Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa
File: GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa (raw, json)
Hash identifier: /igseHLxOwHgOLEegVByL2oYj/hZ6Lz42dpWGy4wrXQ=
Subject key identifier: 18:18:CB:1E:48:94:BB:76:4C:EE:41:41:D7:0A:3B:AD:2F:43:62:F7
Certificate issuer: /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial: 37D06834
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa
Signing time: Sat 01 Jan 2022 11:57:24 +0000
ROA not before: Sat 01 Jan 2022 11:57:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15542
IP address blocks: 217.102.240.0/20 maxlen: 24
213.34.224.0/19 maxlen: 24
212.115.192.0/19 maxlen: 24
185.200.96.0/22 maxlen: 24
82.176.0.0/16 maxlen: 24
212.92.64.0/19 maxlen: 24
217.63.64.0/19 maxlen: 24
62.238.0.0/16 maxlen: 24
2a02:f68::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 936405044 (0x37d06834)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Validity
Not Before: Jan 1 11:57:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1818cb1e4894bb764cee4141d70a3bad2f4362f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:5b:14:db:95:27:94:13:e9:af:15:88:ff:32:
98:df:d8:69:42:04:43:a1:83:ae:7b:34:6e:b6:ea:
2a:8d:13:65:a3:31:e5:ac:77:3c:3c:25:6b:cf:61:
b4:1a:c2:75:cc:73:86:50:e6:2c:f4:96:b9:83:e1:
15:e7:36:66:bc:4e:40:e4:e1:a7:c1:b4:06:c5:62:
0b:bf:27:46:dc:dc:1f:50:2b:a8:a2:2e:fb:fc:8d:
0e:2e:09:b0:78:19:d3:3a:d5:69:62:d3:2a:06:22:
ab:ca:89:c4:51:5c:f3:63:74:09:e7:77:1c:da:99:
03:c5:87:f5:10:e6:58:48:72:de:03:57:42:a6:c2:
de:af:9a:c0:66:be:6f:13:e8:dd:3d:7b:5f:4c:05:
a4:e0:f6:70:06:4a:b3:1c:bd:54:e1:f7:15:0e:89:
90:b1:1f:8a:67:a0:a1:d3:a0:eb:74:64:36:49:4e:
06:27:66:2e:45:05:15:01:45:92:d7:01:02:9a:4d:
35:6a:c4:3c:49:7b:b0:d8:4b:e9:61:4b:cf:fd:d9:
6d:f2:91:51:0c:7d:c0:6f:3f:dd:f2:75:1e:e7:54:
94:3a:2b:6d:7d:66:f3:36:18:82:da:c7:be:48:ce:
24:b6:ad:3d:19:7a:4b:78:a1:61:d3:a3:32:ae:22:
12:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:18:CB:1E:48:94:BB:76:4C:EE:41:41:D7:0A:3B:AD:2F:43:62:F7
X509v3 Authority Key Identifier:
keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.238.0.0/16
82.176.0.0/16
185.200.96.0/22
212.92.64.0/19
212.115.192.0/19
213.34.224.0/19
217.63.64.0/19
217.102.240.0/20
IPv6:
2a02:f68::/29
Signature Algorithm: sha256WithRSAEncryption
7d:8f:a2:ef:f3:42:41:fc:c9:2e:a0:b9:5d:13:8a:46:fa:b4:
9a:d7:40:c6:58:2e:00:73:c3:7b:c5:c9:00:31:cb:25:a1:5f:
