Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/Z9F8VpIDwYOXskDDjAUuy_kAoWo.roa
File: Z9F8VpIDwYOXskDDjAUuy_kAoWo.roa (raw, json)
Hash identifier: RX+b5oDqf+61Xnvfp528uyf7u3wq7MwAN1kItxStmjY=
Subject key identifier: 67:D1:7C:56:92:03:C1:83:97:B2:40:C3:8C:05:2E:CB:F9:00:A1:6A
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 018572FA56F4CA8814BB16D73A1F230D6A30
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/Z9F8VpIDwYOXskDDjAUuy_kAoWo.roa
Signing time: Mon 02 Jan 2023 14:54:46 +0000
ROA not before: Mon 02 Jan 2023 14:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8903
IP address blocks: 212.80.160.0/19 maxlen: 24
213.9.128.0/17 maxlen: 24
212.49.128.0/18 maxlen: 24
213.192.192.0/18 maxlen: 24
92.60.160.0/20 maxlen: 24
213.170.32.0/19 maxlen: 24
212.163.0.0/16 maxlen: 24
185.123.120.0/22 maxlen: 24
212.66.160.0/19 maxlen: 24
213.192.242.0/23 maxlen: 23
185.66.60.0/22 maxlen: 24
2001:ac0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:56:f4:ca:88:14:bb:16:d7:3a:1f:23:0d:6a:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 2 14:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=67d17c569203c18397b240c38c052ecbf900a16a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:5c:27:94:b2:75:b3:3f:de:67:15:c5:34:cd:
0c:d0:68:01:63:c3:3f:98:54:bf:2e:89:ff:00:ae:
a6:16:8c:7d:f2:c2:dd:8e:31:2f:f4:8f:7c:8e:93:
51:35:62:8c:c5:d8:6c:c9:ba:17:78:b8:b1:69:1c:
84:7e:24:be:a0:68:85:21:99:ad:0e:87:27:4b:5a:
0d:3f:e8:d5:82:aa:ad:b3:05:65:1f:ce:51:d1:e8:
c5:6c:d3:78:2f:e1:38:ae:e3:9c:50:1a:c8:ab:f9:
54:26:4d:30:01:aa:5a:0f:6e:8e:6f:d0:28:3b:f4:
fb:a4:9b:e7:af:fb:fa:26:99:a1:93:3a:0d:90:72:
5a:62:bb:57:91:ce:d2:75:ee:8d:ae:30:3e:31:fb:
1d:d8:22:04:07:6c:3b:9b:dd:70:14:c0:5f:d1:e7:
50:11:98:40:d8:c5:76:89:57:b0:3e:b5:3d:f6:c4:
56:7e:0e:17:60:eb:19:e2:f2:8f:30:52:06:45:26:
67:4e:14:e4:27:9b:c9:9b:6f:6d:73:2a:3f:34:f8:
f8:aa:6e:30:85:6a:78:8e:59:04:87:cc:26:58:4d:
d4:04:34:f2:55:b9:29:78:ea:30:e7:26:f1:e6:33:
d0:10:e4:35:3d:b8:5e:23:9f:0a:85:ff:45:08:d1:
1f:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:D1:7C:56:92:03:C1:83:97:B2:40:C3:8C:05:2E:CB:F9:00:A1:6A
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/Z9F8VpIDwYOXskDDjAUuy_kAoWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.60.160.0/20
185.66.60.0/22
185.123.120.0/22
212.49.128.0/18
212.66.160.0/19
212.80.160.0/19
