Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/pBDSwXyjW7PXBXs_v81KjRXOgOY.roa
File: pBDSwXyjW7PXBXs_v81KjRXOgOY.roa (raw, json)
Hash identifier: rFox3585RPqyEIPjV0aUDPvreEtAMoFeY9glHs1tnWo=
Subject key identifier: A4:10:D2:C1:7C:A3:5B:B3:D7:05:7B:3F:BF:CD:4A:8D:15:CE:80:E6
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 018572FA54655956E32D6EFDC3F303FA57F8
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/pBDSwXyjW7PXBXs_v81KjRXOgOY.roa
Signing time: Mon 02 Jan 2023 14:54:46 +0000
ROA not before: Mon 02 Jan 2023 14:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5400
IP address blocks: 213.9.138.0/24 maxlen: 24
213.9.148.0/24 maxlen: 24
213.9.160.0/24 maxlen: 24
212.49.175.0/24 maxlen: 24
212.49.181.0/24 maxlen: 24
212.49.190.0/24 maxlen: 24
212.49.191.0/24 maxlen: 24
212.163.40.0/24 maxlen: 24
213.9.232.0/24 maxlen: 24
212.163.55.0/24 maxlen: 24
213.9.173.0/24 maxlen: 24
213.9.177.0/24 maxlen: 24
213.9.188.0/24 maxlen: 24
212.163.3.0/24 maxlen: 24
212.163.6.0/24 maxlen: 24
212.163.24.0/24 maxlen: 24
212.163.169.0/24 maxlen: 24
212.163.174.0/24 maxlen: 24
212.163.194.0/24 maxlen: 24
212.163.141.0/24 maxlen: 24
212.49.131.0/24 maxlen: 24
212.49.142.0/24 maxlen: 24
212.49.147.0/24 maxlen: 24
212.49.163.0/24 maxlen: 24
212.49.167.0/24 maxlen: 24
212.163.206.0/24 maxlen: 24
212.163.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:54:65:59:56:e3:2d:6e:fd:c3:f3:03:fa:57:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 2 14:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a410d2c17ca35bb3d7057b3fbfcd4a8d15ce80e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ea:3f:6d:f4:99:1b:3b:3e:f1:b4:0d:00:1e:
54:16:17:58:b6:6a:fd:b7:92:c8:68:e7:3e:91:ec:
89:39:eb:63:b1:5b:a8:1f:0c:7c:c6:37:1f:e5:42:
45:c0:95:32:a7:2c:ad:7f:78:df:85:c6:d2:c4:f2:
49:51:18:ad:cc:e3:e8:58:e6:26:b4:43:4a:b4:3c:
4e:e8:10:e2:a2:97:81:6e:1a:3e:cc:b4:37:00:17:
ab:8e:c7:e8:0e:97:24:55:30:6c:18:10:9d:86:29:
e5:7a:f8:bd:7e:e4:bc:08:b1:75:2f:72:6b:df:84:
70:bb:ff:35:2b:dc:27:68:c0:47:c3:01:9a:56:e3:
21:67:1d:49:fe:a9:07:57:02:f0:64:84:4e:d9:b2:
e3:02:4a:55:8f:cb:d7:b0:8f:ea:e6:ae:5b:67:31:
61:97:07:7d:54:2d:76:14:3d:84:80:e2:2e:c0:c0:
75:fb:ba:0f:d4:e1:bc:64:68:34:6d:aa:d2:6c:e8:
75:b4:b6:9c:1a:87:2b:9f:fa:73:6b:f7:f7:71:ff:
74:50:34:29:49:41:cd:27:6f:97:9d:03:6a:0a:a1:
ff:09:6f:ee:3b:52:26:d6:f6:04:23:28:2d:fa:2e:
4c:29:b7:22:62:5a:31:e1:6e:bd:b0:ac:7c:68:d7:
05:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:10:D2:C1:7C:A3:5B:B3:D7:05:7B:3F:BF:CD:4A:8D:15:CE:80:E6
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/pBDSwXyjW7PXBXs_v81KjRXOgOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.49.131.0/24
212.49.142.0/24
212.49.147.0/24
212.49.163.0/24
212.49.167.0/24
