Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa
File: CrSI4pATH_vdi5DvVifbAww6Qv8.roa (raw, json)
Hash identifier: E3G+KsKoO3sBpzM1oKCNn7ZSI5PohyqXuVhBESMa5tY=
Subject key identifier: 0A:B4:88:E2:90:13:1F:FB:DD:8B:90:EF:56:27:DB:03:0C:3A:42:FF
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 018DC088B7F5EC50BBFA18E444E927FAB42C
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa
Signing time: Mon 19 Feb 2024 08:43:21 +0000
ROA not before: Mon 19 Feb 2024 08:43:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1136
IP address blocks: 37.251.0.0/17 maxlen: 17
62.131.0.0/16 maxlen: 16
62.251.0.0/17 maxlen: 17
77.160.0.0/13 maxlen: 13
77.168.0.0/14 maxlen: 14
77.172.0.0/16 maxlen: 16
77.173.0.0/16 maxlen: 16
77.174.0.0/16 maxlen: 16
77.175.0.0/16 maxlen: 16
77.175.0.0/17 maxlen: 17
77.175.128.0/17 maxlen: 17
80.60.0.0/15 maxlen: 15
81.204.0.0/14 maxlen: 14
82.136.192.0/18 maxlen: 18
82.168.0.0/14 maxlen: 14
82.168.0.0/17 maxlen: 17
82.168.128.0/18 maxlen: 18
82.168.192.0/19 maxlen: 19
82.168.224.0/19 maxlen: 19
82.169.0.0/18 maxlen: 18
82.169.64.0/19 maxlen: 19
82.169.96.0/19 maxlen: 19
82.169.128.0/19 maxlen: 19
82.169.160.0/19 maxlen: 19
82.169.192.0/18 maxlen: 18
82.170.0.0/16 maxlen: 16
82.171.0.0/18 maxlen: 18
82.171.64.0/18 maxlen: 18
82.171.128.0/17 maxlen: 17
84.80.0.0/13 maxlen: 13
85.113.224.0/19 maxlen: 19
86.80.0.0/12 maxlen: 12
88.159.0.0/16 maxlen: 16
188.142.0.0/17 maxlen: 17
195.240.0.0/16 maxlen: 16
195.240.0.0/17 maxlen: 17
195.240.128.0/18 maxlen: 18
195.240.192.0/18 maxlen: 18
195.241.0.0/16 maxlen: 16
212.123.128.0/18 maxlen: 18
212.182.128.0/18 maxlen: 18
212.238.0.0/16 maxlen: 16
213.10.0.0/16 maxlen: 16
213.84.0.0/16 maxlen: 16
213.197.0.0/18 maxlen: 18
2a02:a400::/25 maxlen: 25
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c0:88:b7:f5:ec:50:bb:fa:18:e4:44:e9:27:fa:b4:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Feb 19 08:43:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0ab488e290131ffbdd8b90ef5627db030c3a42ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:62:55:e3:d5:22:8b:72:3f:93:b3:2c:1e:35:
17:78:30:c2:ae:6a:b8:97:75:5f:8b:bf:2d:59:11:
67:d4:ef:e0:de:34:3b:01:8f:fc:a5:7e:ff:9a:c8:
b1:ec:c7:c9:36:1b:fa:24:92:fe:61:d1:23:86:b7:
15:73:a0:a5:56:96:43:e0:a8:1f:64:59:83:fa:d7:
fd:dc:ce:ba:7c:47:2b:48:c1:c9:8f:4e:c3:0f:f3:
dc:fb:42:e3:eb:86:6c:bc:9a:93:0b:13:9f:c8:9f:
37:7f:f3:3c:fd:25:1a:c6:5e:09:f2:13:b5:a6:ec:
58:3d:23:72:80:fd:a6:c3:b0:4f:7d:fa:c4:d5:69:
b6:1c:11:4d:7c:99:1c:46:4a:bf:c4:b1:8c:d9:8b:
f8:3e:41:ff:15:83:ec:2a:3c:73:e0:01:c2:d4:d6:
a5:77:51:19:e0:0b:ef:ae:0f:36:5d:ea:4f:2e:9b:
8e:a3:48:1f:0d:5f:30:96:9a:e4:35:45:4e:d4:01:
ef:46:e5:63:b1:c5:d8:7e:d1:78:9a:63:f0:9a:9f:
a5:cb:ee:8f:af:2c:99:94:7c:d1:c0:31:e6:2e:2f:
58:34:f8:33:eb:1c:af:2b:8d:31:2d:3d:6d:eb:2e:
