Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/AewKZx00FFcB17Pn01z7Lfl8p5o.roa
File: AewKZx00FFcB17Pn01z7Lfl8p5o.roa (raw, json)
Hash identifier: affBWnfeufw0zNCfcfRNXd4pGJywRofwHIYzEDysmsc=
Subject key identifier: 01:EC:0A:67:1D:34:14:57:01:D7:B3:E7:D3:5C:FB:2D:F9:7C:A7:9A
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 373EAD3D
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/AewKZx00FFcB17Pn01z7Lfl8p5o.roa
Signing time: Sat 01 Jan 2022 05:59:17 +0000
ROA not before: Sat 01 Jan 2022 05:59:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12541
IP address blocks: 212.80.160.0/19 maxlen: 24
213.9.128.0/17 maxlen: 24
212.49.128.0/18 maxlen: 24
213.192.192.0/18 maxlen: 24
92.60.160.0/20 maxlen: 24
213.170.32.0/19 maxlen: 24
212.163.0.0/16 maxlen: 24
212.66.160.0/19 maxlen: 24
185.123.120.0/22 maxlen: 24
185.66.60.0/22 maxlen: 24
2001:ac0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 926854461 (0x373ead3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 1 05:59:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=01ec0a671d34145701d7b3e7d35cfb2df97ca79a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:a3:c8:bf:17:20:30:5b:88:f4:19:85:fd:15:
98:7f:d4:2c:d2:23:88:0a:68:04:6f:39:a9:fd:ab:
d8:28:ba:2c:56:d8:9d:8f:e0:3e:fc:00:00:5a:d7:
4d:19:c9:b0:7e:74:c8:cb:bb:be:cb:a4:e7:c2:26:
cc:51:e2:10:ad:7d:87:95:10:aa:71:c8:f0:f8:79:
17:44:22:2e:48:73:0e:36:f5:72:d5:02:ad:e1:b6:
d2:d4:41:80:77:13:82:c6:cc:68:26:a6:3d:36:7b:
5b:13:0c:19:c5:cc:9d:4b:e6:b2:d9:b6:4a:2d:a2:
f6:64:c5:7c:67:78:fa:3b:99:fe:2e:48:50:e4:0f:
2b:bd:a7:00:b9:57:c6:da:d5:54:6d:0e:b0:7e:29:
25:e2:67:cd:7d:7f:8d:2f:b0:8b:1f:3c:e7:dc:75:
49:50:c0:a2:04:ca:8f:86:85:f0:01:b4:26:9c:f7:
ec:e0:4d:81:cd:4c:0a:1e:de:de:84:f1:a3:12:53:
a6:e3:44:77:83:95:3d:30:cf:56:0d:cd:84:60:f7:
14:04:b0:12:50:41:a4:cc:1b:7d:07:af:12:b2:2c:
3a:84:e9:50:f8:78:c3:be:4d:ac:bc:ae:2c:13:28:
6d:37:cd:15:53:c1:21:8b:f5:06:17:67:61:5d:44:
ff:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:EC:0A:67:1D:34:14:57:01:D7:B3:E7:D3:5C:FB:2D:F9:7C:A7:9A
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/AewKZx00FFcB17Pn01z7Lfl8p5o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.60.160.0/20
185.66.60.0/22
185.123.120.0/22
212.49.128.0/18
212.66.160.0/19
212.80.160.0/19
212.163.0.0/16
213.9.128.0/17
213.170.32.0/19
213.192.192.0/18
IPv6:
2001:ac0::/29
Signature Algorithm: sha256WithRSAEncryption
0c:ef:a5:95:96:a5:4e:f9:a4:6d:f7:b1:df:e5:39:f8:9f:b4:
