Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/8jyfZ0FUDjmfaOhposBwVMK5zvk.roa
File: 8jyfZ0FUDjmfaOhposBwVMK5zvk.roa (raw, json)
Hash identifier: CdAwCVAuv+XLSUH3IcyAOTDS7x/sQ/uuclo8ArcRX7Y=
Subject key identifier: F2:3C:9F:67:41:54:0E:39:9F:68:E8:69:A2:C0:70:54:C2:B9:CE:F9
Certificate issuer: /CN=2841262acd62c90e68081a6f777375df2c3713c2
Certificate serial: 3843DCE4
Authority key identifier: 28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/8jyfZ0FUDjmfaOhposBwVMK5zvk.roa
Signing time: Sat 01 Jan 2022 03:59:15 +0000
ROA not before: Sat 01 Jan 2022 03:59:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 33869
IP address blocks: 217.113.128.0/20 maxlen: 20
194.116.138.0/23 maxlen: 23
194.114.148.0/22 maxlen: 22
194.150.206.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 943971556 (0x3843dce4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2841262acd62c90e68081a6f777375df2c3713c2
Validity
Not Before: Jan 1 03:59:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f23c9f6741540e399f68e869a2c07054c2b9cef9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:f0:27:55:b3:87:c7:d9:6b:9a:4b:87:0f:37:
be:06:df:d7:be:84:97:df:e4:b6:c1:57:43:cd:17:
43:3b:ba:bc:a2:d5:7d:c4:a1:83:e2:5f:5e:ab:8b:
e3:bf:04:51:ef:1c:78:af:30:65:7c:5d:33:9f:01:
a5:41:b0:d2:4c:2b:78:ac:47:7c:22:44:ee:94:8a:
5e:b5:a4:84:99:16:99:fc:6e:36:b7:e1:59:20:fe:
ef:25:16:61:52:da:ed:77:0f:fd:54:4b:89:40:14:
b3:2e:15:6e:40:99:b4:b2:c9:f1:71:39:b9:a6:84:
e1:76:13:b1:65:8b:be:e1:e6:2f:f4:b2:95:42:a9:
00:62:68:0f:6d:22:88:77:3e:e9:8e:30:48:8f:95:
9c:6f:1a:27:96:47:de:9e:cc:c9:8c:e4:a4:cf:7f:
15:f6:ec:f2:f6:54:cc:67:07:83:b4:55:fd:16:63:
8a:12:b7:b5:b7:da:9a:be:8a:22:6d:ae:a6:81:d3:
6e:60:26:7f:b4:00:0b:66:22:4a:de:4a:64:db:f3:
fa:af:2c:37:2e:3f:1e:2f:e9:a0:32:7c:75:2e:f9:
8a:64:7d:23:ef:50:87:35:57:f3:f2:f6:ca:e6:fc:
2a:94:2a:50:fc:6b:a5:10:43:1d:dd:38:97:22:d2:
2d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:3C:9F:67:41:54:0E:39:9F:68:E8:69:A2:C0:70:54:C2:B9:CE:F9
X509v3 Authority Key Identifier:
keyid:28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/8jyfZ0FUDjmfaOhposBwVMK5zvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.114.148.0/22
194.116.138.0/23
194.150.206.0/23
217.113.128.0/20
Signature Algorithm: sha256WithRSAEncryption
6a:16:c4:6a:25:9a:dc:24:cd:b8:27:de:87:91:45:fb:f2:f6:
6b:72:60:65:47:b5:c5:d1:76:44:55:cd:d8:2a:e6:4d:b3:d8:
51:63:09:de:29:83:75:6b:43:16:e6:57:1b:22:14:61:78:59:
ea:09:19:43:e1:77:62:34:73:51:80:f3:a5:d4:35:c0:d3:af:
5e:52:cf:64:e1:c7:a8:0f:33:9c:0e:d7:79:89:e4:cc:e5:2f:
67:ff:e4:df:74:bd:f2:3f:0c:3d:27:75:24:81:ab:f2:57:cb:
2d:83:51:78:61:18:8e:2e:12:17:c5:10:58:78:e3:b3:32:3f:
d6:12:ed:e8:1a:35:a9:31:8b:d5:65:d6:3f:b4:4a:b9:27:52:
5b:aa:5d:44:b5:15:d6:7a:0d:5d:a1:23:8b:00:78:1d:dc:10:
e9:85:85:1b:79:ee:6f:00:ce:66:3b:de:50:7e:c3:7b:3d:c2:
7b:90:54:88:9e:34:ba:f5:af:f7:9f:b9:7a:2f:48:22:5e:87:
86:ed:dd:83:77:4b:7a:01:79:5d:50:2f:ea:66:7d:ad:15:40:
54:3d:f3:fd:44:89:79:c2:e4:ee:04:75:5d:53:d5:2d:ef:41:
bc:54:6f:1c:cb:a8:ac:5c:75:55:8a:8e:25:fc:23:b7:1f:51:
fd:6c:4a:1d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEOEPc5DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ODQxMjYyYWNkNjJjOTBlNjgwODFhNmY3NzczNzVkZjJjMzcxM2MyMB4XDTIyMDEw
MTAzNTkxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjIzYzlmNjc0MTU0
MGUzOTlmNjhlODY5YTJjMDcwNTRjMmI5Y2VmOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN/wJ1Wzh8fZa5pLhw83vgbf176El9/ktsFXQ80XQzu6vKLV
fcShg+JfXquL478EUe8ceK8wZXxdM58BpUGw0kwreKxHfCJE7pSKXrWkhJkWmfxu
NrfhWSD+7yUWYVLa7XcP/VRLiUAUsy4VbkCZtLLJ8XE5uaaE4XYTsWWLvuHmL/Sy
lUKpAGJoD20iiHc+6Y4wSI+VnG8aJ5ZH3p7MyYzkpM9/Ffbs8vZUzGcHg7RV/RZj
ihK3tbfamr6KIm2upoHTbmAmf7QAC2YiSt5KZNvz+q8sNy4/Hi/poDJ8dS75imR9
I+9QhzVX8/L2yub8KpQqUPxrpRBDHd04lyLSLR8CAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBTyPJ9nQVQOOZ9o6GmiwHBUwrnO+TAfBgNVHSMEGDAWgBQoQSYqzWLJDmgI
Gm93c3XfLDcTwjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tFRW1LczFpeVE1b0NCcHZkM04xM3l3M0U4SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvMDMyMjc2LTI1ZGMtNGMzMC04YTdiLTk1YTMzZTEyYTNhZC8x
LzhqeWZaMEZVRGptZmFPaHBvc0J3Vk1LNXp2ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
MDMyMjc2LTI1ZGMtNGMzMC04YTdiLTk1YTMzZTEyYTNhZC8xL0tFRW1LczFpeVE1
b0NCcHZkM04xM3l3M0U4SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAsJylAMEAcJ0igMEAcKWzgMEBNlx
gDANBgkqhkiG9w0BAQsFAAOCAQEAahbEaiWa3CTNuCfeh5FF+/L2a3JgZUe1xdF2
RFXN2CrmTbPYUWMJ3imDdWtDFuZXGyIUYXhZ6gkZQ+F3YjRzUYDzpdQ1wNOvXlLP
ZOHHqA8znA7XeYnkzOUvZ//k33S98j8MPSd1JIGr8lfLLYNReGEYji4SF8UQWHjj
szI/1hLt6Bo1qTGL1WXWP7RKuSdSW6pdRLUV1noNXaEjiwB4HdwQ6YWFG3nubwDO
ZjveUH7Dez3Ce5BUiJ40uvWv95+5ei9IIl6Hhu3dg3dLegF5XVAv6mZ9rRVAVD3z
/USJecLk7gR1XVPVLe9BvFRvHMuorFx1VYqOJfwjtx9R/WxKHQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:31 2025 by rpki-client