:4b:e0:0f:
23:2f:f4:b8:0e:a9:37:cb:36:de:3c:58:9a:6d:3b:cc:cd:04:
6c:ae:dd:ca:86:e2:8d:d5:7c:b1:d4:4c:b5:57:3f:70:1f:cf:
81:a4:74:53:ea:57:4a:3b:2a:80:07:5b:84:e2:9a:7f:9e:4b:
c4:8d:76:6d:1b:36:2d:c8:7e:05:71:96:d1:79:dc:ea:82:39:
2f:d2:78:19:96:7d:e5:49:05:65:db:3f:6d:b5:e9:bf:b3:c5:
0c:90:ff:90
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZOElOMtrHsTeHnTApN5kXZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjAxMjMzNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2ZmNkNTM2OTY0MTdlMTM5Njk0ZmVkYTE3ODdhMmJmMjQ0YzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokoo245lDQQx7NvnLTFof+3jVZ6v
V1t3S6RUVbb1Ij/Dl4FSM3hpMYVwYDWQ2hqghyWfeTUs3l5NZwZcLSMOv0fcSqdI
5usfxJcFWxRiUgL2G0YlC/KozEstUkc1QPV+OoKtiaI0s3uzYmJQTAic4FjgDNQa
iHiQwtI3P31Bcq1cnBWThNCOnezec/sgMX/Ho0Igsv8Kqt2gYzEqVSvBZ6NNn8jo
1XA9GIAn4Er3eMC3kyhxHmqDbOkdogsSoUVRi8AAHm+1T+/gbgqfO0SvBef9xAtU
OhmKyu5LDSgwyWKoNgDtZrNpiqOYtG5dp2wb5z4IAbbSG+DGrSqaGelbmQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCh2/NU2lkF+E5aU/toXh6K/JEx7MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvS0hiODFUYVdRWDRUbHBULTJoZUhvcjhrVEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAU5PYAwQC
U5P0AwQDW7rIAwQBW7raAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQA4O3kKP0a2
BbMpUMSrDaOsWctG1KNuXKLLJz0A6t1WzX3DJa9+jkSRI5gPHIYUI6CBUs4uLV2j
AtYLhM4JmFNKLE1I524tqm3KtpKuWoKjKUFu6SpsEimGzOp1yhfVeHZP7vOZD/b+
2F/wQMkB47iXlvKPrDXf6Tfj2dtbwxOtv8OVkFKFhZlpOG4OajOh4pFX2FkQufAH
w+jROlZfOKZL4A8jL/S4Dqk3yzbePFiabTvMzQRsrt3KhuKN1Xyx1Ey1Vz9wH8+B
pHRT6ldKOyqAB1uE4pp/nkvEjXZtGzYtyH4FcZbRedzqgjkv0ngZln3lSQVl2z9t
tem/s8UMkP+Q
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:14:15 2025 by rpki-client