Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1zeYb5_OOWsyCLZN_pS7miVPhUk.roa
File: 1zeYb5_OOWsyCLZN_pS7miVPhUk.roa (raw, json)
Hash identifier: 8iWv9kshWHi5V/cxuLcVxZp6C46InySEM7Pjs15i8p0=
Subject key identifier: D7:37:98:6F:9F:CE:39:6B:32:08:B6:4D:FE:94:BB:9A:25:4F:85:49
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 018536561BA6D810C7DFB13575F2F58A307C
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1zeYb5_OOWsyCLZN_pS7miVPhUk.roa
Signing time: Wed 21 Dec 2022 20:18:10 +0000
ROA not before: Wed 21 Dec 2022 20:18:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44220
IP address blocks: 85.204.246.0/24 maxlen: 24
188.213.134.0/24 maxlen: 24
188.213.49.0/24 maxlen: 24
89.45.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:36:56:1b:a6:d8:10:c7:df:b1:35:75:f2:f5:8a:30:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Dec 21 20:18:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d737986f9fce396b3208b64dfe94bb9a254f8549
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:3f:c7:91:9f:0b:04:4b:04:d3:2f:a6:b7:94:
53:9e:23:26:ff:8a:f7:e1:bd:ee:b4:35:5d:7b:c3:
32:9a:0a:8a:2d:e9:cb:47:d8:1c:7c:06:db:9a:90:
c8:73:97:d9:0d:50:d7:75:18:46:01:70:cb:a4:b4:
1b:29:ed:b2:ae:34:2a:df:12:d0:d6:8d:7d:0d:ae:
38:0a:2a:0e:f1:fb:fc:33:db:62:7f:c8:0f:5b:7b:
8e:88:5d:96:b7:62:6a:9a:28:5c:e9:05:5a:bb:14:
6c:3c:eb:02:cb:57:e4:18:2d:86:de:da:e5:52:9f:
90:dd:ae:76:6f:e9:78:90:55:ba:f3:db:f9:15:42:
46:2e:93:ee:5e:3f:18:e1:ea:45:9c:72:1d:1d:cb:
74:a0:61:28:4d:32:7c:c0:0b:b7:c8:a1:7d:a2:f1:
16:3f:29:fa:80:38:59:f6:ec:62:a7:70:fd:40:28:
7f:a3:4d:25:66:7e:75:73:17:2a:fa:80:77:79:36:
ed:9a:bc:b2:ec:26:dd:41:ff:0b:37:73:45:6f:59:
b8:04:4e:1e:4f:72:cf:47:94:dd:68:f6:7c:f7:a1:
a1:a3:78:b5:2c:94:11:13:07:6b:74:4b:f8:f5:6b:
80:11:49:18:c6:d1:d9:a6:24:b5:eb:e4:c2:d6:52:
34:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:37:98:6F:9F:CE:39:6B:32:08:B6:4D:FE:94:BB:9A:25:4F:85:49
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/1zeYb5_OOWsyCLZN_pS7miVPhUk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.246.0/24
89.45.46.0/24
188.213.49.0/24
188.213.134.0/24
Signature Algorithm: sha256WithRSAEncryption
46:b5:b9:49:b1:73:93:82:5f:5c:c3:f9:57:1c:3d:d2:86:f1:
cf:91:78:a4:79:03:f3:4d:f7:a0:9f:4c:ed:76:23:9b:7e:10:
a8:35:fe:71:32:81:14:45:ae:08:ba:ca:ce:51:93:54:14:3e:
75:56:43:6e:cc:80:7d:99:29:45:b7:73:b3:21:87:bf:1a:63:
35:13:af:c0:14:48:3b:64:78:c4:33:32:c2:bb:88:b7:04:b4:
fd:2a:c6:a6:28:8d:b1:c2:03:bf:89:6f:b6:78:fd:ad:33:2e:
52:f7:f8:00:fc:d5:8d:18:a9:d4:a1:49:5a:41:8e:22:3b:c4:
83:3e:1a:80:9e:48:18:c1:8d:65:41:dd:b8:38:9e:19:2d:8e:
2b:03:22:82:db:83:14:1f:49:d5:f4:fc:74:e4:8a:3b:aa:54:
ba:b3:4e:a2:ab:51:4b:d2:b6:bc:71:b7:23:06:00:65:6e:60:
80:11:fe:8b:25:5e:a9:ee:d1:5e:cd:88:1f:bc:4f:95:54:9a:
e2:11:e4:b8:4e:fd:4e:c9:7e:e4:d2:41:ce:d1:86:52:ae:6b:
30:ac:b1:c2:fe:9f:59:21:47:24:97:ae:b7:fc:66:8b:32:c0:
e7:99:e1:c6:cc:45:20:92:b6:05:36:8b:57:53:59:3e:6c:f7:
db:9b:e6:b3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYU2Vhum2BDH37E1dfL1ijB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjIxMjIxMjAxODEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM3OTg2ZjlmY2UzOTZiMzIwOGI2NGRmZTk0YmI5YTI1NGY4NTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqz/HkZ8LBEsE0y+mt5RTniMm/4r3
4b3utDVde8MymgqKLenLR9gcfAbbmpDIc5fZDVDXdRhGAXDLpLQbKe2yrjQq3xLQ
1o19Da44CioO8fv8M9tif8gPW3uOiF2Wt2Jqmihc6QVauxRsPOsCy1fkGC2G3trl
Up+Q3a52b+l4kFW689v5FUJGLpPuXj8Y4epFnHIdHct0oGEoTTJ8wAu3yKF9ovEW
Pyn6gDhZ9uxip3D9QCh/o00lZn51cxcq+oB3eTbtmryy7CbdQf8LN3NFb1m4BE4e
T3LPR5TdaPZ896Gho3i1LJQREwdrdEv49WuAEUkYxtHZpiS16+TC1lI0kwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNc3mG+fzjlrMgi2Tf6Uu5olT4VJMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvMXplWWI1X09PV3N5Q0xaTl9wUzdtaVZQaFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcz2AwQA
WS0uAwQAvNUxAwQAvNWGMA0GCSqGSIb3DQEBCwUAA4IBAQBGtblJsXOTgl9cw/lX
HD3ShvHPkXikeQPzTfegn0ztdiObfhCoNf5xMoEURa4IusrOUZNUFD51VkNuzIB9
mSlFt3OzIYe/GmM1E6/AFEg7ZHjEMzLCu4i3BLT9KsamKI2xwgO/iW+2eP2tMy5S
9/gA/NWNGKnUoUlaQY4iO8SDPhqAnkgYwY1lQd24OJ4ZLY4rAyKC24MUH0nV9Px0
5Io7qlS6s06iq1FL0ra8cbcjBgBlbmCAEf6LJV6p7tFezYgfvE+VVJriEeS4Tv1O
yX7k0kHO0YZSrmswrLHC/p9ZIUckl663/GaLMsDnmeHGzEUgkrYFNotXU1k+bPfb
m+az
-----END CERTIFICATE-----
Generated at Thu Apr 17 14:49:27 2025 by rpki-client