Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kJ8Xtcdfrc38VAKKtz8Sxv018Xk.roa
File: kJ8Xtcdfrc38VAKKtz8Sxv018Xk.roa (raw, json)
Hash identifier: /WjOFgyQWGDPKfZGo+j+tm+jz0fScgN/QXYirbJ0vt8=
Subject key identifier: 90:9F:17:B5:C7:5F:AD:CD:FC:54:02:8A:B7:3F:12:C6:FD:35:F1:79
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 17492FD6
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kJ8Xtcdfrc38VAKKtz8Sxv018Xk.roa
Signing time: Sat 01 Jan 2022 16:03:49 +0000
ROA not before: Sat 01 Jan 2022 16:03:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44220
IP address blocks: 85.204.246.0/24 maxlen: 24
188.240.208.0/24 maxlen: 24
188.213.134.0/24 maxlen: 24
188.213.49.0/24 maxlen: 24
89.45.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 390672342 (0x17492fd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 1 16:03:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=909f17b5c75fadcdfc54028ab73f12c6fd35f179
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:87:61:5b:0d:0f:93:ae:1d:6a:83:59:33:91:
84:4d:13:72:c0:d4:bb:3c:fc:0d:6e:17:1d:ce:a6:
e5:1b:be:97:67:7e:cb:15:3b:3a:b1:3a:ef:8a:88:
8f:0c:4e:60:59:0b:e1:9b:e1:0f:0a:9e:d9:87:fe:
1c:95:60:5f:ad:b6:ad:98:43:e0:37:45:e7:99:dc:
bb:fc:2f:f9:b3:c3:fb:b2:03:1d:e6:a1:a7:bd:94:
5f:19:3f:93:2b:35:52:7b:4d:da:f5:80:34:6b:fb:
91:56:fc:aa:9d:33:40:ba:36:c5:b1:a5:dd:43:39:
82:39:0b:20:ba:e1:2c:48:7d:60:a1:b1:f9:e2:c4:
9f:21:7c:4c:42:82:b1:6f:60:fc:f9:f3:28:6d:65:
76:6b:c9:93:73:62:83:cd:41:f7:1a:f2:d1:bf:8f:
70:7c:64:24:a2:39:f4:49:fe:a4:1c:93:f0:93:28:
d1:93:4d:e4:ec:6e:aa:36:e5:00:3f:7f:97:62:7a:
27:7b:26:f3:1e:ff:53:e9:e1:c6:a0:7a:e1:40:f0:
c3:9d:0b:18:e8:b5:1c:e6:6a:13:dd:fb:96:a8:9d:
59:4c:33:4f:8f:e8:b9:0c:60:da:14:de:92:e3:6a:
dd:06:3f:ab:4e:31:ad:69:c6:6f:cd:a5:cf:40:ee:
65:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:9F:17:B5:C7:5F:AD:CD:FC:54:02:8A:B7:3F:12:C6:FD:35:F1:79
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kJ8Xtcdfrc38VAKKtz8Sxv018Xk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.246.0/24
89.45.46.0/24
188.213.49.0/24
188.213.134.0/24
188.240.208.0/24
Signature Algorithm: sha256WithRSAEncryption
76:12:e8:3d:a4:1a:ff:5f:05:8f:d9:f3:3b:13:51:d8:75:16:
de:76:29:80:d6:cf:be:36:c3:d5:2d:ec:37:61:f0:79:c9:c4:
82:65:d6:dd:f0:59:71:55:fa:dc:95:3d:6e:83:1c:b5:e8:2f:
e8:e9:86:dd:65:94:b1:45:46:6e:24:f4:94:d8:8a:2b:bc:cf:
70:73:47:4c:4f:f3:6b:ff:01:7c:55:16:9a:4a:21:d1:56:f8:
a6:30:14:e8:1f:a2:9d:b5:b7:a3:21:53:8d:a8:53:22:83:69:
45:dc:8b:6c:bd:44:b6:fd:c4:61:a7:0b:cd:e7:ce:a7:b7:de:
2d:2a:5d:f0:8a:29:a7:ac:b2:ca:b4:32:3d:25:fa:18:d5:d5:
32:bc:38:86:da:9b:ce:84:ff:d0:09:a1:d9:60:43:20:12:4e:
23:5f:1a:06:2b:0d:76:df:ef:16:7f:d9:3e:d1:1a:d1:d3:29:
7a:b6:61:c8:93:e2:df:43:d1:b2:ea:46:3f:34:f5:28:9f:cf:
3f:76:f6:76:8c:28:4e:6f:f4:f6:60:da:0e:77:d2:91:af:ae:
67:20:4e:f4:e9:e2:24:3a:e2:52:30:5c:25:67:71:2c:3e:32:
8d:3d:eb:a6:5b:6e:94:44:14:d8:7b:74:d5:64:05:2e:f4:08:
26:6a:5b:1d
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEF0kv1jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZGYxMzJkZjEzZTRiZTUzZDgyNTBjOGM0ODQyMDI2NGVlZjZjMTRjMB4XDTIyMDEw
MTE2MDM0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTA5ZjE3YjVjNzVm
YWRjZGZjNTQwMjhhYjczZjEyYzZmZDM1ZjE3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmHYVsND5OuHWqDWTORhE0TcsDUuzz8DW4XHc6m5Ru+l2d+
yxU7OrE674qIjwxOYFkL4ZvhDwqe2Yf+HJVgX622rZhD4DdF55ncu/wv+bPD+7ID
Heahp72UXxk/kys1UntN2vWANGv7kVb8qp0zQLo2xbGl3UM5gjkLILrhLEh9YKGx
+eLEnyF8TEKCsW9g/PnzKG1ldmvJk3Nig81B9xry0b+PcHxkJKI59En+pByT8JMo
0ZNN5OxuqjblAD9/l2J6J3sm8x7/U+nhxqB64UDww50LGOi1HOZqE937lqidWUwz
T4/ouQxg2hTekuNq3QY/q04xrWnGb82lz0DuZfECAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBSQnxe1x1+tzfxUAoq3PxLG/TXxeTAfBgNVHSMEGDAWgBR98TLfE+S+U9gl
DIxIQgJk7vbBTDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZmRXkzeFBrdmxQWUpReU1TRUlDWk83MndVdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvYzM3NDk3LTYzNzYtNDYxZS05M2M2LTk3Nzg2NzRlZGM5Ny8x
L2tKOFh0Y2RmcmMzOFZBS0t0ejhTeHYwMThYay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
YzM3NDk3LTYzNzYtNDYxZS05M2M2LTk3Nzg2NzRlZGM5Ny8xL2ZmRXkzeFBrdmxQ
WUpReU1TRUlDWk83MndVdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAFXM9gMEAFktLgMEALzVMQMEALzV
hgMEALzw0DANBgkqhkiG9w0BAQsFAAOCAQEAdhLoPaQa/18Fj9nzOxNR2HUW3nYp
gNbPvjbD1S3sN2HwecnEgmXW3fBZcVX63JU9boMctegv6OmG3WWUsUVGbiT0lNiK
K7zPcHNHTE/za/8BfFUWmkoh0Vb4pjAU6B+inbW3oyFTjahTIoNpRdyLbL1Etv3E
YacLzefOp7feLSpd8Iopp6yyyrQyPSX6GNXVMrw4htqbzoT/0Amh2WBDIBJOI18a
BisNdt/vFn/ZPtEa0dMperZhyJPi30PRsupGPzT1KJ/PP3b2dowoTm/09mDaDnfS
ka+uZyBO9OniJDriUjBcJWdxLD4yjT3rpltulEQU2Ht01WQFLvQIJmpbHQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:41:09 2025 by rpki-client