Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/cxGA-diRYErDEiu_WMFPLmwKxnk.roa
File: cxGA-diRYErDEiu_WMFPLmwKxnk.roa (raw, json)
Hash identifier: 33L8kgbxj+nZBxRsARgM1PDWg2whi0wmAAQq4iTOaiU=
Subject key identifier: 73:11:80:F9:D8:91:60:4A:C3:12:2B:BF:58:C1:4F:2E:6C:0A:C6:79
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 018EA4D103155A0CEA3A9AABF26D50A78E78
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/cxGA-diRYErDEiu_WMFPLmwKxnk.roa
Signing time: Wed 03 Apr 2024 16:35:44 +0000
ROA not before: Wed 03 Apr 2024 16:35:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9123
IP address blocks: 80.68.156.0/24 maxlen: 24
185.211.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a4:d1:03:15:5a:0c:ea:3a:9a:ab:f2:6d:50:a7:8e:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Apr 3 16:35:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=731180f9d891604ac3122bbf58c14f2e6c0ac679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:26:3d:29:65:15:16:4e:1a:b4:d3:a7:33:79:
df:4e:cd:63:1d:db:39:3a:a5:ad:56:d1:50:8f:6a:
01:6e:35:11:c2:35:88:18:1a:e7:05:fb:ec:4d:c1:
c9:b6:47:f0:ab:90:2e:01:77:94:1f:64:c3:6f:22:
11:f9:92:84:f4:20:9c:3e:95:42:d8:7a:9f:10:dc:
82:17:3b:cc:81:de:71:d5:37:4f:0f:83:7c:32:f6:
30:de:5b:a7:39:ae:8e:46:86:de:f5:81:3c:78:73:
5f:3f:4b:fe:4d:b8:c5:44:06:34:fb:e7:4a:a7:ed:
15:1b:62:14:4e:6d:1c:a0:0f:f3:8a:33:1e:f1:45:
9b:4d:4d:e9:4a:ce:2b:1e:25:99:38:2d:14:dc:01:
57:ae:e9:a5:5f:61:37:28:96:37:4c:7f:f8:35:d1:
19:ed:c1:4a:1c:64:b6:de:e1:f2:19:74:bb:3d:23:
b9:d1:76:05:8a:12:a6:35:bd:46:1d:97:ce:bd:44:
6a:3d:7b:cf:5c:7d:b0:2d:09:46:7b:4b:9d:68:e8:
43:d7:96:29:25:72:18:39:a4:51:b6:cf:94:63:09:
df:23:37:23:c3:a5:0f:25:90:bc:89:e1:c4:44:57:
35:66:83:98:78:14:fd:25:53:1e:dc:5c:44:ab:bf:
1b:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:11:80:F9:D8:91:60:4A:C3:12:2B:BF:58:C1:4F:2E:6C:0A:C6:79
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/cxGA-diRYErDEiu_WMFPLmwKxnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.68.156.0/24
185.211.170.0/24
Signature Algorithm: sha256WithRSAEncryption
37:17:fe:05:85:0b:58:5c:22:5d:39:8d:26:f6:c3:4f:ad:9c:
e9:97:7c:3a:d4:ba:49:91:39:18:82:b5:43:11:b1:c4:ce:59:
66:8c:4e:ee:0d:a0:0b:e5:aa:d0:39:53:81:a4:c2:f9:25:19:
8d:a5:22:00:53:f8:b1:76:0d:f4:bf:54:97:ee:f2:0f:e6:4d:
02:fa:08:6c:62:0b:c8:88:9a:95:3d:8e:1d:14:db:d0:1a:2c:
e2:e7:0c:e2:c2:33:a1:fe:40:0f:a0:f4:2e:4a:41:c8:17:39:
92:01:64:8c:42:6a:46:c4:f5:67:6f:63:e3:03:b8:98:d7:6f:
dc:55:06:30:1e:65:fb:d0:3f:36:6c:02:bf:7d:10:a3:3d:93:
80:a9:f4:d9:38:eb:b2:34:df:2c:7f:32:fd:29:5e:be:33:04:
17:b6:bb:de:b4:b4:ad:c7:6c:48:b2:61:03:aa:bf:77:58:e1:
4f:91:e0:14:6b:b2:6a:97:ec:a8:8c:cb:11:4b:f2:9a:56:68:
fa:88:77:90:4d:71:cc:1e:a0:59:f0:46:43:e3:e1:95:f8:e8:
17:12:01:a6:69:04:f9:97:5e:c8:00:fa:ef:78:11:b6:8c:bb:
a4:73:5f:2c:c7:75:fa:be:98:6d:1b:e9:b0:9a:7a:af:55:1d:
9e:6e:e5:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6k0QMVWgzqOpqr8m1Qp454MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwNDAzMTYzNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzExODBmOWQ4OTE2MDRhYzMxMjJiYmY1OGMxNGYyZTZjMGFjNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSY9KWUVFk4atNOnM3nfTs1jHds5
OqWtVtFQj2oBbjURwjWIGBrnBfvsTcHJtkfwq5AuAXeUH2TDbyIR+ZKE9CCcPpVC
2HqfENyCFzvMgd5x1TdPD4N8MvYw3lunOa6ORobe9YE8eHNfP0v+TbjFRAY0++dK
p+0VG2IUTm0coA/zijMe8UWbTU3pSs4rHiWZOC0U3AFXrumlX2E3KJY3TH/4NdEZ
7cFKHGS23uHyGXS7PSO50XYFihKmNb1GHZfOvURqPXvPXH2wLQlGe0udaOhD15Yp
JXIYOaRRts+UYwnfIzcjw6UPJZC8ieHERFc1ZoOYeBT9JVMe3FxEq78bswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHMRgPnYkWBKwxIrv1jBTy5sCsZ5MB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvY3hHQS1kaVJZRXJERWl1X1dNRlBMbXdLeG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEScAwQA
udOqMA0GCSqGSIb3DQEBCwUAA4IBAQA3F/4FhQtYXCJdOY0m9sNPrZzpl3w61LpJ
kTkYgrVDEbHEzllmjE7uDaAL5arQOVOBpML5JRmNpSIAU/ixdg30v1SX7vIP5k0C
+ghsYgvIiJqVPY4dFNvQGizi5wziwjOh/kAPoPQuSkHIFzmSAWSMQmpGxPVnb2Pj
A7iY12/cVQYwHmX70D82bAK/fRCjPZOAqfTZOOuyNN8sfzL9KV6+MwQXtrvetLSt
x2xIsmEDqr93WOFPkeAUa7Jql+yojMsRS/KaVmj6iHeQTXHMHqBZ8EZD4+GV+OgX
EgGmaQT5l17IAPrveBG2jLukc18sx3X6vphtG+mwmnqvVR2ebuUo
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:13:40 2025 by rpki-client