Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/hOIPojZRNxFn0gcBr8AisjTkBE8.roa
File: hOIPojZRNxFn0gcBr8AisjTkBE8.roa (raw, json)
Hash identifier: erVW9kWhqrSro7SlVXzy5YDi6SAD1Ye+6CQpQHGYBoM=
Subject key identifier: 84:E2:0F:A2:36:51:37:11:67:D2:07:01:AF:C0:22:B2:34:E4:04:4F
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D119F7A766044C9D54DAE214173E7ACDC
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/hOIPojZRNxFn0gcBr8AisjTkBE8.roa
Signing time: Tue 16 Jan 2024 09:34:40 +0000
ROA not before: Tue 16 Jan 2024 09:34:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.128.0/17 maxlen: 17
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
91.84.96.0/19 maxlen: 19
91.84.0.0/18 maxlen: 18
194.46.32.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.64.0/19 maxlen: 19
91.85.0.0/17 maxlen: 17
91.85.0.0/16 maxlen: 16
91.85.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:11:9f:7a:76:60:44:c9:d5:4d:ae:21:41:73:e7:ac:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 16 09:34:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=84e20fa23651371167d20701afc022b234e4044f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f5:9b:aa:13:9c:64:8f:4c:fd:b3:41:f8:ec:
ce:a3:71:d3:03:20:4d:fc:0f:28:48:33:9b:5e:aa:
b6:63:99:da:f0:f3:c5:39:be:84:28:d4:91:24:3d:
c2:3d:22:21:34:dd:8c:4c:1c:27:98:79:e8:da:4e:
70:b0:07:59:97:bd:82:b5:f7:cb:35:60:30:bd:2b:
1e:0b:11:c0:b3:80:4a:e0:74:85:c4:b0:66:2a:e2:
da:cc:62:ee:b5:5f:40:c9:c2:42:f4:c6:8b:cb:e2:
54:44:a4:16:38:59:5c:ef:0e:d3:14:4b:60:2d:3c:
89:b7:e6:4c:c1:6b:ae:97:91:c2:38:08:22:cd:69:
69:37:b6:eb:e3:f0:4b:05:af:fb:e0:bf:fa:17:ba:
1d:14:86:40:52:65:4a:9d:ac:59:2d:ea:6a:89:d8:
20:d0:28:ed:5f:24:67:3a:17:ba:bc:a5:13:0c:fc:
73:f3:1f:9f:d5:e5:14:15:72:e2:55:f1:ea:ad:20:
a3:b4:1b:3f:48:8b:bf:d5:1d:0e:e3:9c:01:4b:ee:
0f:85:91:38:0e:2d:08:f2:94:59:fa:1c:fe:45:ce:
11:00:0c:85:73:cc:53:4d:16:cd:e4:a9:d4:16:47:
7e:c9:7c:c3:b2:c7:22:ef:3f:ec:7e:74:1c:cb:78:
0b:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:E2:0F:A2:36:51:37:11:67:D2:07:01:AF:C0:22:B2:34:E4:04:4F
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/hOIPojZRNxFn0gcBr8AisjTkBE8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/18
91.84.96.0-91.85.255.255
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
17:b9:57:d5:69:a0:6f:4b:29:88:e0:e3:0c:62:f6:59:fa:f2:
65:80:49:25:b1:92:92:36:69:9e:0b:a4:46:cd:46:04:3d:a9:
5f:5e:22:d0:6a:e1:42:48:54:a4:2b:34:55:9d:3b:3c:be:c6:
27:d1:8c:5f:ee:78:08:2a:36:93:52:5d:83:d5:03:0a:4c:21:
eb:c3:bc:94:c3:38:df:5d:cd:47:08:fe:e7:b1:1f:32:99:bd:
bb:c2:6f:ee:61:23:ff:ff:78:c2:64:8b:00:d6:66:32:cb:79:
21:a8:7b:3e:95:84:f4:03:e2:6a:f9:a8:b2:7c:4d:bc:70:03:
d8:79:db:aa:4f:24:46:54:f7:05:b1:07:dc:ba:cb:88:f3:66:
4e:af:78:ca:d6:de:87:70:fc:42:51:14:6d:8e:1e:4d:30:22:
cc:0f:2e:72:ed:34:e4:34:cf:1e:2a:48:be:5c:6a:4a:61:c6:
82:75:da:39:b1:75:98:e4:ec:10:56:dd:59:8b:ed:79:ba:e9:
06:f0:81:77:5d:9d:0c:94:d0:3e:ba:a7:3c:75:43:a5:88:19:
46:06:0c:61:75:4a:8c:85:78:c9:40:57:4e:c7:29:78:29:ec:
ac:98:31:eb:3a:8a:2f:6a:68:93:94:8f:20:4d:68:f3:14:40:
e1:c1:eb:1c
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAY0Rn3p2YETJ1U2uIUFz56zcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTE2MDkzNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGUyMGZhMjM2NTEzNzExNjdkMjA3MDFhZmMwMjJiMjM0ZTQwNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPWbqhOcZI9M/bNB+OzOo3HTAyBN
/A8oSDObXqq2Y5na8PPFOb6EKNSRJD3CPSIhNN2MTBwnmHno2k5wsAdZl72CtffL
NWAwvSseCxHAs4BK4HSFxLBmKuLazGLutV9AycJC9MaLy+JURKQWOFlc7w7TFEtg
LTyJt+ZMwWuul5HCOAgizWlpN7br4/BLBa/74L/6F7odFIZAUmVKnaxZLepqidgg
0CjtXyRnOhe6vKUTDPxz8x+f1eUUFXLiVfHqrSCjtBs/SIu/1R0O45wBS+4PhZE4
Di0I8pRZ+hz+Rc4RAAyFc8xTTRbN5KnUFkd+yXzDssci7z/sfnQcy3gLCwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFITiD6I2UTcRZ9IHAa/AIrI05ARPMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvaE9JUG9qWlJOeEZuMGdjQnI4QWlzalRrQkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1AwQGW1QAMAsD
BAVbVGADAwFbVDAMAwQFwi4gAwQFwi5AAwQF1GiAMAwDBATUbFADBALUbFgwDQYJ
KoZIhvcNAQELBQADggEBABe5V9VpoG9LKYjg4wxi9ln68mWASSWxkpI2aZ4LpEbN
RgQ9qV9eItBq4UJIVKQrNFWdOzy+xifRjF/ueAgqNpNSXYPVAwpMIevDvJTDON9d
zUcI/uexHzKZvbvCb+5hI///eMJkiwDWZjLLeSGoez6VhPQD4mr5qLJ8TbxwA9h5
26pPJEZU9wWxB9y6y4jzZk6veMrW3odw/EJRFG2OHk0wIswPLnLtNOQ0zx4qSL5c
akphxoJ12jmxdZjk7BBW3VmL7Xm66QbwgXddnQyU0D66pzx1Q6WIGUYGDGF1SoyF
eMlAV07HKXgp7KyYMes6ii9qaJOUjyBNaPMUQOHB6xw=
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:04:21 2025 by rpki-client