Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/dYM_JxdySuTP9JYJ6K9lcicDwzs.roa
File: dYM_JxdySuTP9JYJ6K9lcicDwzs.roa (raw, json)
Hash identifier: 1hFs+iBlzNO+H02teSlVr5DFqf28gi1DVALpKa40jhk=
Subject key identifier: 75:83:3F:27:17:72:4A:E4:CF:F4:96:09:E8:AF:65:72:27:03:C3:3B
Certificate issuer: /CN=d4e2971e5d8169c940af020db027bedad8991590
Certificate serial: 01852F71825BECA02561F5C15B0737A98D10
Authority key identifier: D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/dYM_JxdySuTP9JYJ6K9lcicDwzs.roa
Signing time: Tue 20 Dec 2022 12:10:46 +0000
ROA not before: Tue 20 Dec 2022 12:10:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48294
IP address blocks: 185.124.0.0/22 maxlen: 22
185.70.32.0/22 maxlen: 22
91.132.128.0/22 maxlen: 22
185.126.160.0/22 maxlen: 22
85.9.192.0/18 maxlen: 18
45.86.222.0/23 maxlen: 23
45.91.36.0/22 maxlen: 22
84.252.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2f:71:82:5b:ec:a0:25:61:f5:c1:5b:07:37:a9:8d:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4e2971e5d8169c940af020db027bedad8991590
Validity
Not Before: Dec 20 12:10:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=75833f2717724ae4cff49609e8af65722703c33b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:74:5b:da:5b:66:68:75:57:4a:b8:30:60:1d:
ec:7b:31:eb:c6:3a:50:9c:47:d5:cf:79:f0:f0:2f:
cd:43:f1:4d:21:45:4f:90:18:60:38:0a:57:f8:fa:
89:76:0a:84:3f:2f:c0:e8:0a:ee:16:fb:1b:e5:78:
11:20:dc:00:ae:68:07:08:d5:8e:93:64:72:3f:4c:
5b:83:cd:a8:ed:48:8f:fd:67:de:74:00:bc:cc:f3:
59:ca:87:22:50:21:42:79:7b:f9:9b:0e:b1:bf:e4:
62:56:45:91:b8:b6:4f:7e:c2:b9:e6:6b:32:dc:ac:
60:12:d7:d6:a6:f3:e9:6e:23:e9:41:cf:df:93:e3:
81:5f:26:34:8d:52:88:13:d9:35:3d:86:16:14:b0:
b0:b2:e0:d5:fb:06:c0:47:3b:b3:33:d6:b7:5f:aa:
88:0c:79:b3:15:c0:a1:81:72:e0:f5:4f:d9:16:8a:
11:9b:da:2c:08:92:cb:08:f0:36:e1:cb:0c:3e:50:
75:31:e7:d6:bc:fb:70:52:b9:cc:ec:a2:d1:54:e2:
f3:b5:70:b5:e8:96:3d:05:23:a3:96:96:1d:ba:b3:
aa:ad:ca:27:1a:fe:0e:80:29:88:c1:d1:d7:d7:69:
7b:27:83:e4:d5:27:f1:f7:b6:74:e1:2f:f7:75:1e:
65:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:83:3F:27:17:72:4A:E4:CF:F4:96:09:E8:AF:65:72:27:03:C3:3B
X509v3 Authority Key Identifier:
keyid:D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/dYM_JxdySuTP9JYJ6K9lcicDwzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.222.0/23
45.91.36.0/22
84.252.104.0/24
85.9.192.0/18
91.132.128.0/22
185.70.32.0/22
185.124.0.0/22