42:bc:f4:77:ad:34:95:a6:42:b2:36:75:4b:d5:58:03:79:cd:
c8:d0:33:4c:4d:06:31:c8:e7:31:c4:cc:0e:87:ed:88:d5:bf:
0e:0a:c9:ef:a2:21:a6:e9:1a:65:1e:04:89:70:65:e4:8e:b3:
17:5f:d8:1a:79:d4:c8:bd:79:6c:b8:44:58:5e:76:f3:f8:14:
8e:e6:b8:bc:12:3f:b0:7d:30:5c:95:db:99:5d:4e:c0:55:5f:
37:6f:96:13:05:44:da:db:85:c2:5e:ff:c5:e8:1d:d9:28:1c:
84:8c:c7:e0:37:bc:f3:5f:5f:5f:f6:3c:ef:cf:4f:01:84:f3:
a2:98:b4:4b:11:7d:4d:af:a4:f1:75:f7:b0:56:d9:48:b3:07:
0e:19:bf:88:43:22:9d:57:29:ba:e6:ca:a3:7b:cb:5e:9b:0c:
77:46:44:a3:73:9e:63:b2:c6:75:f5:18:61:f0:17:a5:dc:41:
79:e8:50:b4:34:96:90:05:39:31:51:f2:f8:d3:d2:d8:8a:62:
bc:5d:23:36:15:88:9d:20:db:6d:3d:6e:e1:dd:19:d9:4e:67:
fd:d5:95:40
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIEN9BoNDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE0YTYwMWNhMzVjNmM4Mzc2Yjg5YWFmNDQzYjYzZWE0MzljZGI4MB4XDTIyMDEw
MTExNTcyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTgxOGNiMWU0ODk0
YmI3NjRjZWU0MTQxZDcwYTNiYWQyZjQzNjJmNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMpbFNuVJ5QT6a8ViP8ymN/YaUIEQ6GDrns0brbqKo0TZaMx
5ax3PDwla89htBrCdcxzhlDmLPSWuYPhFec2ZrxOQOThp8G0BsViC78nRtzcH1Ar
qKIu+/yNDi4JsHgZ0zrVaWLTKgYiq8qJxFFc82N0Ced3HNqZA8WH9RDmWEhy3gNX
QqbC3q+awGa+bxPo3T17X0wFpOD2cAZKsxy9VOH3FQ6JkLEfimegodOg63RkNklO
BidmLkUFFQFFktcBAppNNWrEPEl7sNhL6WFLz/3ZbfKRUQx9wG8/3fJ1HudUlDor
bX1m8zYYgtrHvkjOJLatPRl6S3ihYdOjMq4iEk0CAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBQYGMseSJS7dkzuQUHXCjutL0Ni9zAfBgNVHSMEGDAWgBSxpKYByjXGyDdr
iar0Q7Y+pDnNuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhU21BY28xeHNnM2E0bXE5RU8yUHFRNXpiZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8x
L0dCakxIa2lVdTNaTTdrRkIxd283clM5RFl2Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
ZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8xL3NhU21BY28xeHNn
M2E0bXE5RU8yUHFRNXpiZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwNAQCAAEwLgMDAD7uAwMAUrADBAK5yGADBAXUXEAD
BAXUc8ADBAXVIuADBAXZP0ADBATZZvAwDQQCAAIwBwMFAyoCD2gwDQYJKoZIhvcN
AQELBQADggEBAH2Pou/zQkH8yS6guV0Tikb6tJrXQMZYLgBzw3vFyQAxyyWhX0K8
9HetNJWmQrI2dUvVWAN5zcjQM0xNBjHI5zHEzA6H7YjVvw4Kye+iIabpGmUeBIlw
ZeSOsxdf2Bp51Mi9eWy4RFhedvP4FI7muLwSP7B9MFyV25ldTsBVXzdvlhMFRNrb
hcJe/8XoHdkoHISMx+A3vPNfX1/2PO/PTwGE86KYtEsRfU2vpPF197BW2UizBw4Z
v4hDIp1XKbrmyqN7y16bDHdGRKNznmOyxnX1GGHwF6XcQXnoULQ0lpAFOTFR8vjT
0tiKYrxdIzYViJ0g2209buHdGdlOZ/3VlUA=
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:34:27 2025 by rpki-client