Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/3hxHWnEWQkmG8BuE05M6JMSHYe8.roa
File: 3hxHWnEWQkmG8BuE05M6JMSHYe8.roa (raw, json)
Hash identifier: JlZcQqXadMB2TsfKtRbxM9UQnUaFAcx4o36ZIJDlVbI=
Subject key identifier: DE:1C:47:5A:71:16:42:49:86:F0:1B:84:D3:93:3A:24:C4:87:61:EF
Certificate issuer: /CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
Certificate serial: 0193DA0CFA160E558AA16A147B877153B1B3
Authority key identifier: CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/3hxHWnEWQkmG8BuE05M6JMSHYe8.roa
Signing time: Wed 18 Dec 2024 13:55:03 +0000
ROA not before: Wed 18 Dec 2024 13:55:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48271
IP address blocks: 212.2.224.0/21 maxlen: 24
212.2.232.0/23 maxlen: 24
212.2.232.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:da:0c:fa:16:0e:55:8a:a1:6a:14:7b:87:71:53:b1:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
Validity
Not Before: Dec 18 13:55:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=de1c475a7116424986f01b84d3933a24c48761ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:17:3f:83:f2:c3:d0:90:56:37:b0:3c:6c:bd:
b7:a3:23:c1:b1:cd:b5:d1:08:e4:03:de:c1:74:f7:
85:d9:15:39:49:7b:4f:1e:c4:6b:32:0e:95:84:63:
17:52:09:05:ee:5b:e8:1d:8b:76:4c:9d:20:41:f0:
99:45:de:a2:33:9d:89:9b:78:a5:6e:e0:eb:93:6d:
24:6f:44:0a:1a:9d:2f:a5:e3:29:53:69:12:75:81:
ee:b2:ec:90:95:b7:55:9f:24:0e:fd:b7:10:da:5f:
7f:70:12:38:e1:bc:e8:00:cb:14:1f:fc:00:f7:4d:
7c:3b:4f:48:52:77:ba:a7:4f:08:e5:51:8d:0e:f5:
67:c4:8c:dd:99:c3:b3:10:1f:5a:50:f1:7d:56:ad:
db:60:21:93:be:eb:1d:ff:ba:0c:e4:08:c6:70:59:
5d:78:04:4b:c8:ab:60:de:f0:5d:8f:d3:df:b3:b9:
37:49:b0:b1:fc:c1:23:19:f1:20:ba:1f:38:30:ea:
64:e8:75:55:11:f2:0b:64:f2:c5:01:f0:29:4e:ac:
e9:03:99:3d:e1:71:24:d3:5a:eb:2b:21:ed:cc:14:
13:ef:9e:e4:86:27:4b:9c:f8:b6:e4:e0:33:37:8e:
17:b1:c2:32:af:ed:80:b8:ae:ee:24:63:45:09:4e:
de:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:1C:47:5A:71:16:42:49:86:F0:1B:84:D3:93:3A:24:C4:87:61:EF
X509v3 Authority Key Identifier:
keyid:CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/3hxHWnEWQkmG8BuE05M6JMSHYe8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/zfUae0xbJFgCkrjEqmqpwyVmVIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.2.224.0-212.2.233.255
Signature Algorithm: sha256WithRSAEncryption
6d:32:7f:21:a1:38:6b:83:a0:13:dd:d3:ac:27:a3:22:92:e6:
0e:47:6d:80:ce:89:8a:2a:a1:b8:0e:7b:12:85:fa:07:8d:21:
6e:f0:a7:5c:c4:6c:9b:c3:9a:cf:79:0c:c5:85:39:9e:21:69:
e6:5d:14:aa:38:cd:be:fe:1f:56:b3:3c:0b:06:4d:01:68:c9:
c1:65:41:7d:72:3c:0a:d7:b0:9f:ac:b9:75:38:60:ec:d3:c4:
b1:22:72:d7:ff:7e:6d:8c:3a:6e:a4:6b:82:fb:de:a9:e7:73:
1f:ba:7b:f0:b9:a7:1b:18:3d:2d:e4:65:3b:1d:3d:55:7c:42:
13:ca:b5:16:d2:ed:1b:7f:b6:30:39:ac:f4:57:5a:85:1f:a7:
5e:20:f1:77:be:ed:b7:0e:33:c2:58:c5:b1:ef:1e:8a:43:05:
bc:07:c6:d0:65:32:62:bf:52:7a:b8:c3:3a:35:02:d7:e7:d0:
3a:1b:c3:ce:50:74:88:b6:f2:62:4b:28:c7:6a:0f:90:5f:de:
c7:47:06:03:81:43:b4:75:c8:87:4d:1a:28:37:5a:10:d4:fd:
43:bc:28:aa:0f:f1:67:99:da:a9:54:da:ef:10:66:11:7c:a3:
44:a0:fc:3d:6b:74:74:8c:fa:a6:22:fd:ca:96:e3:ac:5d:e3:
6d:0b:49:51
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZPaDPoWDlWKoWoUe4dxU7GzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZjUxYTdiNGM1YjI0NTgwMjkyYjhjNGFhNmFhOWMzMjU2
NjU0ODAwHhcNMjQxMjE4MTM1NTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTFjNDc1YTcxMTY0MjQ5ODZmMDFiODRkMzkzM2EyNGM0ODc2MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xc/g/LD0JBWN7A8bL23oyPBsc21
0QjkA97BdPeF2RU5SXtPHsRrMg6VhGMXUgkF7lvoHYt2TJ0gQfCZRd6iM52Jm3il
buDrk20kb0QKGp0vpeMpU2kSdYHusuyQlbdVnyQO/bcQ2l9/cBI44bzoAMsUH/wA
9018O09IUne6p08I5VGNDvVnxIzdmcOzEB9aUPF9Vq3bYCGTvusd/7oM5AjGcFld
eARLyKtg3vBdj9Pfs7k3SbCx/MEjGfEguh84MOpk6HVVEfILZPLFAfApTqzpA5k9
4XEk01rrKyHtzBQT757khidLnPi25OAzN44XscIyr+2AuK7uJGNFCU7exwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN4cR1pxFkJJhvAbhNOTOiTEh2HvMB8GA1UdIwQY
MBaAFM31GntMWyRYApK4xKpqqcMlZlSAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemZVYWUweGJKRmdDa3JqRXFtcXB3eVZtVklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8yNzI5ODYtODhhOS00NzdjLWEyNzct
YTU1YjU4MGIwZWEzLzEvM2h4SFduRVdRa21HOEJ1RTA1TTZKTVNIWWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8yNzI5ODYtODhhOS00NzdjLWEyNzctYTU1YjU4MGIwZWEz
LzEvemZVYWUweGJKRmdDa3JqRXFtcXB3eVZtVklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXUAuAD
BAHUAugwDQYJKoZIhvcNAQELBQADggEBAG0yfyGhOGuDoBPd06wnoyKS5g5HbYDO
iYoqobgOexKF+geNIW7wp1zEbJvDms95DMWFOZ4haeZdFKo4zb7+H1azPAsGTQFo
ycFlQX1yPArXsJ+suXU4YOzTxLEictf/fm2MOm6ka4L73qnncx+6e/C5pxsYPS3k
ZTsdPVV8QhPKtRbS7Rt/tjA5rPRXWoUfp14g8Xe+7bcOM8JYxbHvHopDBbwHxtBl
MmK/Unq4wzo1Atfn0Dobw85QdIi28mJLKMdqD5Bf3sdHBgOBQ7R1yIdNGig3WhDU
/UO8KKoP8WeZ2qlU2u8QZhF8o0Sg/D1rdHSM+qYi/cqW46xd420LSVE=
-----END CERTIFICATE-----
Generated at Sun Apr 27 23:10:29 2025 by rpki-client