Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/KpxPjFFfQ1Blv0dbWcEzckfAO0g.roa
File: KpxPjFFfQ1Blv0dbWcEzckfAO0g.roa (raw, json)
Hash identifier: 4B8A6es/MQQ0VUdk+ffIDflwrZDYyEaI3zpSboFneLE=
Subject key identifier: 2A:9C:4F:8C:51:5F:43:50:65:BF:47:5B:59:C1:33:72:47:C0:3B:48
Certificate issuer: /CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Certificate serial: 01856FF0567EFDDBA0791DF3504F1A9DA1D1
Authority key identifier: 84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/KpxPjFFfQ1Blv0dbWcEzckfAO0g.roa
Signing time: Mon 02 Jan 2023 00:44:59 +0000
ROA not before: Mon 02 Jan 2023 00:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50627
IP address blocks: 46.227.152.0/21 maxlen: 22
178.20.32.0/21 maxlen: 22
5.42.144.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f0:56:7e:fd:db:a0:79:1d:f3:50:4f:1a:9d:a1:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Validity
Not Before: Jan 2 00:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a9c4f8c515f435065bf475b59c1337247c03b48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:53:72:6c:07:84:7a:66:61:5e:c1:e0:53:a5:
54:f7:4f:08:ce:11:6b:88:c1:c3:93:26:67:18:d0:
14:7d:7c:4f:ef:11:c6:7e:af:8b:4b:34:03:41:5e:
40:1e:5d:36:aa:84:92:58:91:a7:60:ae:17:8d:43:
c1:ad:04:64:d7:54:34:3e:e4:0a:1c:98:08:9d:0f:
4b:ba:2e:ef:95:1f:bb:e3:44:0e:87:0e:1e:b1:a1:
43:1d:ce:f6:03:78:2e:17:b3:ce:c2:af:8a:4a:e0:
e2:82:0c:3d:f4:68:88:c6:de:a4:39:e4:f1:8f:7c:
d7:61:34:99:a6:01:8f:ba:14:9e:63:b8:eb:c4:59:
ec:58:49:d8:ae:03:fe:46:27:ab:7b:76:e6:8d:d5:
90:d5:16:38:f8:18:2f:ac:8a:0e:b5:73:67:f5:58:
b8:86:23:c9:4b:5b:f9:e8:74:6d:a0:06:48:58:53:
f2:c6:64:87:19:b5:83:e3:87:b9:21:a7:e2:49:68:
f3:74:c2:a9:d9:33:d5:36:86:2e:b5:aa:1c:7a:d2:
76:26:fd:ea:06:53:d6:8b:f8:22:ae:e6:e1:1a:37:
2a:9c:29:60:6d:a2:f2:ac:b9:85:6a:cd:91:bb:38:
90:2b:fa:58:63:50:a1:1a:92:66:5b:4f:45:f7:5f:
29:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:9C:4F:8C:51:5F:43:50:65:BF:47:5B:59:C1:33:72:47:C0:3B:48
X509v3 Authority Key Identifier:
keyid:84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/KpxPjFFfQ1Blv0dbWcEzckfAO0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.144.0/21
46.227.152.0/21
178.20.32.0/21
Signature Algorithm: sha256WithRSAEncryption
bf:19:79:60:fb:fe:91:6a:10:bc:9a:b3:a8:98:96:03:a2:e5:
5f:3c:ec:aa:7f:ce:0f:f0:ae:08:22:19:74:4a:cc:ca:66:bc:
2d:57:b4:22:19:61:72:14:f5:8e:db:78:68:1c:90:d4:bd:1a:
8e:21:50:45:29:7f:d5:9f:f0:cf:c4:f4:55:2f:85:ef:6e:55:
dd:be:ef:c3:7f:9e:02:df:b5:ac:80:f9:c8:7e:4f:38:a6:03:
d9:84:59:16:82:63:5e:23:a2:52:13:4a:96:dd:6c:d4:01:17:
4b:cc:d8:c2:e7:11:b3:ca:5f:99:f5:26:c1:ad:ee:98:b0:07:
b6:47:bc:ca:a2:0f:00:ea:c6:1b:90:06:e6:6b:88:e4:2b:be:
9a:a7:20:12:89:32:3b:ae:a1:4f:c7:50:ec:18:a3:51:3f:3a:
dc:5d:a5:a3:d2:7b:df:b3:ad:bb:e0:ce:08:9b:44:e1:be:28:
68:7f:4e:c4:37:49:be:ec:71:ff:ac:69:bf:a9:d5:c6:3a:54:
e4:2b:e2:8f:4a:5b:df:34:73:98:26:18:87:b5:19:ec:e1:6a:
7f:fe:10:07:0c:6c:8c:7c:8d:93:1e:8e:80:a9:ff:6f:91:2d:
2c:a1:be:d4:a8:ca:be:55:4f:39:fb:0b:d5:cf:87:5f:b1:59:
14:e0:94:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVv8FZ+/dugeR3zUE8anaHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTRhY2EwMjBmYjJiZGM5M2E0NzI2NmU4N2VjNjdjZGM4
ODU3YzUwHhcNMjMwMTAyMDA0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTljNGY4YzUxNWY0MzUwNjViZjQ3NWI1OWMxMzM3MjQ3YzAzYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FNybAeEemZhXsHgU6VU908IzhFr
iMHDkyZnGNAUfXxP7xHGfq+LSzQDQV5AHl02qoSSWJGnYK4XjUPBrQRk11Q0PuQK
HJgInQ9Lui7vlR+740QOhw4esaFDHc72A3guF7POwq+KSuDiggw99GiIxt6kOeTx
j3zXYTSZpgGPuhSeY7jrxFnsWEnYrgP+Riere3bmjdWQ1RY4+BgvrIoOtXNn9Vi4
hiPJS1v56HRtoAZIWFPyxmSHGbWD44e5IafiSWjzdMKp2TPVNoYutaocetJ2Jv3q
BlPWi/girubhGjcqnClgbaLyrLmFas2RuziQK/pYY1ChGpJmW09F918pdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCqcT4xRX0NQZb9HW1nBM3JHwDtIMB8GA1UdIwQY
MBaAFISkrKAg+yvck6RyZuh+xnzciFfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUt
OWVmMzZkMjUxNTE3LzEvS3B4UGpGRmZRMUJsdjBkYldjRXpja2ZBTzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUtOWVmMzZkMjUxNTE3
LzEvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBSqQAwQD
LuOYAwQDshQgMA0GCSqGSIb3DQEBCwUAA4IBAQC/GXlg+/6RahC8mrOomJYDouVf
POyqf84P8K4IIhl0SszKZrwtV7QiGWFyFPWO23hoHJDUvRqOIVBFKX/Vn/DPxPRV
L4XvblXdvu/Df54C37WsgPnIfk84pgPZhFkWgmNeI6JSE0qW3WzUARdLzNjC5xGz
yl+Z9SbBre6YsAe2R7zKog8A6sYbkAbma4jkK76apyASiTI7rqFPx1DsGKNRPzrc
XaWj0nvfs6274M4Im0Thvihof07EN0m+7HH/rGm/qdXGOlTkK+KPSlvfNHOYJhiH
tRns4Wp//hAHDGyMfI2THo6Aqf9vkS0sob7UqMq+VU85+wvVz4dfsVkU4JQB
-----END CERTIFICATE-----
Generated at Sun Apr 27 17:40:06 2025 by rpki-client