Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/v1D0lfq45NRZqbphU-Jodptt8z4.roa
File: v1D0lfq45NRZqbphU-Jodptt8z4.roa (raw, json)
Hash identifier: SgADxgmVAmp8z8FpbMP0rdUGjgWG+RfD/xBdIBR4tK0=
Subject key identifier: BF:50:F4:95:FA:B8:E4:D4:59:A9:BA:61:53:E2:68:76:9B:6D:F3:3E
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 018433397939BE44EB61BF34C33D3C0C8A7A
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/v1D0lfq45NRZqbphU-Jodptt8z4.roa
Signing time: Tue 01 Nov 2022 12:45:15 +0000
ROA not before: Tue 01 Nov 2022 12:45:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12975
IP address blocks: 199.204.215.0/24 maxlen: 24
94.26.112.0/20 maxlen: 20
217.66.224.0/19 maxlen: 24
82.205.0.0/17 maxlen: 21
82.205.0.0/20 maxlen: 20
217.66.233.0/24 maxlen: 24
217.66.237.0/24 maxlen: 24
217.66.234.0/23 maxlen: 23
86.107.16.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
82.205.96.0/20 maxlen: 20
82.205.104.0/21 maxlen: 21
89.239.32.0/20 maxlen: 20
82.205.16.0/20 maxlen: 20
217.66.240.0/20 maxlen: 20
82.205.27.0/24 maxlen: 24
85.184.240.0/22 maxlen: 22
212.33.96.0/19 maxlen: 20
185.171.132.0/22 maxlen: 22
82.102.240.0/20 maxlen: 20
82.102.192.0/20 maxlen: 20
82.102.192.0/18 maxlen: 24
82.102.208.0/21 maxlen: 21
82.102.218.0/23 maxlen: 23
82.102.224.0/20 maxlen: 20
82.102.220.0/22 maxlen: 22
212.106.64.0/19 maxlen: 20
85.113.96.0/19 maxlen: 20
176.65.12.0/22 maxlen: 22
194.169.123.0/24 maxlen: 24
194.169.122.0/23 maxlen: 23
194.169.122.0/24 maxlen: 24
147.189.176.0/20 maxlen: 20
194.169.121.0/24 maxlen: 24
199.250.128.0/19 maxlen: 21
217.21.14.0/23 maxlen: 23
217.21.12.0/23 maxlen: 23
188.209.208.0/22 maxlen: 22
37.8.0.0/17 maxlen: 20
37.8.0.0/20 maxlen: 20
37.8.16.0/20 maxlen: 20
37.8.32.0/20 maxlen: 20
37.8.48.0/20 maxlen: 20
109.232.163.0/24 maxlen: 24
109.232.162.0/24 maxlen: 24
109.232.162.0/23 maxlen: 23
185.40.192.0/22 maxlen: 22
185.138.132.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
82.205.120.0/21 maxlen: 21
217.78.48.0/21 maxlen: 21
217.78.48.0/20 maxlen: 20
217.78.60.0/22 maxlen: 22
217.21.4.0/24 maxlen: 24
217.21.3.0/24 maxlen: 24
217.21.2.0/24 maxlen: 24
217.21.0.0/20 maxlen: 20
217.21.10.0/23 maxlen: 23
217.21.8.0/23 maxlen: 23
217.21.6.0/23 maxlen: 23
217.21.5.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:33:39:79:39:be:44:eb:61:bf:34:c3:3d:3c:0c:8a:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: Nov 1 12:45:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bf50f495fab8e4d459a9ba6153e268769b6df33e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:db:7c:d9:1e:a4:52:71:bf:b2:a8:02:17:46:
4a:0d:92:e0:66:43:6c:ff:30:05:03:dd:28:11:f0:
74:c9:82:29:b2:7f:5c:e9:e6:5c:70:31:19:5c:3e:
e9:ec:1f:10:e8:6d:31:77:da:99:ea:12:ac:b4:17:
96:2d:a3:6e:c0:13:fb:fb:8f:e1:74:b8:83:de:84:
60:ca:3d:ba:02:7b:46:b1:17:f6:d8:8d:de:3c:01:
ad:2a:b0:35:30:7e:3f:97:8a:c7:be:d3:1d:fe:2b:
7a:af:c8:eb:0b:16:e3:43:5a:e6:f8:27:58:e0:bd:
39:c0:96:90:c1:d9:dc:2e:e1:8a:70:48:4c:ae:9b:
23:18:5a:55:eb:61:3e:b7:fa:19:0e:f0:ea:f8:7e:
a5:8c:39:a1:72:c6:73:54:47:af:d6:2c:55:23:b5:
9c:bf:37:8a:cf:a0:b4:9a:3e:5b:26:87:bd:d3:de:
e0:13:9f:92:f6:ea:32:83:a3:40:d7:d6:a9:04:47:
cb:e5:c3:d1:1b:73:64:66:90:e6:b2:d0:52:f8:0a:
11:35:08:52:df:3d:99:83:b3:5a:e5:db:fd:86:97:
0b:ab:3c:44:7a:89:68:a3:ce:38:f8:64:24:76:bb:
bf:de:15:7d:20:32:c4:70:67:52:ab:f6:f8:3f:d0:
de:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:50:F4:95:FA:B8:E4:D4:59:A9:BA:61:53:E2:68:76:9B:6D:F3:3E
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/v1D0lfq45NRZqbphU-Jodptt8z4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
85.184.240.0/22
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
109.232.162.0/23
147.189.176.0/20
176.65.12.0/22
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.121.0-194.169.123.255
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.224.0/19
217.78.48.0/20
Signature Algorithm: sha256WithRSAEncryption
5d:1d:7d:6f:5a:23:9f:58:bc:bc:62:20:e4:50:25:fa:78:e3:
a6:81:e2:d1:c7:39:5c:83:57:92:0a:9d:64:55:ac:43:bb:69:
b7:24:b0:86:1b:ff:1b:02:4f:ee:6c:d8:d0:52:93:a2:5a:eb:
77:89:8a:0f:ca:d9:ca:70:24:c2:b0:c3:e6:eb:0e:38:91:57:
66:53:72:16:52:8e:2a:7f:3b:17:0a:9f:80:82:a0:8b:bf:61:
f2:60:7f:a3:56:75:9a:b1:24:fd:15:f8:f2:0a:01:8d:2d:10:
f5:28:e1:76:43:20:2a:0a:ac:d5:fb:83:82:38:ce:62:30:19:
2c:8c:85:d9:fc:22:0c:50:f9:bd:9d:b5:ba:42:bf:6a:90:f2:
d9:97:ab:b9:6c:4c:b5:dc:75:38:28:45:38:9b:3f:b7:d6:06:
39:cf:73:87:ec:a3:09:4b:81:cc:b9:ad:51:fe:99:34:53:01:
0e:25:52:ad:49:11:07:62:d3:77:c2:46:e3:84:b1:ae:27:25:
81:79:57:84:20:f2:a8:da:85:f9:41:fe:b2:f4:fb:10:fb:39:
f4:74:8f:50:83:a4:45:4a:be:6b:d7:24:74:6d:8f:c9:f6:39:
bc:6d:5e:40:80:74:25:67:17:42:a1:26:22:f2:38:70:f2:c7:
92:43:83:5d
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYQzOXk5vkTrYb80wz08DIp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjIxMTAxMTI0NTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjUwZjQ5NWZhYjhlNGQ0NTlhOWJhNjE1M2UyNjg3NjliNmRmMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtt82R6kUnG/sqgCF0ZKDZLgZkNs
/zAFA90oEfB0yYIpsn9c6eZccDEZXD7p7B8Q6G0xd9qZ6hKstBeWLaNuwBP7+4/h
dLiD3oRgyj26AntGsRf22I3ePAGtKrA1MH4/l4rHvtMd/it6r8jrCxbjQ1rm+CdY
4L05wJaQwdncLuGKcEhMrpsjGFpV62E+t/oZDvDq+H6ljDmhcsZzVEev1ixVI7Wc
vzeKz6C0mj5bJoe9097gE5+S9uoyg6NA19apBEfL5cPRG3NkZpDmstBS+AoRNQhS
3z2Zg7Na5dv9hpcLqzxEeoloo844+GQkdru/3hV9IDLEcGdSq/b4P9DeaQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFL9Q9JX6uOTUWam6YVPiaHabbfM+MB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvdjFEMGxmcTQ1TlJacWJwaFUtSm9kcHR0OHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJVuPADBAJWaxADBAJX/GwDBARZ7yADBARe
GnADBAFt6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK8
0dADBAK812QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAME
BNkVAAMEBdlC4AMEBNlOMDANBgkqhkiG9w0BAQsFAAOCAQEAXR19b1ojn1i8vGIg
5FAl+njjpoHi0cc5XINXkgqdZFWsQ7tptySwhhv/GwJP7mzY0FKTolrrd4mKD8rZ
ynAkwrDD5usOOJFXZlNyFlKOKn87FwqfgIKgi79h8mB/o1Z1mrEk/RX48goBjS0Q
9SjhdkMgKgqs1fuDgjjOYjAZLIyF2fwiDFD5vZ21ukK/apDy2ZeruWxMtdx1OChF
OJs/t9YGOc9zh+yjCUuBzLmtUf6ZNFMBDiVSrUkRB2LTd8JG44SxriclgXlXhCDy
qNqF+UH+svT7EPs59HSPUIOkRUq+a9ckdG2PyfY5vG1eQIB0JWcXQqEmIvI4cPLH
kkODXQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:40:24 2025 by rpki-client