Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KOq4uvGijjyRfiv_jfyJOBK1Dzw.roa
File: KOq4uvGijjyRfiv_jfyJOBK1Dzw.roa (raw, json)
Hash identifier: 0hiIfK5NmA4vSibjKNyXy8NhYDn/HFLm/tbegSbrLqU=
Subject key identifier: 28:EA:B8:BA:F1:A2:8E:3C:91:7E:2B:FF:8D:FC:89:38:12:B5:0F:3C
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 01865440B70C5647F436EDBE98C03D63823F
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KOq4uvGijjyRfiv_jfyJOBK1Dzw.roa
Signing time: Wed 15 Feb 2023 08:46:12 +0000
ROA not before: Wed 15 Feb 2023 08:46:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12462
IP address blocks: 212.80.160.0/19 maxlen: 24
213.192.192.0/18 maxlen: 24
213.170.32.0/19 maxlen: 24
212.66.160.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:54:40:b7:0c:56:47:f4:36:ed:be:98:c0:3d:63:82:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Feb 15 08:46:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28eab8baf1a28e3c917e2bff8dfc893812b50f3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f0:7c:77:7b:63:46:b5:e8:9b:61:7d:48:22:
16:9f:51:47:c6:38:82:e2:9f:38:90:33:75:20:7d:
79:ff:cf:6c:f7:fc:23:a2:4a:ac:b5:fa:5c:06:b3:
dd:b0:6e:d7:e4:48:14:f6:d5:20:5e:de:04:94:a7:
86:8f:38:62:69:31:8a:67:e5:f7:71:d0:77:9e:7f:
19:52:10:82:e3:40:ba:61:28:ad:5d:16:98:c5:e7:
89:ab:cc:e1:41:c6:7b:cc:97:f1:48:48:c9:39:36:
4a:8a:71:29:e8:04:9b:a6:23:fa:c0:86:be:19:b8:
73:f8:9e:ba:70:31:5e:c7:18:67:de:61:af:2b:5c:
a8:0f:af:97:cf:3d:73:78:2e:d7:0a:33:e1:9c:bb:
03:74:e1:1f:d0:3a:31:44:d1:62:11:44:dd:34:e2:
d4:03:0f:4c:bb:e6:43:a1:d8:bd:8a:5c:37:fc:fc:
32:26:ac:bf:2e:e7:02:a8:bc:4f:f6:0c:62:9e:99:
58:c0:eb:2c:6d:2f:27:31:3b:be:6c:40:a2:97:4d:
8f:22:5c:1e:55:24:c9:54:cf:5f:89:82:b8:7f:8f:
a2:a0:2d:b9:bc:35:82:41:8d:3b:a5:e6:c5:b9:3c:
b8:49:93:11:7a:ab:4e:d0:00:16:23:b8:ff:6c:65:
0d:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:EA:B8:BA:F1:A2:8E:3C:91:7E:2B:FF:8D:FC:89:38:12:B5:0F:3C
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KOq4uvGijjyRfiv_jfyJOBK1Dzw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.66.160.0/19
212.80.160.0/19
213.170.32.0/19
213.192.192.0/18
Signature Algorithm: sha256WithRSAEncryption
65:d5:2b:07:2f:43:00:61:ff:bd:a6:fa:61:ae:e0:0e:84:48:
e7:e5:c9:86:09:e9:8f:6b:fb:fc:ec:65:42:38:df:1d:d7:3a:
86:2b:40:a4:fe:ec:c4:77:a7:4c:ad:fa:2c:39:fd:11:fc:fb:
3f:d0:e3:54:80:bc:c6:96:31:b2:91:2c:3b:5c:0c:88:d1:4c:
15:22:61:c3:fd:f7:24:86:25:25:98:6a:c7:28:09:a2:6b:40:
dc:69:2a:69:d5:ae:b0:a7:16:64:9a:7a:6f:69:87:9d:81:db:
9e:0b:3c:91:d3:08:9a:a4:b7:36:50:59:6c:c0:a8:87:12:11:
c6:d6:63:6f:19:4b:61:fc:1b:2c:81:3a:54:c5:d7:7f:3a:92:
49:ca:cb:26:69:d4:ec:03:5d:8e:0f:fb:c1:72:47:48:02:24:
01:e8:91:42:0d:67:b6:a6:9d:d7:72:26:da:09:65:17:ae:1e:
ad:d6:1a:1c:f5:2a:f1:e6:8e:2a:ce:29:75:57:49:19:94:63:
e2:4e:20:da:c7:0a:ff:e1:dd:76:eb:90:3d:59:0b:b0:c0:ac:
81:47:0c:af:17:ef:41:1f:e2:fd:65:f4:74:0a:65:91:fd:69:
6d:5e:d4:50:ac:37:39:b4:e2:e8:6f:c6:4a:36:3b:94:f3:95:
81:f8:4f:35
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZUQLcMVkf0Nu2+mMA9Y4I/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMjE1MDg0NjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVhYjhiYWYxYTI4ZTNjOTE3ZTJiZmY4ZGZjODkzODEyYjUwZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPB8d3tjRrXom2F9SCIWn1FHxjiC
4p84kDN1IH15/89s9/wjokqstfpcBrPdsG7X5EgU9tUgXt4ElKeGjzhiaTGKZ+X3
cdB3nn8ZUhCC40C6YSitXRaYxeeJq8zhQcZ7zJfxSEjJOTZKinEp6ASbpiP6wIa+
Gbhz+J66cDFexxhn3mGvK1yoD6+Xzz1zeC7XCjPhnLsDdOEf0DoxRNFiEUTdNOLU
Aw9Mu+ZDodi9ilw3/PwyJqy/LucCqLxP9gxinplYwOssbS8nMTu+bECil02PIlwe
VSTJVM9fiYK4f4+ioC25vDWCQY07pebFuTy4SZMReqtO0AAWI7j/bGUNGwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCjquLrxoo48kX4r/438iTgStQ88MB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvS09xNHV2R2lqanlSZml2X2pmeUpPQksxRHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQF1EKgAwQF
1FCgAwQF1aogAwQG1cDAMA0GCSqGSIb3DQEBCwUAA4IBAQBl1SsHL0MAYf+9pvph
ruAOhEjn5cmGCemPa/v87GVCON8d1zqGK0Ck/uzEd6dMrfosOf0R/Ps/0ONUgLzG
ljGykSw7XAyI0UwVImHD/fckhiUlmGrHKAmia0DcaSpp1a6wpxZkmnpvaYedgdue
CzyR0wiapLc2UFlswKiHEhHG1mNvGUth/BssgTpUxdd/OpJJyssmadTsA12OD/vB
ckdIAiQB6JFCDWe2pp3XcibaCWUXrh6t1hoc9Srx5o4qzil1V0kZlGPiTiDaxwr/
4d1265A9WQuwwKyBRwyvF+9BH+L9ZfR0CmWR/WltXtRQrDc5tOLob8ZKNjuU85WB
+E81
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:47:07 2025 by rpki-client