Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/IXOxyRTXBWnVypyj9CmpctRKGvM.roa
File: IXOxyRTXBWnVypyj9CmpctRKGvM.roa (raw, json)
Hash identifier: vc5ZLX3vOZRPPlQS6Q0/uuKXXmcUEt1CP22kP9/SV/s=
Subject key identifier: 21:73:B1:C9:14:D7:05:69:D5:CA:9C:A3:F4:29:A9:72:D4:4A:1A:F3
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 0185D553D5829012481A36A3CF75313D51E5
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/IXOxyRTXBWnVypyj9CmpctRKGvM.roa
Signing time: Sat 21 Jan 2023 17:15:19 +0000
ROA not before: Sat 21 Jan 2023 17:15:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12615
IP address blocks: 212.70.133.0/24 maxlen: 24
212.70.135.0/24 maxlen: 24
212.70.134.0/24 maxlen: 24
185.43.58.0/24 maxlen: 24
185.43.59.0/24 maxlen: 24
109.160.118.0/24 maxlen: 24
87.246.4.0/24 maxlen: 24
212.70.130.0/23 maxlen: 23
212.70.132.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:d5:53:d5:82:90:12:48:1a:36:a3:cf:75:31:3d:51:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Jan 21 17:15:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2173b1c914d70569d5ca9ca3f429a972d44a1af3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:28:d9:06:6a:8c:45:a0:ef:78:81:d5:fb:fd:
7d:7d:e4:00:29:51:d3:9d:c8:0d:87:1c:b5:5c:db:
b1:90:e3:d4:90:2b:51:56:d3:6b:8e:03:95:8a:98:
06:25:a5:b8:ca:46:59:22:d3:e5:a8:e2:dd:0b:b9:
fd:d0:d3:15:3b:18:3e:ca:ec:2e:0e:bd:f6:ca:d8:
a2:8b:45:4f:02:f3:53:2f:07:a0:7a:81:b7:c0:0d:
f2:5b:ce:29:41:b5:fe:6b:33:8f:df:1b:81:36:b6:
4e:f0:2f:60:f8:fb:63:0c:57:9f:41:8b:f7:98:23:
96:ab:92:b8:28:b1:8b:83:5b:0a:d6:9c:ee:82:2f:
3a:90:07:59:46:db:10:9f:93:e3:43:6f:8d:3b:79:
a2:50:d6:27:0b:37:49:60:49:0e:5c:b0:65:1f:7e:
85:bd:b6:c9:8e:61:45:68:a7:b7:52:42:8a:b7:4f:
ac:8b:06:40:19:d1:3e:b8:3f:49:65:4e:2a:46:1f:
38:8e:36:85:1e:3f:b8:1f:06:9c:f2:68:f1:c1:6f:
01:87:e6:42:b3:82:bf:24:38:a3:23:40:47:a7:ba:
5d:69:2d:42:a6:de:7f:d4:80:34:03:a6:44:d2:c6:
ea:2b:83:f8:3b:59:3e:ac:0a:1c:8d:7a:b2:6a:88:
09:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:73:B1:C9:14:D7:05:69:D5:CA:9C:A3:F4:29:A9:72:D4:4A:1A:F3
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/IXOxyRTXBWnVypyj9CmpctRKGvM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.246.4.0/24
109.160.118.0/24
185.43.58.0/23
212.70.130.0-212.70.135.255
Signature Algorithm: sha256WithRSAEncryption
28:b8:74:24:71:8a:bf:78:ad:65:35:c1:eb:18:37:bf:cb:97:
0f:8f:99:be:1e:7e:d4:76:d1:95:17:b4:4b:8d:f0:52:b4:68:
da:52:61:55:8a:b0:aa:97:2c:82:c9:f4:38:10:3d:c1:f4:e0:
a2:76:e1:60:59:2f:cf:f8:0e:3f:92:c3:e3:8f:f5:54:d3:73:
d3:23:c8:fa:df:d6:bc:45:67:e8:bd:00:96:9b:3e:5c:85:fe:
c8:93:07:e1:9c:67:b9:47:35:92:25:78:d2:44:18:fe:65:95:
62:cd:35:df:c7:6b:e5:a9:61:b6:eb:1b:d9:0b:0b:65:6c:4e:
7a:9a:e1:ba:b9:83:40:6e:e6:ff:98:af:09:b9:8f:b4:06:82:
fd:99:a4:6f:33:49:c5:88:b2:f9:16:06:a2:28:b5:c5:b5:01:
85:78:42:8a:75:51:70:10:c6:04:36:cd:65:0e:58:15:b0:fc:
db:f4:25:b8:60:bf:b0:38:87:f1:d3:37:9d:78:57:6e:1a:5c:
ce:05:74:6f:00:d6:2d:4c:ea:d8:6b:ea:a2:36:28:1d:22:73:
a5:92:d9:2e:5f:67:f8:2f:8f:80:23:7c:9a:00:df:8b:ac:25:
a1:27:90:67:df:8e:ff:78:01:8e:24:a4:85:56:ee:01:b2:67:
da:de:ef:32
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYXVU9WCkBJIGjajz3UxPVHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjMwMTIxMTcxNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTczYjFjOTE0ZDcwNTY5ZDVjYTljYTNmNDI5YTk3MmQ0NGExYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCjZBmqMRaDveIHV+/19feQAKVHT
ncgNhxy1XNuxkOPUkCtRVtNrjgOVipgGJaW4ykZZItPlqOLdC7n90NMVOxg+yuwu
Dr32ytiii0VPAvNTLwegeoG3wA3yW84pQbX+azOP3xuBNrZO8C9g+PtjDFefQYv3
mCOWq5K4KLGLg1sK1pzugi86kAdZRtsQn5PjQ2+NO3miUNYnCzdJYEkOXLBlH36F
vbbJjmFFaKe3UkKKt0+siwZAGdE+uD9JZU4qRh84jjaFHj+4Hwac8mjxwW8Bh+ZC
s4K/JDijI0BHp7pdaS1Cpt5/1IA0A6ZE0sbqK4P4O1k+rAocjXqyaogJ3QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCFzsckU1wVp1cqco/QpqXLUShrzMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvSVhPeHlSVFhCV25WeXB5ajlDbXBjdFJLR3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAV/YEAwQA
baB2AwQBuSs6MAwDBAHURoIDBAPURoAwDQYJKoZIhvcNAQELBQADggEBACi4dCRx
ir94rWU1wesYN7/Llw+Pmb4eftR20ZUXtEuN8FK0aNpSYVWKsKqXLILJ9DgQPcH0
4KJ24WBZL8/4Dj+Sw+OP9VTTc9MjyPrf1rxFZ+i9AJabPlyF/siTB+GcZ7lHNZIl
eNJEGP5llWLNNd/Ha+WpYbbrG9kLC2VsTnqa4bq5g0Bu5v+Yrwm5j7QGgv2ZpG8z
ScWIsvkWBqIotcW1AYV4Qop1UXAQxgQ2zWUOWBWw/Nv0Jbhgv7A4h/HTN514V24a
XM4FdG8A1i1M6thr6qI2KB0ic6WS2S5fZ/gvj4AjfJoA34usJaEnkGffjv94AY4k
pIVW7gGyZ9re7zI=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:29 2025 by rpki-client