Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/XBePezzJWgZNea9OF0wZFpVf1aA.roa
File: XBePezzJWgZNea9OF0wZFpVf1aA.roa (raw, json)
Hash identifier: 5ukoYhzIYY6mv0N0lizsptjVhzABEkszyKzcdGjwSdQ=
Subject key identifier: 5C:17:8F:7B:3C:C9:5A:06:4D:79:AF:4E:17:4C:19:16:95:5F:D5:A0
Certificate issuer: /CN=c67e2a46e34f491433c8b62f319b902bddfde831
Certificate serial: 0191747752A2C0819DAFC38BFDCDFD1B3283
Authority key identifier: C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/XBePezzJWgZNea9OF0wZFpVf1aA.roa
Signing time: Wed 21 Aug 2024 10:24:22 +0000
ROA not before: Wed 21 Aug 2024 10:24:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3920
IP address blocks: 37.49.227.0/24 maxlen: 24
37.49.228.0/24 maxlen: 24
185.209.15.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:74:77:52:a2:c0:81:9d:af:c3:8b:fd:cd:fd:1b:32:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c67e2a46e34f491433c8b62f319b902bddfde831
Validity
Not Before: Aug 21 10:24:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c178f7b3cc95a064d79af4e174c1916955fd5a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:40:eb:9d:14:2d:9f:d2:14:5d:06:09:84:7c:
ba:5b:13:9a:88:97:d5:bc:91:f0:60:42:10:79:34:
e7:85:b4:79:b4:8d:4d:f8:d3:1b:11:51:46:ec:6d:
37:f9:64:83:31:6a:c0:b8:17:f9:81:25:9f:21:47:
ea:ce:97:95:af:29:82:4c:93:cb:ce:0c:aa:64:d1:
27:c5:6d:9f:30:9a:12:c5:86:0f:ac:f4:89:de:24:
9c:a6:c0:93:34:94:d3:62:d2:dd:1e:fb:c9:8e:0d:
ad:11:d2:87:09:91:00:01:28:6d:b2:87:e7:95:59:
0d:5f:0b:d7:5e:4f:e7:cc:58:d1:7e:8b:ec:34:dd:
c7:ce:1e:b5:32:5f:77:51:45:70:b3:72:2b:be:a8:
5d:41:9a:0b:ca:f9:b6:21:d0:87:27:c8:7e:53:4e:
07:20:47:fa:5f:42:a0:36:31:ab:cd:ce:ee:5d:76:
6c:af:d2:30:a7:88:48:2f:37:dd:d1:30:c5:c1:a8:
12:37:5b:d0:6a:c9:29:fc:c7:20:c2:48:f9:cf:01:
9d:86:5e:c9:2c:53:f0:e4:38:6d:5a:46:b1:77:50:
b0:c2:b5:81:04:0d:46:83:ac:48:2c:c1:15:a6:d7:
9e:3f:36:6d:b0:34:bc:f7:2f:ed:7a:b2:cb:d5:db:
1e:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:17:8F:7B:3C:C9:5A:06:4D:79:AF:4E:17:4C:19:16:95:5F:D5:A0
X509v3 Authority Key Identifier:
keyid:C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/XBePezzJWgZNea9OF0wZFpVf1aA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.227.0-37.49.228.255
185.209.15.0/24
Signature Algorithm: sha256WithRSAEncryption
61:39:69:c6:fa:88:20:e5:88:17:07:96:a0:f4:3e:3e:aa:c8:
db:8e:21:66:13:fb:78:ad:b7:c5:74:85:6b:aa:b6:be:21:e6:
22:2e:6c:04:17:36:e4:ac:54:50:73:59:c9:d7:24:0a:bc:26:
09:75:ac:88:5a:94:45:a5:ac:1c:ee:1a:50:21:65:e0:cf:e2:
6d:e1:99:9d:ce:d9:a8:e5:2a:c3:c2:21:0a:30:d3:63:42:f1:
8f:3b:f5:a7:db:37:2b:f5:a4:9d:62:fb:32:ee:d2:b6:98:e7:
a0:57:4e:cb:f3:45:fb:f3:ff:36:70:de:94:ca:7d:de:41:bd:
f2:35:a3:42:8d:b5:3d:e3:c1:08:b1:50:84:d5:95:6d:f1:75:
ba:98:05:44:ce:cc:bd:19:ef:3c:df:9b:0d:c4:dc:8b:c2:9c:
05:a4:0b:12:76:d2:09:4b:e7:80:de:bf:1b:d2:84:fc:b0:7d:
87:67:a9:d9:06:6d:be:65:61:82:d7:28:f4:f9:2e:37:e1:6f:
33:ac:eb:9e:08:76:0d:29:c0:4b:24:d8:f8:9d:22:0a:0b:28:
2f:3a:71:88:a7:5a:ab:b9:3a:7d:59:9d:85:81:f1:64:29:f5:
a9:23:a7:22:da:b3:5d:30:a1:a0:27:b2:2d:57:35:fe:94:ae:
23:e1:fe:a1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZF0d1KiwIGdr8OL/c39GzKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2N2UyYTQ2ZTM0ZjQ5MTQzM2M4YjYyZjMxOWI5MDJiZGRm
ZGU4MzEwHhcNMjQwODIxMTAyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE3OGY3YjNjYzk1YTA2NGQ3OWFmNGUxNzRjMTkxNjk1NWZkNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0DrnRQtn9IUXQYJhHy6WxOaiJfV
vJHwYEIQeTTnhbR5tI1N+NMbEVFG7G03+WSDMWrAuBf5gSWfIUfqzpeVrymCTJPL
zgyqZNEnxW2fMJoSxYYPrPSJ3iScpsCTNJTTYtLdHvvJjg2tEdKHCZEAAShtsofn
lVkNXwvXXk/nzFjRfovsNN3Hzh61Ml93UUVws3IrvqhdQZoLyvm2IdCHJ8h+U04H
IEf6X0KgNjGrzc7uXXZsr9Iwp4hILzfd0TDFwagSN1vQaskp/Mcgwkj5zwGdhl7J
LFPw5DhtWkaxd1CwwrWBBA1Gg6xILMEVpteePzZtsDS89y/terLL1dse2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFwXj3s8yVoGTXmvThdMGRaVX9WgMB8GA1UdIwQY
MBaAFMZ+KkbjT0kUM8i2LzGbkCvd/egxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQt
MDY2ODY2ZjJkZWQwLzEvWEJlUGV6ekpXZ1pOZWE5T0Ywd1pGcFZmMWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQtMDY2ODY2ZjJkZWQw
LzEveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAlMeMD
BAAlMeQDBAC50Q8wDQYJKoZIhvcNAQELBQADggEBAGE5acb6iCDliBcHlqD0Pj6q
yNuOIWYT+3itt8V0hWuqtr4h5iIubAQXNuSsVFBzWcnXJAq8Jgl1rIhalEWlrBzu
GlAhZeDP4m3hmZ3O2ajlKsPCIQow02NC8Y879afbNyv1pJ1i+zLu0raY56BXTsvz
Rfvz/zZw3pTKfd5BvfI1o0KNtT3jwQixUITVlW3xdbqYBUTOzL0Z7zzfmw3E3IvC
nAWkCxJ20glL54DevxvShPywfYdnqdkGbb5lYYLXKPT5LjfhbzOs654Idg0pwEsk
2PidIgoLKC86cYinWqu5On1ZnYWB8WQp9akjpyLas10woaAnsi1XNf6UriPh/qE=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:37 2025 by rpki-client