Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/KQeui9uPCRfdQdqDxvD0_7s4ve4.roa
File: KQeui9uPCRfdQdqDxvD0_7s4ve4.roa (raw, json)
Hash identifier: H7uTn6l6t4w22SL7rd9va8V+d30i3gl8eUtzPKOtAX0=
Subject key identifier: 29:07:AE:8B:DB:8F:09:17:DD:41:DA:83:C6:F0:F4:FF:BB:38:BD:EE
Certificate issuer: /CN=f6a1722e8baddc358a15874265b466743e703656
Certificate serial: 01856D663861BA7D3E56BDCF170CBFA7F01F
Authority key identifier: F6:A1:72:2E:8B:AD:DC:35:8A:15:87:42:65:B4:66:74:3E:70:36:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9qFyLout3DWKFYdCZbRmdD5wNlY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/KQeui9uPCRfdQdqDxvD0_7s4ve4.roa
Signing time: Sun 01 Jan 2023 12:54:53 +0000
ROA not before: Sun 01 Jan 2023 12:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206217
IP address blocks: 146.66.128.0/24 maxlen: 24
146.66.128.0/21 maxlen: 21
185.110.230.0/24 maxlen: 24
185.110.231.0/24 maxlen: 24
185.110.228.0/23 maxlen: 23
185.110.228.0/22 maxlen: 22
185.110.228.0/24 maxlen: 24
185.110.230.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:66:38:61:ba:7d:3e:56:bd:cf:17:0c:bf:a7:f0:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f6a1722e8baddc358a15874265b466743e703656
Validity
Not Before: Jan 1 12:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2907ae8bdb8f0917dd41da83c6f0f4ffbb38bdee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:d2:de:41:a7:b1:25:05:75:ed:27:36:82:f8:
06:4a:57:98:e1:dd:3c:12:7e:00:8c:65:78:01:e6:
e5:37:79:7f:42:7f:aa:f5:a7:9d:d7:d7:a7:29:b6:
4c:ab:ac:bc:f3:4b:e3:bb:33:e6:88:46:60:16:27:
ff:71:16:44:67:b2:a5:c2:7f:54:e1:63:ed:56:08:
e9:22:97:92:ec:ad:53:d9:26:21:08:cc:71:7a:27:
0d:29:8d:9e:3d:5b:d1:91:6c:5b:01:5e:35:2d:9d:
83:a4:51:29:33:ed:8b:cf:79:0b:7c:05:59:7a:c9:
75:5b:c5:f4:67:9e:95:89:88:47:45:d4:45:d1:b5:
a8:02:f2:2e:a2:c9:f2:ec:8d:4c:5f:f8:45:6a:01:
dc:c4:fc:71:d7:13:50:d6:67:a4:5c:89:ea:ea:14:
62:5b:73:68:0f:29:cc:17:02:19:9c:a0:66:1a:5b:
35:f7:17:c4:30:f2:50:5d:01:cc:78:07:52:cc:8a:
ad:b7:fa:cb:7e:7b:6a:29:4a:aa:12:d8:bf:b7:07:
6e:36:31:2f:a1:21:d9:3b:7e:02:43:3d:bd:fb:53:
d3:81:b5:73:82:51:35:ca:14:14:14:12:01:f3:44:
7e:f0:11:e4:b9:33:c6:4c:62:44:9d:7c:2f:5f:cd:
0c:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:07:AE:8B:DB:8F:09:17:DD:41:DA:83:C6:F0:F4:FF:BB:38:BD:EE
X509v3 Authority Key Identifier:
keyid:F6:A1:72:2E:8B:AD:DC:35:8A:15:87:42:65:B4:66:74:3E:70:36:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qFyLout3DWKFYdCZbRmdD5wNlY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/KQeui9uPCRfdQdqDxvD0_7s4ve4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9ccf72-f2df-45b6-937b-6e079069b65b/1/9qFyLout3DWKFYdCZbRmdD5wNlY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.66.128.0/21