212.163.0.0/16
213.9.128.0/17
213.170.32.0/19
213.192.192.0/18
IPv6:
2001:ac0::/29
Signature Algorithm: sha256WithRSAEncryption
55:f3:a7:de:1b:3c:26:f0:f9:9f:10:5e:2e:02:85:ed:72:02:
6e:0c:54:5b:b8:0a:95:fd:25:da:e3:aa:a0:32:23:b9:99:e0:
84:fd:82:a5:16:d7:d1:76:42:6f:4c:c7:36:2d:20:c3:e7:e9:
9a:68:e8:5b:44:f7:c9:81:5f:41:8e:d2:91:d5:d0:fd:9a:a7:
c0:e2:40:ef:02:af:ec:33:e7:5d:aa:44:53:c6:2e:19:01:4e:
ff:25:bd:e7:52:dc:c3:47:e5:3c:89:d6:36:85:d2:3c:cc:99:
db:d6:9d:85:9c:ce:6f:10:27:7d:79:bc:cf:8b:bb:28:e0:56:
33:99:aa:9e:83:c7:ec:29:46:08:02:15:79:3d:b8:8e:bf:99:
cd:f7:50:57:10:2f:f1:44:23:98:a2:be:2a:cb:b6:ce:bf:1c:
b0:7b:e6:50:d6:ff:de:54:26:23:a5:a9:14:02:cc:f1:7c:37:
14:7d:ab:47:24:1b:b4:f2:2b:80:ce:23:4b:d1:ea:ee:f9:46:
fa:65:2f:b5:7a:b7:69:5a:33:ff:89:a1:11:ed:b8:0c:6b:48:
c0:49:0f:75:48:91:cf:d8:63:94:c9:21:ed:4b:78:7d:da:ef:
02:ae:c2:94:8c:0e:04:91:4d:53:a1:ab:a5:3c:74:4d:79:de:
64:fb:ff:fd
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVy+lb0yogUuxbXOh8jDWowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTAyMTQ1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2QxN2M1NjkyMDNjMTgzOTdiMjQwYzM4YzA1MmVjYmY5MDBhMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlwnlLJ1sz/eZxXFNM0M0GgBY8M/
mFS/Lon/AK6mFox98sLdjjEv9I98jpNRNWKMxdhsyboXeLixaRyEfiS+oGiFIZmt
DocnS1oNP+jVgqqtswVlH85R0ejFbNN4L+E4ruOcUBrIq/lUJk0wAapaD26Ob9Ao
O/T7pJvnr/v6JpmhkzoNkHJaYrtXkc7Sde6NrjA+Mfsd2CIEB2w7m91wFMBf0edQ
EZhA2MV2iVewPrU99sRWfg4XYOsZ4vKPMFIGRSZnThTkJ5vJm29tcyo/NPj4qm4w
hWp4jlkEh8wmWE3UBDTyVbkpeOow5ybx5jPQEOQ1PbheI58Khf9FCNEfWwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFGfRfFaSA8GDl7JAw4wFLsv5AKFqMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvWjlGOFZwSUR3WU9Yc2tERGpBVXV5X2tBb1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7AwQEXDygAwQC
uUI8AwQCuXt4AwQG1DGAAwQF1EKgAwQF1FCgAwMA1KMDBAfVCYADBAXVqiADBAbV
wMAwDQQCAAIwBwMFAyABCsAwDQYJKoZIhvcNAQELBQADggEBAFXzp94bPCbw+Z8Q
Xi4Che1yAm4MVFu4CpX9JdrjqqAyI7mZ4IT9gqUW19F2Qm9MxzYtIMPn6Zpo6FtE
98mBX0GO0pHV0P2ap8DiQO8Cr+wz512qRFPGLhkBTv8lvedS3MNH5TyJ1jaF0jzM
mdvWnYWczm8QJ315vM+LuyjgVjOZqp6Dx+wpRggCFXk9uI6/mc33UFcQL/FEI5ii
virLts6/HLB75lDW/95UJiOlqRQCzPF8NxR9q0ckG7TyK4DOI0vR6u75RvplL7V6
t2laM/+JoRHtuAxrSMBJD3VIkc/YY5TJIe1LeH3a7wKuwpSMDgSRTVOhq6U8dE15
3mT7//0=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:24 2025 by rpki-client