f1:27:21:69:3f:00:fe:49:1c:fa:9a:9c:46:96:07:84:27:98:
ee:5d:12:6d:70:2f:99:c2:fb:42:bf:25:e9:9d:62:57:3f:c9:
13:f1:cc:f6:f7:1e:d3:bf:5e:f2:7c:9b:80:f0:fd:3a:b6:d8:
bc:f1:6e:08:4a:42:43:9a:21:ea:bb:0d:ee:29:1c:57:3b:05:
eb:b4:ef:7a:9b:52:3a:56:30:93:c7:cd:61:7a:c4:fc:f7:27:
e6:17:d9:57:53:e6:5d:96:92:f1:cc:87:53:76:a5:4d:c3:47:
11:62:13:74:82:09:97:50:04:fc:b3:e6:9c:c0:7b:55:76:06:
69:f5:70:54:d6:f4:a1:ac:2d:0f:d0:78:c7:e2:61:fb:73:68:
9d:ca:46:78:4a:e5:04:35:3d:1d:d7:0d:03:f0:4c:9d:ae:b2:
15:70:fc:9f:76:9a:27:49:22:f8:8b:b5:67:32:5d:d2:2a:f4:
5d:80:a5:82:03:c4:97:f5:f9:00:de:8c:10:b4:eb:59:7c:fe:
4a:0a:c2:f5:c5:aa:3e:72:64:ab:74:ad:96:89:a8:5e:68:3c:
ee:f4:7e:b7:8e:83:ce:ea:42:55:1b:16:d6:58:d4:e6:00:29:
56:ce:10:db
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIENz6tPTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ODQwM2I1ZTQ1Y2Q1OGJlNWY2YzVkMzNmYTU2NWFiNDkyMjNlM2RiMB4XDTIyMDEw
MTA1NTkxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDFlYzBhNjcxZDM0
MTQ1NzAxZDdiM2U3ZDM1Y2ZiMmRmOTdjYTc5YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO2jyL8XIDBbiPQZhf0VmH/ULNIjiApoBG85qf2r2Ci6LFbY
nY/gPvwAAFrXTRnJsH50yMu7vsuk58ImzFHiEK19h5UQqnHI8Ph5F0QiLkhzDjb1
ctUCreG20tRBgHcTgsbMaCamPTZ7WxMMGcXMnUvmstm2Si2i9mTFfGd4+juZ/i5I
UOQPK72nALlXxtrVVG0OsH4pJeJnzX1/jS+wix8859x1SVDAogTKj4aF8AG0Jpz3
7OBNgc1MCh7e3oTxoxJTpuNEd4OVPTDPVg3NhGD3FASwElBBpMwbfQevErIsOoTp
UPh4w75NrLyuLBMobTfNFVPBIYv1BhdnYV1E/8kCAwEAAaOCAk0wggJJMB0GA1Ud
DgQWBBQB7ApnHTQUVwHXs+fTXPst+XynmjAfBgNVHSMEGDAWgBToQDteRc1Yvl9s
XTP6Vlq0kiPj2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZFQTdYa1hOV0w1ZmJGMHotbFphdEpJajQ5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8x
L0Fld0taeDAwRkZjQjE3UG4wMXo3TGZsOHA1by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
ODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8xLzZFQTdYa1hOV0w1
ZmJGMHotbFphdEpJajQ5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBj
BggrBgEFBQcBBwEB/wRUMFIwQQQCAAEwOwMEBFw8oAMEArlCPAMEArl7eAMEBtQx
gAMEBdRCoAMEBdRQoAMDANSjAwQH1QmAAwQF1aogAwQG1cDAMA0EAgACMAcDBQMg
AQrAMA0GCSqGSIb3DQEBCwUAA4IBAQAM76WVlqVO+aRt97Hf5Tn4n7TxJyFpPwD+
SRz6mpxGlgeEJ5juXRJtcC+ZwvtCvyXpnWJXP8kT8cz29x7Tv17yfJuA8P06tti8
8W4ISkJDmiHquw3uKRxXOwXrtO96m1I6VjCTx81hesT89yfmF9lXU+ZdlpLxzIdT
dqVNw0cRYhN0ggmXUAT8s+acwHtVdgZp9XBU1vShrC0P0HjH4mH7c2idykZ4SuUE
NT0d1w0D8EydrrIVcPyfdponSSL4i7VnMl3SKvRdgKWCA8SX9fkA3owQtOtZfP5K
CsL1xao+cmSrdK2WiaheaDzu9H63joPO6kJVGxbWWNTmAClWzhDb
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:21:59 2025 by rpki-client