Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/azYJIzVIA_25oLU5NJyj_c1XCAg.roa
File: azYJIzVIA_25oLU5NJyj_c1XCAg.roa (raw, json)
Hash identifier: mkrm/PtsHvXkdVDk6W2eEZocxYtgF7GBvnNVbWLDtkQ=
Subject key identifier: 6B:36:09:23:35:48:03:FD:B9:A0:B5:39:34:9C:A3:FD:CD:57:08:08
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0193260AEC2A7834D556943ABC3C306726D5
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/azYJIzVIA_25oLU5NJyj_c1XCAg.roa
Signing time: Wed 13 Nov 2024 15:01:10 +0000
ROA not before: Wed 13 Nov 2024 15:01:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.244.0/22 maxlen: 24
83.147.248.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
91.186.216.0/23 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:26:0a:ec:2a:78:34:d5:56:94:3a:bc:3c:30:67:26:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Nov 13 15:01:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6b360923354803fdb9a0b539349ca3fdcd570808
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:42:2a:a3:b5:af:57:3c:b4:82:fb:81:30:4e:
05:36:69:0a:39:0d:f5:19:8b:1e:fd:28:85:f0:d0:
ac:2c:23:1e:c7:62:0c:33:cc:48:4a:00:9e:2a:7b:
e4:2b:01:93:10:ee:3b:8f:0c:8c:7e:f8:4f:f3:b5:
62:5d:3d:0c:de:8c:86:c1:f0:fc:73:d0:d8:46:6f:
69:4d:c1:0a:e6:a1:34:96:8b:7e:be:ba:4c:2e:f5:
6b:84:9a:dd:8c:ee:9f:ab:1b:cd:71:29:01:b4:fd:
d7:be:37:d6:0b:f9:cd:78:24:66:68:48:f6:4e:b8:
18:6b:bd:21:a6:04:c1:94:6d:bf:13:04:28:d6:83:
a8:c5:90:ec:2f:4b:2c:b8:4d:08:8e:40:3e:11:0b:
84:ba:4e:14:fe:a1:b4:6f:96:ad:85:09:50:77:67:
48:31:67:b6:00:d6:3f:86:b7:2b:33:7f:17:27:d1:
dc:11:11:d1:5e:51:eb:4c:d7:d3:10:02:55:79:f0:
35:13:77:81:8c:9b:9d:f9:42:9f:8f:5c:b9:af:b8:
f3:ed:8f:a5:ad:cb:fd:d1:fa:92:82:66:e5:76:9c:
d1:42:17:ce:e4:29:70:a4:6a:04:14:0f:1d:c4:9c:
63:c9:e6:63:65:04:a1:41:60:95:7d:b1:38:1a:b1:
3b:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:36:09:23:35:48:03:FD:B9:A0:B5:39:34:9C:A3:FD:CD:57:08:08
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/azYJIzVIA_25oLU5NJyj_c1XCAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.244.0-83.147.251.255
91.186.200.0/21
91.186.216.0/23
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
31:05:b4:c8:c4:e3:44:c0:a7:49:0c:90:3c:3e:fe:0c:e6:b6:
79:72:62:01:e0:78:31:65:e2:11:f6:7b:e7:49:8f:b7:9c:8b:
00:ea:8a:9e:f2:f1:00:f6:d2:04:c8:56:9f:d4:9b:5d:a5:73:
07:f9:b8:5d:f6:ff:a3:a6:21:5c:46:dc:bb:3f:22:1c:be:33:
32:ab:b6:84:23:3d:1f:dd:9d:52:05:00:72:ee:30:fe:1a:da:
c9:58:f2:08:52:2d:e0:8f:f4:e9:3b:9e:20:7b:21:a4:08:0b:
db:e4:f7:f7:ad:8e:ce:0a:14:56:81:18:d5:56:51:63:d1:61:
f2:eb:1c:9e:94:08:60:59:30:de:74:6a:ec:7a:92:84:f7:3b:
e7:17:66:e5:6b:a2:2a:7f:ea:c8:cb:82:94:bb:c7:52:fb:a4:
fc:27:a8:1f:17:1e:b0:a8:1d:20:ed:cc:26:14:73:28:52:3f:
cc:76:bb:05:a9:1d:b7:b4:2b:b4:f4:43:e9:e8:ba:2a:e1:90:
90:53:5f:be:bb:62:d4:3a:89:98:f2:3c:57:8c:3e:e1:f3:bc:
8d:35:b9:37:18:56:28:3b:f5:3f:d4:e0:7b:f9:65:93:eb:dd:
de:9c:d7:c5:dd:11:87:85:90:3a:9a:cf:86:fc:14:53:08:e2:
9b:e4:61:dd
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZMmCuwqeDTVVpQ6vDwwZybVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMTEzMTUwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM2MDkyMzM1NDgwM2ZkYjlhMGI1MzkzNDljYTNmZGNkNTcwODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kIqo7WvVzy0gvuBME4FNmkKOQ31
GYse/SiF8NCsLCMex2IMM8xISgCeKnvkKwGTEO47jwyMfvhP87ViXT0M3oyGwfD8
c9DYRm9pTcEK5qE0lot+vrpMLvVrhJrdjO6fqxvNcSkBtP3XvjfWC/nNeCRmaEj2
TrgYa70hpgTBlG2/EwQo1oOoxZDsL0ssuE0IjkA+EQuEuk4U/qG0b5athQlQd2dI
MWe2ANY/hrcrM38XJ9HcERHRXlHrTNfTEAJVefA1E3eBjJud+UKfj1y5r7jz7Y+l
rcv90fqSgmbldpzRQhfO5ClwpGoEFA8dxJxjyeZjZQShQWCVfbE4GrE7VQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGs2CSM1SAP9uaC1OTSco/3NVwgIMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvYXpZSkl6VklBXzI1b0xVNU5KeWpfYzFYQ0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAJTk/QD
BAJTk/gDBANbusgDBAFbutgDBANe8agwDQYJKoZIhvcNAQELBQADggEBADEFtMjE
40TAp0kMkDw+/gzmtnlyYgHgeDFl4hH2e+dJj7eciwDqip7y8QD20gTIVp/Um12l
cwf5uF32/6OmIVxG3Ls/Ihy+MzKrtoQjPR/dnVIFAHLuMP4a2slY8ghSLeCP9Ok7
niB7IaQIC9vk9/etjs4KFFaBGNVWUWPRYfLrHJ6UCGBZMN50aux6koT3O+cXZuVr
oip/6sjLgpS7x1L7pPwnqB8XHrCoHSDtzCYUcyhSP8x2uwWpHbe0K7T0Q+nouirh
kJBTX767YtQ6iZjyPFeMPuHzvI01uTcYVig79T/U4Hv5ZZPr3d6c18XdEYeFkDqa
z4b8FFMI4pvkYd0=
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:25:15 2025 by rpki-client