185.126.160.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:6e:66:9b:cc:e8:ba:9f:63:81:63:63:f1:9e:ce:26:c4:c7:
0e:6e:4b:f6:2e:73:16:de:b3:e3:0c:11:a5:bc:76:ae:3b:24:
42:b5:b2:cf:3f:6f:d2:db:97:18:26:88:f2:16:a0:10:d2:97:
09:42:ab:91:4c:fd:bc:71:1e:53:a3:95:6e:d5:72:37:96:9a:
d8:bc:52:64:90:2e:cb:5f:21:70:d0:12:9b:15:52:5a:85:cc:
17:a6:d6:62:39:54:8f:bf:61:6d:b3:e0:80:7d:48:25:cb:95:
40:9e:d5:1c:35:c5:d6:5d:12:eb:90:b8:d0:c7:8c:e2:aa:95:
a8:41:dd:08:c9:09:81:6c:90:89:45:66:58:cd:01:e9:fb:9c:
16:1e:0c:2e:a4:3c:0f:b9:8f:52:ea:86:43:84:51:c9:e9:01:
16:1b:49:9e:4f:46:60:02:87:ac:c4:80:20:a2:47:ea:37:68:
b8:90:78:69:37:1c:61:c4:33:78:45:6d:eb:e4:ce:b8:cc:61:
7c:50:b8:83:03:e5:f0:d7:6f:a1:ab:84:a6:07:40:79:cf:c6:
46:4f:5b:a6:02:dd:49:85:bb:7b:b7:72:1e:a0:65:1d:9e:3d:
e4:a0:c1:01:0f:fa:ad:5c:f7:8c:69:3f:6b:d6:32:a8:14:07:
20:00:44:48
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUvcYJb7KAlYfXBWwc3qY0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZTI5NzFlNWQ4MTY5Yzk0MGFmMDIwZGIwMjdiZWRhZDg5
OTE1OTAwHhcNMjIxMjIwMTIxMDQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTgzM2YyNzE3NzI0YWU0Y2ZmNDk2MDllOGFmNjU3MjI3MDNjMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHRb2ltmaHVXSrgwYB3sezHrxjpQ
nEfVz3nw8C/NQ/FNIUVPkBhgOApX+PqJdgqEPy/A6AruFvsb5XgRINwArmgHCNWO
k2RyP0xbg82o7UiP/WfedAC8zPNZyociUCFCeXv5mw6xv+RiVkWRuLZPfsK55msy
3KxgEtfWpvPpbiPpQc/fk+OBXyY0jVKIE9k1PYYWFLCwsuDV+wbARzuzM9a3X6qI
DHmzFcChgXLg9U/ZFooRm9osCJLLCPA24csMPlB1MefWvPtwUrnM7KLRVOLztXC1
6JY9BSOjlpYdurOqrconGv4OgCmIwdHX12l7J4Pk1Sfx97Z04S/3dR5lhQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHWDPycXckrkz/SWCeivZXInA8M7MB8GA1UdIwQY
MBaAFNTilx5dgWnJQK8CDbAnvtrYmRWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2Yt
MTg5NDkwZDYwZWE2LzEvZFlNX0p4ZHlTdVRQOUpZSjZLOWxjaWNEd3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2YtMTg5NDkwZDYwZWE2
LzEvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLVbeAwQC
LVskAwQAVPxoAwQGVQnAAwQCW4SAAwQCuUYgAwQCuXwAAwQCuX6gMA0GCSqGSIb3
DQEBCwUAA4IBAQAubmabzOi6n2OBY2Pxns4mxMcObkv2LnMW3rPjDBGlvHauOyRC
tbLPP2/S25cYJojyFqAQ0pcJQquRTP28cR5To5Vu1XI3lprYvFJkkC7LXyFw0BKb
FVJahcwXptZiOVSPv2Fts+CAfUgly5VAntUcNcXWXRLrkLjQx4ziqpWoQd0IyQmB
bJCJRWZYzQHp+5wWHgwupDwPuY9S6oZDhFHJ6QEWG0meT0ZgAoesxIAgokfqN2i4
kHhpNxxhxDN4RW3r5M64zGF8ULiDA+Xw12+hq4SmB0B5z8ZGT1umAt1Jhbt7t3Ie
oGUdnj3koMEBD/qtXPeMaT9r1jKoFAcgAERI
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:26:06 2025 by rpki-client