41:cf:4e:fd:a8:3b:e4:f2:4b:20:ca:4c:18:67:37:
93:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:B4:88:E2:90:13:1F:FB:DD:8B:90:EF:56:27:DB:03:0C:3A:42:FF
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.0.0/17
62.131.0.0/16
62.251.0.0/17
77.160.0.0/12
80.60.0.0/15
81.204.0.0/14
82.136.192.0/18
82.168.0.0/14
84.80.0.0/13
85.113.224.0/19
86.80.0.0/12
88.159.0.0/16
188.142.0.0/17
195.240.0.0/15
212.123.128.0/18
212.182.128.0/18
212.238.0.0/16
213.10.0.0/16
213.84.0.0/16
213.197.0.0/18
IPv6:
2a02:a400::/25
Signature Algorithm: sha256WithRSAEncryption
47:ea:27:72:73:c8:84:74:36:7b:87:cc:ea:22:3f:39:29:dd:
8e:bd:16:93:96:cf:cf:c9:a7:5a:5c:de:1c:8b:85:5c:b8:22:
b9:6c:7b:06:03:fc:ea:28:15:75:98:71:30:ed:b8:9d:c0:6f:
ca:7d:03:cd:6f:77:9c:39:31:08:f9:00:e6:27:bc:3d:5a:05:
4f:f9:05:36:9e:8c:a0:ad:56:00:20:8c:f1:a0:ef:4e:64:9b:
21:13:df:e1:dc:b6:7e:a9:e4:0a:aa:28:96:98:ec:b1:fa:04:
60:73:cd:48:56:f5:92:59:fd:75:3e:7e:e2:33:6a:f5:fb:a3:
46:c4:33:9d:ce:de:2a:4e:80:be:bb:b7:90:59:28:c2:92:69:
28:3c:7c:20:45:34:4e:9d:70:82:25:b9:b7:b2:09:4c:ae:04:
80:5a:e3:5a:15:21:d1:5d:01:c8:03:5b:b0:dc:8c:12:74:cb:
29:4c:6f:bf:70:92:03:52:6b:78:43:c4:05:d3:73:cb:df:62:
96:e9:04:71:07:2c:0d:c6:1d:77:af:ff:f2:a3:59:c6:9d:07:
71:c7:e2:cb:9b:9c:a1:51:27:54:ad:3e:cb:49:3a:0f:49:d3:
71:d9:5a:b4:2a:3d:c5:29:d4:dc:c7:c4:5f:4c:62:e2:d2:b7:
52:0c:e7:43
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAY3AiLf17FC7+hjkROkn+rQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMjE5MDg0MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI0ODhlMjkwMTMxZmZiZGQ4YjkwZWY1NjI3ZGIwMzBjM2E0MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGJV49Uii3I/k7MsHjUXeDDCrmq4
l3Vfi78tWRFn1O/g3jQ7AY/8pX7/msix7MfJNhv6JJL+YdEjhrcVc6ClVpZD4Kgf
ZFmD+tf93M66fEcrSMHJj07DD/Pc+0Lj64ZsvJqTCxOfyJ83f/M8/SUaxl4J8hO1
puxYPSNygP2mw7BPffrE1Wm2HBFNfJkcRkq/xLGM2Yv4PkH/FYPsKjxz4AHC1Nal
d1EZ4Avvrg82XepPLpuOo0gfDV8wlprkNUVO1AHvRuVjscXYftF4mmPwmp+ly+6P
ryyZlHzRwDHmLi9YNPgz6xyvK40xLT1t6y5Bz079qDvk8ksgykwYZzeT9QIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFAq0iOKQEx/73YuQ71Yn2wMMOkL/MB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvQ3JTSTRwQVRIX3ZkaTVEdlZpZmJBd3c2UXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwQHJfsA
AwMAPoMDBAc++wADAwRNoAMDAVA8AwMCUcwDBAZSiMADAwJSqAMDA1RQAwQFVXHg
AwMEVlADAwBYnwMEB7yOAAMDAcPwAwQG1HuAAwQG1LaAAwMA1O4DAwDVCgMDANVU
AwQG1cUAMA0EAgACMAcDBQcqAqQAMA0GCSqGSIb3DQEBCwUAA4IBAQBH6idyc8iE
dDZ7h8zqIj85Kd2OvRaTls/PyadaXN4ci4VcuCK5bHsGA/zqKBV1mHEw7bidwG/K
fQPNb3ecOTEI+QDmJ7w9WgVP+QU2noygrVYAIIzxoO9OZJshE9/h3LZ+qeQKqiiW
mOyx+gRgc81IVvWSWf11Pn7iM2r1+6NGxDOdzt4qToC+u7eQWSjCkmkoPHwgRTRO
nXCCJbm3sglMrgSAWuNaFSHRXQHIA1uw3IwSdMspTG+/cJIDUmt4Q8QF03PL32KW
6QRxBywNxh13r//yo1nGnQdxx+LLm5yhUSdUrT7LSToPSdNx2Vq0Kj3FKdTcx8Rf
TGLi0rdSDOdD
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:12:52 2025 by rpki-client