Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KHZtTfqW7715OB60GhXpPaS-uzs.roa
File: KHZtTfqW7715OB60GhXpPaS-uzs.roa (raw, json)
Hash identifier: aci3U3xx62B8fBDsvsfckw7x3/mA9zUOKlXh4pxTeMA=
Subject key identifier: 28:76:6D:4D:FA:96:EF:BD:79:38:1E:B4:1A:15:E9:3D:A4:BE:BB:3B
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 018815EC549DCF5D9EBDABC53A6B7EAE15CE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KHZtTfqW7715OB60GhXpPaS-uzs.roa
Signing time: Sat 13 May 2023 16:23:09 +0000
ROA not before: Sat 13 May 2023 16:23:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58057
IP address blocks: 194.50.94.0/24 maxlen: 24
194.50.92.0/24 maxlen: 24
193.163.85.0/24 maxlen: 24
193.163.86.0/24 maxlen: 24
139.28.96.0/22 maxlen: 24
45.131.184.0/22 maxlen: 24
77.81.50.0/23 maxlen: 24
185.232.117.0/24 maxlen: 24
45.136.136.0/22 maxlen: 24
94.177.122.0/24 maxlen: 24
85.202.203.0/24 maxlen: 24
45.12.68.0/22 maxlen: 24
31.42.183.0/24 maxlen: 24
2a0e:97c0:260::/44 maxlen: 44
2a04:ccc6::/32 maxlen: 48
2a0e:97c3:110::/44 maxlen: 48
2a0c:3b80::/32 maxlen: 48
2a04:ccc7::/32 maxlen: 48
2a04:ccc4::/32 maxlen: 48
2a0c:3b86::/32 maxlen: 48
2a0e:97c0:170::/48 maxlen: 48
2a0c:3b85::/32 maxlen: 48
2a0c:3b82::/32 maxlen: 48
2a0e:b107:21c0::/45 maxlen: 48
2a09:4c0::/29 maxlen: 64
2a10:cc45:130::/44 maxlen: 44
2a04:ccc2::/32 maxlen: 48
2a0c:3b83::/32 maxlen: 48
2a0e:97c0:1d0::/44 maxlen: 44
2a0e:b107:1165::/48 maxlen: 48
2a10:2f00:18d::/48 maxlen: 48
2a04:ccc1::/32 maxlen: 48
2a0e:97c1:200::/40 maxlen: 48
2a10:2f00:18f::/48 maxlen: 48
2a0e:b107:9f2::/48 maxlen: 48
2a0c:3b81::/32 maxlen: 48
2a10:cc40:250::/44 maxlen: 48
2a0f:e404:102::/48 maxlen: 48
2a0c:3b84::/32 maxlen: 48
2a04:ccc3::/32 maxlen: 48
2a0e:b107:1786::/48 maxlen: 48
2a0e:97c4:120::/44 maxlen: 48
2a0e:97c4:100::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:15:ec:54:9d:cf:5d:9e:bd:ab:c5:3a:6b:7e:ae:15:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: May 13 16:23:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28766d4dfa96efbd79381eb41a15e93da4bebb3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:60:4a:89:ba:84:fa:03:92:f5:3d:cb:38:da:
81:ac:47:e3:37:ae:23:1f:4f:2f:01:96:1e:ae:bb:
21:c4:5d:c3:8a:ec:f7:a0:16:ee:a0:2b:8e:2b:fb:
f0:b9:80:f6:eb:79:04:91:e9:d1:8e:d3:10:e8:d8:
3c:4b:8f:47:6b:38:09:3b:b7:1a:85:8e:02:6f:0e:
a4:3b:1f:72:b1:b6:19:b9:92:26:31:9f:6a:57:e6:
25:29:4f:f0:70:2a:da:76:c5:57:66:8d:9f:94:9a:
d4:a1:86:75:24:5b:b6:cd:34:53:53:02:30:51:22:
2e:f4:32:67:81:56:cf:08:c7:e6:80:61:2d:f3:96:
c6:92:85:5c:29:1c:cd:ca:58:72:ce:0b:70:d7:7d:
60:38:c1:dc:0a:50:3d:bb:30:66:e6:5e:02:78:27:
99:9e:09:21:d1:74:2d:b5:41:59:58:a3:3a:93:13:
69:18:89:c3:72:df:3a:df:71:57:22:33:97:c3:61:
4c:66:dd:07:1d:80:f2:c1:bf:08:37:cc:90:8d:ca:
5e:27:73:6a:f1:1b:4a:41:d4:ca:a7:42:94:f1:97:
c1:8b:41:a2:63:bf:38:f3:e4:14:18:da:6f:5b:2f:
29:42:c4:22:87:b4:9e:2a:56:65:42:d9:e9:d8:cf:
63:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:76:6D:4D:FA:96:EF:BD:79:38:1E:B4:1A:15:E9:3D:A4:BE:BB:3B
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KHZtTfqW7715OB60GhXpPaS-uzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.183.0/24
45.12.68.0/22
