Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vkXmdhsOXfPeEaDurJ7uDsH3FbE.roa
File: vkXmdhsOXfPeEaDurJ7uDsH3FbE.roa (raw, json)
Hash identifier: 1uNMYjBvSdl6l1K7U2gZxziPapcbRuaFiN4B9SZsNIc=
Subject key identifier: BE:45:E6:76:1B:0E:5D:F3:DE:11:A0:EE:AC:9E:EE:0E:C1:F7:15:B1
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 018432C87A8B1A6B1552F283E79F8A350B37
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vkXmdhsOXfPeEaDurJ7uDsH3FbE.roa
Signing time: Tue 01 Nov 2022 10:41:49 +0000
ROA not before: Tue 01 Nov 2022 10:41:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 19905
IP address blocks: 147.189.176.0/20 maxlen: 20
194.169.122.0/23 maxlen: 23
194.169.121.0/24 maxlen: 24
194.169.122.0/24 maxlen: 24
194.169.123.0/24 maxlen: 24
176.65.12.0/22 maxlen: 22
199.204.215.0/24 maxlen: 24
94.26.112.0/20 maxlen: 20
217.66.224.0/19 maxlen: 19
82.205.0.0/17 maxlen: 17
199.250.128.0/19 maxlen: 19
86.107.16.0/22 maxlen: 22
188.209.208.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
89.239.32.0/20 maxlen: 20
37.8.0.0/17 maxlen: 17
85.184.240.0/22 maxlen: 22
212.33.96.0/19 maxlen: 19
185.171.132.0/22 maxlen: 22
109.232.162.0/23 maxlen: 23
185.40.192.0/22 maxlen: 22
185.138.132.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
82.102.192.0/18 maxlen: 18
212.106.64.0/19 maxlen: 19
217.78.48.0/21 maxlen: 21
217.78.48.0/20 maxlen: 20
217.78.60.0/22 maxlen: 22
217.21.0.0/20 maxlen: 20
85.113.96.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:32:c8:7a:8b:1a:6b:15:52:f2:83:e7:9f:8a:35:0b:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: Nov 1 10:41:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=be45e6761b0e5df3de11a0eeac9eee0ec1f715b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:0d:df:89:1d:de:dd:99:f3:57:1f:ce:d0:94:
5d:b0:f7:c6:f5:73:6c:c3:79:a7:59:46:ff:69:64:
87:d7:54:07:8e:3d:30:88:88:37:f0:8a:4f:9b:2c:
bd:cb:7a:81:72:8d:e4:c2:f6:af:47:4b:6b:b9:eb:
93:7a:3b:ba:15:64:03:c9:76:74:46:47:ec:ab:51:
26:f4:60:4d:e4:a3:bb:17:55:92:09:75:f4:d4:74:
5c:a6:8e:e6:de:28:fa:64:13:ab:f2:37:6c:cf:50:
b6:a3:28:c0:75:21:97:87:cb:19:d3:c0:a2:ad:ec:
14:8b:c5:71:33:28:8b:9f:86:17:a9:bc:10:3b:94:
26:12:fd:9d:b1:e7:f0:2d:63:fe:19:e5:22:ab:b5:
7d:55:0d:e1:38:48:3a:4e:bd:2b:a6:ac:de:bf:be:
04:75:e1:9d:64:03:00:c7:38:4d:51:fe:30:b9:fb:
d9:ef:9e:f1:ac:9f:45:7c:fc:0a:6a:4b:3c:50:b4:
f8:96:0c:ce:b5:e2:ff:ca:3b:c4:12:6d:b6:9a:79:
89:1f:e8:6e:28:2e:40:6a:8f:42:be:6a:a9:fe:50:
cb:ae:d3:4a:9f:fe:62:cd:cc:57:48:f5:33:57:76:
97:0c:3c:36:44:94:4f:89:a5:f3:45:6c:c8:e9:6e:
e2:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:45:E6:76:1B:0E:5D:F3:DE:11:A0:EE:AC:9E:EE:0E:C1:F7:15:B1
