Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/x_17kUHVFDhdTqPZ-16pmoMkfAo.roa
File: x_17kUHVFDhdTqPZ-16pmoMkfAo.roa (raw, json)
Hash identifier: 2/1lBLl73GOIBDP0ZEVEZdNo+seJe6W8q5JRSzZfjnk=
Subject key identifier: C7:FD:7B:91:41:D5:14:38:5D:4E:A3:D9:FB:5E:A9:9A:83:24:7C:0A
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 0184A94CF1C932B8FD475BA7B27B3B80BAA1
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/x_17kUHVFDhdTqPZ-16pmoMkfAo.roa
Signing time: Thu 24 Nov 2022 11:01:42 +0000
ROA not before: Thu 24 Nov 2022 11:01:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12615
IP address blocks: 212.70.133.0/24 maxlen: 24
212.70.135.0/24 maxlen: 24
212.70.134.0/24 maxlen: 24
109.160.118.0/24 maxlen: 24
87.246.4.0/24 maxlen: 24
212.70.130.0/23 maxlen: 23
212.70.132.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a9:4c:f1:c9:32:b8:fd:47:5b:a7:b2:7b:3b:80:ba:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Nov 24 11:01:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c7fd7b9141d514385d4ea3d9fb5ea99a83247c0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f2:a4:37:f6:5e:8e:41:c4:c1:e8:fb:f0:e7:
a8:0c:e8:7e:87:0c:70:27:b8:c1:75:06:6a:7d:7c:
6f:01:71:15:04:10:87:e1:5f:61:a5:a4:88:9e:33:
91:9f:b9:63:60:37:c5:fb:2a:65:72:e8:a6:9d:42:
fd:ed:b3:83:45:11:12:88:1e:8f:52:1f:02:58:0d:
fb:f4:a9:2f:53:74:a4:f6:5c:54:45:a3:df:80:59:
85:8b:0a:37:ca:f4:8c:82:8e:64:64:56:ef:93:eb:
e4:87:c1:70:00:91:c7:b9:08:01:e5:75:99:90:c2:
dd:a2:d8:75:2e:e4:78:da:8c:05:7e:3e:08:ba:16:
5a:1b:53:e0:7c:24:06:c4:b5:0a:cb:56:fb:a4:c5:
da:38:7e:2f:c6:5d:62:04:d1:a1:f9:3c:b9:45:31:
a7:be:9b:f6:04:e4:5f:3d:27:6c:5f:f0:11:3b:2f:
37:98:73:98:ed:e1:9f:0f:f3:8f:9a:7a:f0:f7:e7:
98:6c:8e:9a:f3:a3:d3:07:be:7c:7f:e2:cb:1f:3d:
a4:45:68:5a:68:ec:b7:3b:af:fc:b6:fb:29:6f:3b:
1f:4f:3a:08:5f:1b:37:5b:df:9f:fb:10:08:08:19:
2b:5c:a9:62:80:a2:d8:d2:41:05:42:5a:44:8f:46:
bb:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:FD:7B:91:41:D5:14:38:5D:4E:A3:D9:FB:5E:A9:9A:83:24:7C:0A
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/x_17kUHVFDhdTqPZ-16pmoMkfAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.246.4.0/24
109.160.118.0/24
212.70.130.0-212.70.135.255
Signature Algorithm: sha256WithRSAEncryption
82:40:98:b2:cd:c9:8e:16:e6:71:08:92:e3:b4:51:49:ce:11:
9a:94:b2:cf:a3:ba:08:af:9c:d1:31:c7:9e:20:e4:60:90:e4:
94:55:a0:b5:09:39:dc:9f:2a:17:7a:07:eb:d8:de:ea:ae:12:
7e:16:1f:88:02:8a:1f:c5:b8:e9:0f:3f:8a:67:25:05:4c:8d:
47:54:aa:78:c7:6e:9c:38:a7:85:71:96:a8:07:ea:96:f5:77:
26:2c:f8:ca:7a:4d:ec:24:9a:8c:de:00:f7:d9:a7:b5:26:23:
5c:6b:fd:a3:be:27:dd:a8:02:22:bc:9b:5f:12:b6:25:4e:c8:
75:f1:16:06:4e:cb:f9:8c:07:cf:92:58:2a:c2:40:1d:d4:4b:
f1:ef:ab:43:b4:94:4a:32:86:f8:a3:c0:12:89:09:8e:08:ad:
3f:b3:62:58:0d:e8:9c:08:98:99:0f:79:55:79:f3:e1:27:4e:
3b:5f:7d:8b:38:53:aa:6b:f3:30:66:4a:90:4f:f2:4b:5a:44:
b8:67:17:04:a7:fb:d8:2f:60:7a:70:80:21:5c:18:f2:6f:1e:
5b:13:26:14:13:da:58:8d:fb:ed:49:c6:c2:6f:1a:9a:75:10:
0d:fd:33:9e:f6:0a:3f:ba:15:38:3b:aa:96:d2:e5:17:9d:9f:
b8:d2:05:fb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYSpTPHJMrj9R1unsns7gLqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjIxMTI0MTEwMTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ZkN2I5MTQxZDUxNDM4NWQ0ZWEzZDlmYjVlYTk5YTgzMjQ3YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvKkN/ZejkHEwej78OeoDOh+hwxw
J7jBdQZqfXxvAXEVBBCH4V9hpaSInjORn7ljYDfF+yplcuimnUL97bODRRESiB6P
Uh8CWA379KkvU3Sk9lxURaPfgFmFiwo3yvSMgo5kZFbvk+vkh8FwAJHHuQgB5XWZ
kMLdoth1LuR42owFfj4IuhZaG1PgfCQGxLUKy1b7pMXaOH4vxl1iBNGh+Ty5RTGn
vpv2BORfPSdsX/AROy83mHOY7eGfD/OPmnrw9+eYbI6a86PTB758f+LLHz2kRWha
aOy3O6/8tvspbzsfTzoIXxs3W9+f+xAICBkrXKligKLY0kEFQlpEj0a7sQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMf9e5FB1RQ4XU6j2fteqZqDJHwKMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEveF8xN2tVSFZGRGhkVHFQWi0xNnBtb01rZkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAV/YEAwQA
baB2MAwDBAHURoIDBAPURoAwDQYJKoZIhvcNAQELBQADggEBAIJAmLLNyY4W5nEI
kuO0UUnOEZqUss+jugivnNExx54g5GCQ5JRVoLUJOdyfKhd6B+vY3uquEn4WH4gC
ih/FuOkPP4pnJQVMjUdUqnjHbpw4p4VxlqgH6pb1dyYs+Mp6TewkmozeAPfZp7Um
I1xr/aO+J92oAiK8m18StiVOyHXxFgZOy/mMB8+SWCrCQB3US/Hvq0O0lEoyhvij
wBKJCY4IrT+zYlgN6JwImJkPeVV58+EnTjtffYs4U6pr8zBmSpBP8ktaRLhnFwSn
+9gvYHpwgCFcGPJvHlsTJhQT2liN++1JxsJvGpp1EA39M572Cj+6FTg7qpbS5Red
n7jSBfs=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:52 2025 by rpki-client