Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/k3NR-yWr60Y1kx20Xlt1qGyGel8.roa
File: k3NR-yWr60Y1kx20Xlt1qGyGel8.roa (raw, json)
Hash identifier: 4VVTP+N8P1AoG47Y55Cz1Lh/fjDAUoHsK6MFdIiTA0w=
Subject key identifier: 93:73:51:FB:25:AB:EB:46:35:93:1D:B4:5E:5B:75:A8:6C:86:7A:5F
Certificate issuer: /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial: 01922319D62A2F734A5E185278A02F25EBFF
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/k3NR-yWr60Y1kx20Xlt1qGyGel8.roa
Signing time: Tue 24 Sep 2024 08:15:48 +0000
ROA not before: Tue 24 Sep 2024 08:15:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15542
IP address blocks: 62.238.0.0/16 maxlen: 24
185.200.96.0/22 maxlen: 24
212.92.64.0/19 maxlen: 24
212.115.192.0/19 maxlen: 24
213.34.224.0/19 maxlen: 24
217.63.64.0/19 maxlen: 24
217.102.240.0/20 maxlen: 24
2a02:f68::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:23:19:d6:2a:2f:73:4a:5e:18:52:78:a0:2f:25:eb:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Validity
Not Before: Sep 24 08:15:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=937351fb25abeb4635931db45e5b75a86c867a5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d5:60:09:e5:cf:39:95:ba:78:e6:08:7a:b2:
09:6f:ca:5d:8b:bf:31:5d:1b:0c:79:d6:93:b0:7f:
d6:c2:13:16:e2:37:ca:aa:36:00:94:41:5c:20:c7:
b7:c8:ae:17:29:72:38:a1:d7:53:d3:b9:69:6e:c7:
56:96:ca:e0:56:53:7e:da:ac:9d:58:8a:39:7f:24:
ff:60:b4:4b:ff:00:d3:f3:d1:81:a7:30:03:0c:15:
8b:60:d1:46:fe:0d:69:36:cc:50:2b:41:68:a2:4b:
fb:d8:1d:1c:e2:d1:de:15:2a:2e:e2:9c:e9:b3:d4:
54:f1:9e:ed:39:c5:2c:21:f8:2c:69:4d:88:42:3e:
77:86:e9:53:f4:8e:47:4f:0e:d2:e0:11:96:ac:b3:
44:7b:52:5e:36:95:e7:12:1d:1a:7a:9c:11:25:33:
1e:04:fa:6f:f0:8b:d8:8d:63:fc:d0:61:7f:fd:7a:
fe:8c:cd:f1:3f:61:a9:bb:8a:8c:33:aa:98:1a:ba:
ae:b6:b1:f7:39:85:09:f3:ff:e0:06:85:26:4f:60:
5a:6e:f4:bc:1e:f3:03:9f:ce:63:13:39:1d:8e:1f:
e2:29:f5:bf:48:57:44:5f:8a:f9:19:56:d6:57:ec:
82:00:5f:35:58:4e:22:ac:d2:81:14:2f:42:e5:da:
d8:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:73:51:FB:25:AB:EB:46:35:93:1D:B4:5E:5B:75:A8:6C:86:7A:5F
X509v3 Authority Key Identifier:
keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/k3NR-yWr60Y1kx20Xlt1qGyGel8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.238.0.0/16
185.200.96.0/22
212.92.64.0/19
212.115.192.0/19
213.34.224.0/19
217.63.64.0/19
217.102.240.0/20
IPv6:
2a02:f68::/29
Signature Algorithm: sha256WithRSAEncryption
9c:1c:ff:b8:9f:ae:6e:0c:58:5a:b1:4b:08:41:f5:eb:35:3d:
61:6d:ed:bb:de:08:62:21:e1:ca:58:13:db:89:5d:c3:0e:4f:
23:9b:50:15:a5:9a:b3:53:90:bb:8a:07:5c:34:8e:3e:88:73:
71:37:d6:58:eb:5c:96:db:e2:d5:89:0a:e4:7f:06:9b:98:99:
f3:7c:33:52:1e:a9:3d:b8:b9:42:8c:0d:f7:a6:3e:55:c3:10:
e5:37:6c:ec:8f:59:6e:7e:3f:14:37:c2:f4:6d:5d:91:09:00:
6f:12:ec:1e:e0:66:53:9a:14:65:b8:21:de:84:80:d1:4e:ce:
e9:7a:d0:84:c8:26:28:cf:d2:45:3e:d1:51:f1:a7:ae:f8:d8:
ad:cb:2f:17:8d:be:1c:f4:e0:f3:b4:62:43:85:f0:7c:82:ab:
35:d2:72:8f:3c:b2:2b:bc:68:17:ce:aa:ab:74:3d:cf:74:8e:
34:b8:1b:68:79:59:08:29:7e:2a:84:b6:f8:b7:aa:68:a1:59:
8c:4d:c8:ce:04:a5:f9:43:33:30:49:49:0a:82:2a:46:b6:2a:
0c:09:af:47:a5:25:92:ae:70:9a:60:65:87:bb:f2:ba:e8:07:
bf:8b:f5:4c:25:c0:78:10:2e:2b:ba:e3:17:f3:c3:cd:23:8d:
e2:2c:b1:20
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZIjGdYqL3NKXhhSeKAvJev/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjQwOTI0MDgxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzczNTFmYjI1YWJlYjQ2MzU5MzFkYjQ1ZTViNzVhODZjODY3YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudVgCeXPOZW6eOYIerIJb8pdi78x
XRsMedaTsH/WwhMW4jfKqjYAlEFcIMe3yK4XKXI4oddT07lpbsdWlsrgVlN+2qyd
WIo5fyT/YLRL/wDT89GBpzADDBWLYNFG/g1pNsxQK0Fookv72B0c4tHeFSou4pzp
s9RU8Z7tOcUsIfgsaU2IQj53hulT9I5HTw7S4BGWrLNEe1JeNpXnEh0aepwRJTMe
BPpv8IvYjWP80GF//Xr+jM3xP2Gpu4qMM6qYGrqutrH3OYUJ8//gBoUmT2BabvS8
HvMDn85jEzkdjh/iKfW/SFdEX4r5GVbWV+yCAF81WE4irNKBFC9C5drYcwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJNzUfslq+tGNZMdtF5bdahshnpfMB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvazNOUi15V3I2MFkxa3gyMFhsdDFxR3lHZWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwMAPu4DBAK5
yGADBAXUXEADBAXUc8ADBAXVIuADBAXZP0ADBATZZvAwDQQCAAIwBwMFAyoCD2gw
DQYJKoZIhvcNAQELBQADggEBAJwc/7ifrm4MWFqxSwhB9es1PWFt7bveCGIh4cpY
E9uJXcMOTyObUBWlmrNTkLuKB1w0jj6Ic3E31ljrXJbb4tWJCuR/BpuYmfN8M1Ie
qT24uUKMDfemPlXDEOU3bOyPWW5+PxQ3wvRtXZEJAG8S7B7gZlOaFGW4Id6EgNFO
zul60ITIJijP0kU+0VHxp6742K3LLxeNvhz04PO0YkOF8HyCqzXSco88siu8aBfO
qqt0Pc90jjS4G2h5WQgpfiqEtvi3qmihWYxNyM4EpflDMzBJSQqCKka2KgwJr0el
JZKucJpgZYe78rroB7+L9UwlwHgQLiu64xfzw80jjeIssSA=
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:01:15 2025 by rpki-client