45.131.184.0/22
45.136.136.0/22
77.81.50.0/23
85.202.203.0/24
94.177.122.0/24
139.28.96.0/22
185.232.117.0/24
193.163.85.0-193.163.86.255
194.50.92.0/24
194.50.94.0/24
IPv6:
2a04:ccc1::-2a04:ccc4:ffff:ffff:ffff:ffff:ffff:ffff
2a04:ccc6::/31
2a09:4c0::/29
2a0c:3b80::-2a0c:3b86:ffff:ffff:ffff:ffff:ffff:ffff
2a0e:97c0:170::/48
2a0e:97c0:1d0::/44
2a0e:97c0:260::/44
2a0e:97c1:200::/40
2a0e:97c3:110::/44
2a0e:97c4:100::/44
2a0e:97c4:120::/44
2a0e:b107:9f2::/48
2a0e:b107:1165::/48
2a0e:b107:1786::/48
2a0e:b107:21c0::/45
2a0f:e404:102::/48
2a10:2f00:18d::/48
2a10:2f00:18f::/48
2a10:cc40:250::/44
2a10:cc45:130::/44
Signature Algorithm: sha256WithRSAEncryption
7b:cf:39:5f:e6:b4:fa:38:f3:3b:b7:d9:76:3a:5c:d4:a4:14:
c7:1c:37:0a:af:9b:e4:b0:9d:36:8e:46:56:42:13:d7:78:0c:
41:1e:a7:6a:a1:2e:d8:2f:a0:d1:eb:5b:e1:e5:14:50:0c:ec:
51:d7:13:b6:ae:49:b3:26:26:b9:56:e1:4d:d3:55:2b:98:72:
a7:6f:49:45:a0:b9:bf:db:5f:bd:ad:86:f9:8b:cd:0e:5f:15:
2c:04:66:0e:51:18:31:68:17:ed:fd:d0:9a:57:8c:3b:8b:bd:
a9:29:25:ad:b5:9e:68:cb:e1:71:be:07:c1:fc:50:41:da:af:
c7:35:f2:4d:41:d4:bf:43:32:a6:ac:bb:49:6b:dc:3c:f3:32:
3b:43:8c:eb:ea:c6:7f:54:ba:23:4b:69:de:a2:bb:ad:55:1f:
d4:45:4d:63:5f:a6:e7:33:d9:ce:be:c5:d7:c2:d7:82:91:5f:
a7:7c:fb:f4:32:47:a0:0f:bb:cb:65:f0:b9:d0:74:f1:17:b5:
4d:05:a4:a6:1b:82:6d:97:59:b6:42:dd:bc:35:3e:b1:8e:cf:
5c:92:53:91:21:cf:92:14:3f:22:73:ab:62:af:c0:a8:a1:c5:
87:88:88:e1:a2:9e:b3:56:06:1b:73:fa:a2:51:4f:6e:61:0a:
80:e5:0c:12
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgISAYgV7FSdz12evavFOmt+rhXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNTEzMTYyMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2NmQ0ZGZhOTZlZmJkNzkzODFlYjQxYTE1ZTkzZGE0YmViYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWBKibqE+gOS9T3LONqBrEfjN64j
H08vAZYerrshxF3Diuz3oBbuoCuOK/vwuYD263kEkenRjtMQ6Ng8S49HazgJO7ca
hY4Cbw6kOx9ysbYZuZImMZ9qV+YlKU/wcCradsVXZo2flJrUoYZ1JFu2zTRTUwIw
USIu9DJngVbPCMfmgGEt85bGkoVcKRzNylhyzgtw131gOMHcClA9uzBm5l4CeCeZ
ngkh0XQttUFZWKM6kxNpGInDct8633FXIjOXw2FMZt0HHYDywb8IN8yQjcpeJ3Nq
8RtKQdTKp0KU8ZfBi0GiY7848+QUGNpvWy8pQsQih7SeKlZlQtnp2M9jwwIDAQAB
o4IDIDCCAxwwHQYDVR0OBBYEFCh2bU36lu+9eTgetBoV6T2kvrs7MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS0hadFRmcVc3NzE1T0I2MEdoWHBQYVMtdXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNAYIKwYBBQUHAQcBAf8EggEjMIIBHzBWBAIAATBQAwQA
Hyq3AwQCLQxEAwQCLYO4AwQCLYiIAwQBTVEyAwQAVcrLAwQAXrF6AwQCixxgAwQA
ueh1MAwDBADBo1UDBADBo1YDBADCMlwDBADCMl4wgcQEAgACMIG9MA4DBQAqBMzB
AwUAKgTMxAMFASoEzMYDBQMqCQTAMA4DBQcqDDuAAwUAKgw7hgMHACoOl8ABcAMH
BCoOl8AB0AMHBCoOl8ACYAMGACoOl8ECAwcEKg6XwwEQAwcEKg6XxAEAAwcEKg6X
xAEgAwcAKg6xBwnyAwcAKg6xBxFlAwcAKg6xBxeGAwcDKg6xByHAAwcAKg/kBAEC
AwcAKhAvAAGNAwcAKhAvAAGPAwcEKhDMQAJQAwcEKhDMRQEwMA0GCSqGSIb3DQEB
CwUAA4IBAQB7zzlf5rT6OPM7t9l2OlzUpBTHHDcKr5vksJ02jkZWQhPXeAxBHqdq
oS7YL6DR61vh5RRQDOxR1xO2rkmzJia5VuFN01UrmHKnb0lFoLm/21+9rYb5i80O
XxUsBGYOURgxaBft/dCaV4w7i72pKSWttZ5oy+FxvgfB/FBB2q/HNfJNQdS/QzKm
rLtJa9w88zI7Q4zr6sZ/VLojS2neorutVR/URU1jX6bnM9nOvsXXwteCkV+nfPv0
MkegD7vLZfC50HTxF7VNBaSmG4Jtl1m2Qt28NT6xjs9cklORIc+SFD8ic6tir8Co
ocWHiIjhop6zVgYbc/qiUU9uYQqA5QwS
-----END CERTIFICATE-----
Generated at Fri May 16 08:15:21 2025 by rpki-client