Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/B7zMTuWV3h5NGGTazQAqOf_oP9s.roa
File: B7zMTuWV3h5NGGTazQAqOf_oP9s.roa (raw, json)
Hash identifier: Gjxl9sLFMeWSSANV45AvIXxAMB7rV+Q1IyD5f+vEwnE=
Subject key identifier: 07:BC:CC:4E:E5:95:DE:1E:4D:18:64:DA:CD:00:2A:39:FF:E8:3F:DB
Certificate issuer: /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial: 0188FBE58D9045028C2DE832BD4B2904D8B0
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/B7zMTuWV3h5NGGTazQAqOf_oP9s.roa
Signing time: Tue 27 Jun 2023 08:08:25 +0000
ROA not before: Tue 27 Jun 2023 08:08:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43451
IP address blocks: 31.24.176.0/21 maxlen: 22
81.92.248.0/21 maxlen: 22
93.174.176.0/21 maxlen: 22
188.121.160.0/19 maxlen: 20
78.41.168.0/21 maxlen: 22
185.213.144.0/22 maxlen: 23
185.22.212.0/22 maxlen: 23
185.134.212.0/22 maxlen: 22
2a03:a200::/32 maxlen: 32
2001:67c:2670::/48 maxlen: 48
2a0b:f100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:fb:e5:8d:90:45:02:8c:2d:e8:32:bd:4b:29:04:d8:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Validity
Not Before: Jun 27 08:08:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=07bccc4ee595de1e4d1864dacd002a39ffe83fdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:8e:a8:99:70:ef:54:a5:3f:ca:1c:8f:18:80:
76:04:71:8a:f1:98:ed:6c:08:e2:0c:da:e6:15:a4:
e7:89:4c:90:9b:a5:e3:aa:89:21:35:de:72:56:d4:
24:ec:a0:f5:94:99:59:54:38:99:ca:2f:66:8f:5d:
76:13:f7:ad:a9:2e:f0:ab:5e:4c:02:74:5f:83:ea:
39:a2:58:60:90:e8:2a:10:f1:6b:7b:68:d3:a2:8f:
1d:84:12:68:05:a6:a4:c3:3c:6a:6a:56:7f:0c:f3:
22:86:cd:0d:59:dd:df:65:65:cf:5a:ce:4c:b4:f6:
a4:1d:17:57:31:14:02:0e:de:be:aa:dd:37:f3:ae:
0e:74:16:2a:04:18:3c:f4:53:b7:d5:a4:1b:a5:bb:
0e:be:7d:69:34:95:f1:e9:f5:20:88:63:7c:dc:fc:
de:54:0a:c5:ba:2a:2d:b4:be:17:b4:8d:a4:0b:15:
f6:2b:be:97:e2:e6:64:4a:ad:c5:97:a9:10:7c:7f:
de:99:1c:1a:a2:e7:c8:d9:7e:b7:e3:82:9d:5d:25:
36:29:99:72:42:4e:10:1f:05:a8:93:17:b4:9e:e5:
36:b5:d5:63:46:d1:c9:c6:f7:4d:ac:f2:62:0d:f6:
cf:39:c2:c2:bf:c8:31:1a:a8:36:d2:4e:7b:cd:23:
73:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:BC:CC:4E:E5:95:DE:1E:4D:18:64:DA:CD:00:2A:39:FF:E8:3F:DB
X509v3 Authority Key Identifier:
keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/B7zMTuWV3h5NGGTazQAqOf_oP9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.176.0/21
78.41.168.0/21
81.92.248.0/21
93.174.176.0/21
