Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/_pxteNnTjuIiVYnIW2W-k1j506M.roa
File: _pxteNnTjuIiVYnIW2W-k1j506M.roa (raw, json)
Hash identifier: YRVKQWnR/8ouqU3EQsp2gMDJYpn7kqjuTlgs3Z384gQ=
Subject key identifier: FE:9C:6D:78:D9:D3:8E:E2:22:55:89:C8:5B:65:BE:93:58:F9:D3:A3
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 018FA49867FB105B7650F739FD1DCEF3F3C9
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/_pxteNnTjuIiVYnIW2W-k1j506M.roa
Signing time: Thu 23 May 2024 08:36:42 +0000
ROA not before: Thu 23 May 2024 08:36:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12615
IP address blocks: 78.108.249.0/24 maxlen: 24
87.246.4.0/24 maxlen: 24
109.160.44.0/24 maxlen: 24
109.160.45.0/24 maxlen: 24
109.160.118.0/24 maxlen: 24
109.160.119.0/24 maxlen: 24
185.43.59.0/24 maxlen: 24
212.70.130.0/23 maxlen: 23
212.70.132.0/24 maxlen: 24
212.70.133.0/24 maxlen: 24
212.70.134.0/24 maxlen: 24
212.70.135.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:a4:98:67:fb:10:5b:76:50:f7:39:fd:1d:ce:f3:f3:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: May 23 08:36:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fe9c6d78d9d38ee2225589c85b65be9358f9d3a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:5a:63:76:00:fe:29:59:11:62:2c:b4:2e:40:
01:c2:38:a2:e2:e2:63:27:c0:75:ed:06:dd:75:65:
64:0c:7e:22:f8:8c:60:af:89:a6:fa:74:25:3e:b7:
76:e4:c3:d5:5d:15:77:a7:46:4b:3d:26:df:8b:58:
d6:7c:2f:bf:cf:2a:24:b4:dd:3d:4a:03:56:15:3a:
da:b1:8c:fa:77:78:35:0c:4c:9d:35:2b:1d:ef:34:
39:90:3a:13:90:b4:0e:04:bc:6a:a2:b0:dc:32:f5:
00:fc:ae:7e:34:74:0f:4e:b7:15:2e:13:81:12:ed:
85:33:5d:c2:86:80:9d:5e:c9:a8:0c:1b:ee:6c:d2:
63:a0:54:2f:d5:01:d3:6e:1f:99:bf:5b:55:ba:83:
08:86:9e:ee:4c:cf:47:43:3d:21:ac:60:cd:9b:be:
39:44:5a:98:29:81:74:4c:d3:83:e1:de:4d:59:5b:
4d:af:d2:42:4c:ee:63:90:b0:19:44:b0:4e:d2:00:
4e:f5:7a:4e:d6:ed:b7:c3:c8:01:25:98:9c:84:21:
0a:b5:a4:75:a8:3b:92:1c:bb:2a:09:fc:38:24:c1:
ff:d3:c8:a5:ef:3f:fa:3a:dc:12:89:e2:34:85:54:
82:df:3b:01:15:72:92:3a:f3:f7:d7:ba:f5:17:c6:
f5:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:9C:6D:78:D9:D3:8E:E2:22:55:89:C8:5B:65:BE:93:58:F9:D3:A3
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/_pxteNnTjuIiVYnIW2W-k1j506M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.108.249.0/24
87.246.4.0/24
109.160.44.0/23
109.160.118.0/23
185.43.59.0/24
212.70.130.0-212.70.135.255
Signature Algorithm: sha256WithRSAEncryption
89:50:de:57:e2:13:ee:15:06:b9:4f:02:23:4d:5d:55:d8:0d:
e9:db:8a:a7:4b:f6:48:41:c7:03:f7:05:e2:d1:12:4a:ae:a1:
07:9d:3a:bb:d9:1f:e9:1c:cc:f3:04:b4:2d:af:a1:78:f7:c9:
68:a3:54:e1:2a:f7:e5:7e:0e:fb:43:2d:95:17:36:bb:2f:21:
29:e7:e0:83:aa:ce:5d:dd:f0:ab:39:05:aa:ec:31:5f:16:c3:
76:40:c5:3b:70:ee:67:f2:76:0e:1d:74:40:24:1f:07:fb:1a:
81:fa:32:76:2a:eb:e8:54:c1:be:80:30:c1:ac:6e:f3:a8:6f:
d0:73:7d:9c:ac:07:53:06:71:50:23:c3:03:e5:0a:a6:66:ce:
87:1e:e7:ec:a0:38:61:99:fb:8e:90:43:b4:ac:86:d9:01:98:
7b:80:b6:43:7f:11:b2:50:88:c4:0c:58:ed:e9:87:d9:50:d5:
86:fa:d4:3b:1b:d1:9f:3f:31:25:2c:3f:07:f3:a2:72:d0:ac:
ba:d7:eb:a2:e3:c1:bc:84:23:6a:48:01:cc:12:f9:eb:e7:8b:
21:19:95:09:0e:76:4a:8b:06:d6:51:d1:fc:a3:02:33:3c:33:
17:2c:77:0f:5f:86:43:7c:8a:f0:78:26:c2:96:4a:83:ba:97:
9b:34:57:b0
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY+kmGf7EFt2UPc5/R3O8/PJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwNTIzMDgzNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTljNmQ3OGQ5ZDM4ZWUyMjI1NTg5Yzg1YjY1YmU5MzU4ZjlkM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FpjdgD+KVkRYiy0LkABwjii4uJj
J8B17QbddWVkDH4i+Ixgr4mm+nQlPrd25MPVXRV3p0ZLPSbfi1jWfC+/zyoktN09
SgNWFTrasYz6d3g1DEydNSsd7zQ5kDoTkLQOBLxqorDcMvUA/K5+NHQPTrcVLhOB
Eu2FM13ChoCdXsmoDBvubNJjoFQv1QHTbh+Zv1tVuoMIhp7uTM9HQz0hrGDNm745
RFqYKYF0TNOD4d5NWVtNr9JCTO5jkLAZRLBO0gBO9XpO1u23w8gBJZichCEKtaR1
qDuSHLsqCfw4JMH/08il7z/6OtwSieI0hVSC3zsBFXKSOvP317r1F8b1BQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFP6cbXjZ047iIlWJyFtlvpNY+dOjMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvX3B4dGVOblRqdUlpVlluSVcyVy1rMWo1MDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQATmz5AwQA
V/YEAwQBbaAsAwQBbaB2AwQAuSs7MAwDBAHURoIDBAPURoAwDQYJKoZIhvcNAQEL
BQADggEBAIlQ3lfiE+4VBrlPAiNNXVXYDenbiqdL9khBxwP3BeLREkquoQedOrvZ
H+kczPMEtC2voXj3yWijVOEq9+V+DvtDLZUXNrsvISnn4IOqzl3d8Ks5BarsMV8W
w3ZAxTtw7mfydg4ddEAkHwf7GoH6MnYq6+hUwb6AMMGsbvOob9BzfZysB1MGcVAj
wwPlCqZmzoce5+ygOGGZ+46QQ7SshtkBmHuAtkN/EbJQiMQMWO3ph9lQ1Yb61Dsb
0Z8/MSUsPwfzonLQrLrX66LjwbyEI2pIAcwS+evniyEZlQkOdkqLBtZR0fyjAjM8
Mxcsdw9fhkN8ivB4JsKWSoO6l5s0V7A=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:34 2025 by rpki-client