185.110.228.0/22
Signature Algorithm: sha256WithRSAEncryption
11:f4:e2:3f:e8:03:71:ab:a0:a3:b9:3d:b8:64:ec:8e:58:74:
ec:51:0a:b9:6e:9d:18:5b:e9:48:3c:e2:f2:34:be:48:4f:4e:
20:e7:93:d8:c3:2a:64:a5:1e:b7:e2:03:05:ef:a7:3e:db:fe:
f4:c3:1d:b7:30:14:82:75:93:6a:95:55:d9:ba:e8:83:53:e9:
d3:66:5e:41:82:f6:ee:6b:1a:f5:b4:70:82:db:35:59:62:95:
cf:f5:19:7a:4f:5c:8d:4c:56:2c:23:a6:fe:c5:d7:01:b1:0f:
01:d1:1f:cd:3f:8d:12:fd:c3:c3:db:b9:83:87:3b:b6:aa:95:
8b:79:88:5b:b9:23:5b:6c:f9:9f:cc:83:4a:04:6c:ce:38:7a:
03:95:73:6a:70:e1:48:5f:df:ba:b6:fc:93:f1:32:55:dd:ca:
2f:87:3e:db:62:22:db:ac:d2:35:ca:93:d6:d5:e1:93:d7:5f:
7f:7c:89:f2:a3:c8:ac:ba:03:29:65:fb:83:0a:e2:7c:49:b3:
db:7a:a6:18:22:bd:15:36:d9:fd:5b:0c:9b:6e:73:5d:4b:82:
d6:09:a6:56:a4:53:ad:eb:e2:a9:74:e9:9f:99:6e:b3:b6:bf:
fe:a4:59:9c:37:08:df:fa:2b:36:2f:d1:ca:74:f2:c5:d2:2b:
cc:76:67:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtZjhhun0+Vr3PFwy/p/AfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YTE3MjJlOGJhZGRjMzU4YTE1ODc0MjY1YjQ2Njc0M2U3
MDM2NTYwHhcNMjMwMTAxMTI1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA3YWU4YmRiOGYwOTE3ZGQ0MWRhODNjNmYwZjRmZmJiMzhiZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndLeQaexJQV17Sc2gvgGSleY4d08
En4AjGV4AeblN3l/Qn+q9aed19enKbZMq6y880vjuzPmiEZgFif/cRZEZ7Klwn9U
4WPtVgjpIpeS7K1T2SYhCMxxeicNKY2ePVvRkWxbAV41LZ2DpFEpM+2Lz3kLfAVZ
esl1W8X0Z56ViYhHRdRF0bWoAvIuosny7I1MX/hFagHcxPxx1xNQ1mekXInq6hRi
W3NoDynMFwIZnKBmGls19xfEMPJQXQHMeAdSzIqtt/rLfntqKUqqEti/twduNjEv
oSHZO34CQz29+1PTgbVzglE1yhQUFBIB80R+8BHkuTPGTGJEnXwvX80MXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCkHrovbjwkX3UHag8bw9P+7OL3uMB8GA1UdIwQY
MBaAFPahci6Lrdw1ihWHQmW0ZnQ+cDZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXFGeUxvdXQzRFdLRllkQ1piUm1kRDV3TmxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy85Y2NmNzItZjJkZi00NWI2LTkzN2It
NmUwNzkwNjliNjViLzEvS1FldWk5dVBDUmZkUWRxRHh2RDBfN3M0dmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy85Y2NmNzItZjJkZi00NWI2LTkzN2ItNmUwNzkwNjliNjVi
LzEvOXFGeUxvdXQzRFdLRllkQ1piUm1kRDV3TmxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkkKAAwQC
uW7kMA0GCSqGSIb3DQEBCwUAA4IBAQAR9OI/6ANxq6CjuT24ZOyOWHTsUQq5bp0Y
W+lIPOLyNL5IT04g55PYwypkpR634gMF76c+2/70wx23MBSCdZNqlVXZuuiDU+nT
Zl5Bgvbuaxr1tHCC2zVZYpXP9Rl6T1yNTFYsI6b+xdcBsQ8B0R/NP40S/cPD27mD
hzu2qpWLeYhbuSNbbPmfzINKBGzOOHoDlXNqcOFIX9+6tvyT8TJV3covhz7bYiLb
rNI1ypPW1eGT119/fInyo8isugMpZfuDCuJ8SbPbeqYYIr0VNtn9WwybbnNdS4LW
CaZWpFOt6+KpdOmfmW6ztr/+pFmcNwjf+is2L9HKdPLF0ivMdmc0
-----END CERTIFICATE-----
Generated at Mon Apr 28 04:24:13 2025 by rpki-client