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vkXmdhsOXfPeEaDurJ7uDsH3FbE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
85.184.240.0/22
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
109.232.162.0/23
147.189.176.0/20
176.65.12.0/22
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.121.0-194.169.123.255
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.224.0/19
217.78.48.0/20
Signature Algorithm: sha256WithRSAEncryption
74:e8:e0:ec:7b:a8:8c:11:23:ff:b8:82:d6:8c:b1:e3:37:d9:
94:84:47:86:11:d1:89:0a:ef:91:10:fc:d5:d1:78:cf:f5:74:
6f:1b:8c:5c:3a:13:7f:93:de:e5:43:25:7e:59:08:68:57:59:
9b:81:45:ed:ae:d9:5f:0b:bb:47:94:75:58:d4:ea:74:27:79:
82:74:72:6c:11:aa:85:52:0c:8f:c7:c9:ec:45:29:4c:92:57:
12:59:b6:e6:67:2f:84:fc:0f:97:d8:84:d2:99:a6:1c:ea:74:
db:24:d5:c4:d4:eb:1e:92:f8:eb:2b:6d:6d:9b:20:e0:52:c1:
55:a5:9a:72:01:94:bc:b7:dd:8c:e9:bd:05:fb:35:2b:0c:dd:
40:83:a1:fb:55:4c:09:2c:9b:c7:11:88:68:9c:60:57:0e:46:
d5:53:39:d4:f8:72:1e:df:e2:20:84:d0:9c:b7:c6:7d:68:17:
ac:23:8c:5d:a7:5c:4a:a8:91:f9:2a:78:88:9e:d7:26:4e:3f:
71:fd:22:c6:23:a7:16:6b:4e:53:75:a8:ea:6c:13:33:7d:a4:
6f:aa:0f:a3:3f:de:bd:5a:31:04:ae:14:63:ee:d9:32:6e:cd:
9f:ff:02:3e:2b:9b:12:05:60:ad:c9:46:55:88:e8:63:b4:6e:
5f:f6:6e:5b
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYQyyHqLGmsVUvKD55+KNQs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjIxMTAxMTA0MTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ1ZTY3NjFiMGU1ZGYzZGUxMWEwZWVhYzllZWUwZWMxZjcxNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ3fiR3e3ZnzVx/O0JRdsPfG9XNs
w3mnWUb/aWSH11QHjj0wiIg38IpPmyy9y3qBco3kwvavR0trueuTeju6FWQDyXZ0
Rkfsq1Em9GBN5KO7F1WSCXX01HRcpo7m3ij6ZBOr8jdsz1C2oyjAdSGXh8sZ08Ci
rewUi8VxMyiLn4YXqbwQO5QmEv2dsefwLWP+GeUiq7V9VQ3hOEg6Tr0rpqzev74E
deGdZAMAxzhNUf4wufvZ757xrJ9FfPwKaks8ULT4lgzOteL/yjvEEm22mnmJH+hu
KC5Aao9Cvmqp/lDLrtNKn/5izcxXSPUzV3aXDDw2RJRPiaXzRWzI6W7iPwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFL5F5nYbDl3z3hGg7qye7g7B9xWxMB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvdmtYbWRoc09YZlBlRWFEdXJKN3VEc0gzRmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJVuPADBAJWaxADBAJX/GwDBARZ7yADBARe
GnADBAFt6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK8
0dADBAK812QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAME
BNkVAAMEBdlC4AMEBNlOMDANBgkqhkiG9w0BAQsFAAOCAQEAdOjg7HuojBEj/7iC
1oyx4zfZlIRHhhHRiQrvkRD81dF4z/V0bxuMXDoTf5Pe5UMlflkIaFdZm4FF7a7Z
Xwu7R5R1WNTqdCd5gnRybBGqhVIMj8fJ7EUpTJJXElm25mcvhPwPl9iE0pmmHOp0
2yTVxNTrHpL46yttbZsg4FLBVaWacgGUvLfdjOm9Bfs1KwzdQIOh+1VMCSybxxGI
aJxgVw5G1VM51PhyHt/iIITQnLfGfWgXrCOMXadcSqiR+Sp4iJ7XJk4/cf0ixiOn
FmtOU3Wo6mwTM32kb6oPoz/evVoxBK4UY+7ZMm7Nn/8CPiubEgVgrclGVYjoY7Ru
X/ZuWw==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:27:01 2025 by rpki-client