185.22.212.0/22
185.134.212.0/22
185.213.144.0/22
188.121.160.0/19
IPv6:
2001:67c:2670::/48
2a03:a200::/32
2a0b:f100::/29
Signature Algorithm: sha256WithRSAEncryption
ac:14:3d:56:8f:ef:de:08:60:60:c2:11:4a:5c:83:97:52:74:
c2:ad:10:bb:ef:8b:f4:94:40:f7:5e:97:b7:6e:b7:a5:aa:4f:
b1:03:a5:3c:37:0b:c9:2d:6b:a4:d4:72:48:13:4c:27:54:c5:
96:b7:78:1f:31:f1:d6:b2:0d:d6:43:99:cc:9c:ab:18:ba:dd:
12:f0:e7:fc:f5:f9:1a:7b:cc:91:e3:4e:73:04:df:fe:1a:e9:
f3:3c:ee:11:e8:e7:88:5d:1a:2b:46:02:08:09:1f:87:d2:d2:
ec:b0:2b:4f:fd:70:35:1c:b7:16:b8:be:0a:b2:e7:d1:09:aa:
4c:fd:3a:25:fa:62:03:e1:e6:01:e5:d3:9c:2f:90:63:9f:ea:
cc:1f:45:d5:f1:24:89:3c:a3:e7:fb:53:23:a6:26:71:51:68:
c3:b8:88:a2:63:af:26:09:ce:f6:a9:df:df:70:7b:fa:e6:61:
bb:18:e0:3e:50:a2:c6:f6:4f:23:0c:e9:5b:9a:2e:72:0e:11:
19:fe:65:e7:90:20:cc:b8:a6:54:c3:2a:55:29:2c:75:25:2e:
ab:97:c5:3d:ad:a6:16:61:85:ef:7e:80:5c:be:64:f0:d2:d3:
7a:4d:f5:7d:1f:3c:e4:fe:08:37:0d:be:bb:87:4a:82:91:30:
3b:39:9a:9a
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYj75Y2QRQKMLegyvUspBNiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjMwNjI3MDgwODI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2JjY2M0ZWU1OTVkZTFlNGQxODY0ZGFjZDAwMmEzOWZmZTgzZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho6omXDvVKU/yhyPGIB2BHGK8Zjt
bAjiDNrmFaTniUyQm6XjqokhNd5yVtQk7KD1lJlZVDiZyi9mj112E/etqS7wq15M
AnRfg+o5olhgkOgqEPFre2jToo8dhBJoBaakwzxqalZ/DPMihs0NWd3fZWXPWs5M
tPakHRdXMRQCDt6+qt03864OdBYqBBg89FO31aQbpbsOvn1pNJXx6fUgiGN83Pze
VArFuiottL4XtI2kCxX2K76X4uZkSq3Fl6kQfH/emRwaoufI2X6344KdXSU2KZly
Qk4QHwWokxe0nuU2tdVjRtHJxvdNrPJiDfbPOcLCv8gxGqg20k57zSNzkQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFAe8zE7lld4eTRhk2s0AKjn/6D/bMB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvQjd6TVR1V1YzaDVOR0dUYXpRQXFPZl9vUDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzA2BAIAATAwAwQDHxiwAwQD
TimoAwQDUVz4AwQDXa6wAwQCuRbUAwQCuYbUAwQCudWQAwQFvHmgMB0EAgACMBcD
BwAgAQZ8JnADBQAqA6IAAwUDKgvxADANBgkqhkiG9w0BAQsFAAOCAQEArBQ9Vo/v
3ghgYMIRSlyDl1J0wq0Qu++L9JRA916Xt263papPsQOlPDcLyS1rpNRySBNMJ1TF
lrd4HzHx1rIN1kOZzJyrGLrdEvDn/PX5GnvMkeNOcwTf/hrp8zzuEejniF0aK0YC
CAkfh9LS7LArT/1wNRy3Fri+CrLn0QmqTP06JfpiA+HmAeXTnC+QY5/qzB9F1fEk
iTyj5/tTI6YmcVFow7iIomOvJgnO9qnf33B7+uZhuxjgPlCixvZPIwzpW5oucg4R
Gf5l55AgzLimVMMqVSksdSUuq5fFPa2mFmGF736AXL5k8NLTek31fR885P4INw2+
u4dKgpEwOzmamg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:20:52 2025 by rpki-client