212.49.175.0/24
212.49.181.0/24
212.49.190.0/23
212.163.3.0/24
212.163.6.0/24
212.163.24.0/24
212.163.40.0/24
212.163.55.0/24
212.163.141.0/24
212.163.169.0/24
212.163.174.0/24
212.163.194.0/24
212.163.206.0/24
212.163.215.0/24
213.9.138.0/24
213.9.148.0/24
213.9.160.0/24
213.9.173.0/24
213.9.177.0/24
213.9.188.0/24
213.9.232.0/24
Signature Algorithm: sha256WithRSAEncryption
21:2b:ec:9a:34:e5:76:06:19:a2:3f:1d:26:37:f4:39:b5:f7:
80:72:e2:5c:3c:93:33:80:7b:bf:85:9b:20:c3:1c:b8:2f:24:
59:20:ec:f4:05:c4:95:12:d9:66:53:e3:b4:b2:a3:19:3e:e2:
74:44:5b:ad:1f:c7:7b:98:93:53:97:aa:74:c0:89:96:5a:bb:
86:dc:c0:7c:14:71:df:8e:2b:53:0d:80:98:98:46:ae:41:a8:
d1:a6:b3:bc:1d:7c:4c:c6:b6:31:e7:3a:eb:d7:d1:56:4d:0b:
c0:dc:0a:1d:be:9c:37:1b:3c:98:26:9a:1c:60:65:d9:61:84:
4d:78:21:a2:32:09:74:8a:9c:a3:e1:0d:51:5b:29:c1:d7:31:
9c:9d:6a:89:1b:e5:0a:cd:5f:26:5e:74:93:69:5c:d9:00:26:
15:6f:62:51:8f:b9:fe:44:f6:4a:51:d4:75:5d:d4:51:09:36:
19:34:73:46:49:b6:69:1a:bb:6f:04:a6:87:5b:a8:e0:a2:13:
a9:78:f6:b8:0e:84:9a:af:c3:97:a5:50:ee:5a:8e:24:34:0a:
8a:98:59:be:7b:66:66:81:be:f9:b9:92:e0:51:83:e4:81:ed:
ab:b9:9f:24:3a:74:a4:7b:c9:18:21:1d:92:eb:92:88:c3:85:
69:ad:97:91
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAYVy+lRlWVbjLW79w/MD+lf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTAyMTQ1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDEwZDJjMTdjYTM1YmIzZDcwNTdiM2ZiZmNkNGE4ZDE1Y2U4MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOo/bfSZGzs+8bQNAB5UFhdYtmr9
t5LIaOc+keyJOetjsVuoHwx8xjcf5UJFwJUypyytf3jfhcbSxPJJURitzOPoWOYm
tENKtDxO6BDiopeBbho+zLQ3ABerjsfoDpckVTBsGBCdhinlevi9fuS8CLF1L3Jr
34Rwu/81K9wnaMBHwwGaVuMhZx1J/qkHVwLwZIRO2bLjAkpVj8vXsI/q5q5bZzFh
lwd9VC12FD2EgOIuwMB1+7oP1OG8ZGg0barSbOh1tLacGocrn/pza/f3cf90UDQp
SUHNJ2+XnQNqCqH/CW/uO1Im1vYEIygt+i5MKbciYlox4W69sKx8aNcF+wIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFKQQ0sF8o1uz1wV7P7/NSo0VzoDmMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvcEJEU3dYeWpXN1BYQlhzX3Y4MUtqUlhPZ09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG5BggrBgEFBQcBBwEB/wSBqTCBpjCBowQCAAEwgZwDBADU
MYMDBADUMY4DBADUMZMDBADUMaMDBADUMacDBADUMa8DBADUMbUDBAHUMb4DBADU
owMDBADUowYDBADUoxgDBADUoygDBADUozcDBADUo40DBADUo6kDBADUo64DBADU
o8IDBADUo84DBADUo9cDBADVCYoDBADVCZQDBADVCaADBADVCa0DBADVCbEDBADV
CbwDBADVCegwDQYJKoZIhvcNAQELBQADggEBACEr7Jo05XYGGaI/HSY39Dm194By
4lw8kzOAe7+FmyDDHLgvJFkg7PQFxJUS2WZT47Syoxk+4nREW60fx3uYk1OXqnTA
iZZau4bcwHwUcd+OK1MNgJiYRq5BqNGms7wdfEzGtjHnOuvX0VZNC8DcCh2+nDcb
PJgmmhxgZdlhhE14IaIyCXSKnKPhDVFbKcHXMZydaokb5QrNXyZedJNpXNkAJhVv
YlGPuf5E9kpR1HVd1FEJNhk0c0ZJtmkau28EpodbqOCiE6l49rgOhJqvw5elUO5a
jiQ0CoqYWb57ZmaBvvm5kuBRg+SB7au5nyQ6dKR7yRghHZLrkojDhWmtl5E=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:50:46 2025 by rpki-client