Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa
File: i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa (raw, json)
Hash identifier: N1K82A1BY/XcX5l0F+p163HauvpP7QIg6iT5HWIU8uE=
Subject key identifier: 8B:9C:8E:1F:87:72:A8:5B:31:07:D9:88:DE:B2:3B:27:B0:CD:91:57
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018E9F1DA7041C7EFB78D9C1B8564A6A89C8
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa
Signing time: Tue 02 Apr 2024 14:01:44 +0000
ROA not before: Tue 02 Apr 2024 14:01:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 62.3.1.0/24 maxlen: 24
80.91.211.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9f:1d:a7:04:1c:7e:fb:78:d9:c1:b8:56:4a:6a:89:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Apr 2 14:01:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8b9c8e1f8772a85b3107d988deb23b27b0cd9157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:97:58:69:ea:0c:42:26:bf:69:41:bf:7a:8c:
84:47:70:7d:aa:f1:c3:27:c1:80:3a:03:a2:07:e8:
a3:42:50:b5:c5:95:b4:13:01:65:9d:a5:2a:46:40:
29:49:d3:36:71:9d:0a:0e:f5:d0:3c:44:bc:8d:da:
89:83:fa:dd:4a:fc:29:95:af:d5:ae:b8:ce:e5:c4:
5c:90:31:77:1b:04:02:63:76:98:fc:3a:57:a5:68:
70:3e:63:99:45:7e:55:77:92:7e:bb:1f:2a:6f:39:
ce:9b:0b:53:ff:5b:05:ae:93:b8:aa:d3:1f:8d:ea:
5c:a3:95:16:f2:44:ca:16:a1:d5:11:29:4c:c2:9a:
0c:6e:42:b7:05:b7:d2:2f:c2:cf:f9:66:b7:68:e3:
50:89:a0:6d:7e:83:2a:23:65:af:40:fa:ba:3d:dd:
9e:e8:b2:1b:74:bd:6d:45:8c:e6:23:e8:80:32:43:
27:62:2d:fc:33:b4:bc:15:95:e9:8a:e9:80:23:9f:
63:b4:f5:f5:6e:a5:3e:73:e2:71:e6:32:7f:d7:e3:
bf:53:46:03:ad:50:94:50:e0:a3:73:c4:3b:e4:77:
f3:be:33:ed:66:21:02:0d:d8:f5:01:49:a7:b1:68:
36:e8:f1:96:a6:17:98:df:72:50:68:3a:d8:03:8e:
39:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:9C:8E:1F:87:72:A8:5B:31:07:D9:88:DE:B2:3B:27:B0:CD:91:57
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/i5yOH4dyqFsxB9mI3rI7J7DNkVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.3.1.0/24
80.91.211.0/24
Signature Algorithm: sha256WithRSAEncryption
ca:f8:b0:33:73:0a:44:3c:13:02:59:dc:df:bd:1d:e6:c7:01:
18:22:14:b9:37:6b:60:cb:7a:71:51:32:6e:98:9a:bd:4a:6d:
9c:4a:57:a8:e4:c1:94:9b:21:7d:77:15:81:c3:f9:39:b8:2a:
a9:35:69:b0:68:20:be:9c:34:00:d3:a4:e1:b2:22:8e:68:8e:
0f:84:36:68:da:09:c2:ef:64:0e:15:dd:4a:c1:d4:2d:c7:cd:
53:9a:34:c4:64:93:5f:8f:0f:f5:db:19:7c:86:d5:c1:c3:84:
b5:5f:41:a1:97:3e:02:7a:40:28:a5:bc:3f:02:5f:bb:16:a0:
a5:2c:59:44:90:2f:3a:30:fb:65:ee:17:4d:23:89:ff:37:a7:
b9:a4:72:90:b0:a3:29:e9:22:f1:07:18:13:aa:6d:a7:de:6f:
aa:86:84:d9:04:33:a4:26:04:4d:0f:a4:23:6e:cd:f4:83:ac:
62:28:b1:92:57:91:30:97:62:2b:2b:2c:ac:3e:6a:31:4b:98:
9b:49:12:1c:57:db:79:a0:2f:fb:e7:30:5a:d6:eb:fb:43:e1:
35:0d:4b:7e:b9:53:5c:58:fd:98:3d:8b:d3:97:48:87:39:49:
bd:00:33:06:c6:77:80:54:26:f9:9a:c3:d1:a4:ba:20:4c:98:
45:3d:31:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6fHacEHH77eNnBuFZKaonIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjljOGUxZjg3NzJhODViMzEwN2Q5ODhkZWIyM2IyN2IwY2Q5MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZdYaeoMQia/aUG/eoyER3B9qvHD
J8GAOgOiB+ijQlC1xZW0EwFlnaUqRkApSdM2cZ0KDvXQPES8jdqJg/rdSvwpla/V
rrjO5cRckDF3GwQCY3aY/DpXpWhwPmOZRX5Vd5J+ux8qbznOmwtT/1sFrpO4qtMf
jepco5UW8kTKFqHVESlMwpoMbkK3BbfSL8LP+Wa3aONQiaBtfoMqI2WvQPq6Pd2e
6LIbdL1tRYzmI+iAMkMnYi38M7S8FZXpiumAI59jtPX1bqU+c+Jx5jJ/1+O/U0YD
rVCUUOCjc8Q75HfzvjPtZiECDdj1AUmnsWg26PGWpheY33JQaDrYA445SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIucjh+HcqhbMQfZiN6yOyewzZFXMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvaTV5T0g0ZHlxRnN4QjltSTNySTdKN0ROa1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPgMBAwQA
UFvTMA0GCSqGSIb3DQEBCwUAA4IBAQDK+LAzcwpEPBMCWdzfvR3mxwEYIhS5N2tg
y3pxUTJumJq9Sm2cSleo5MGUmyF9dxWBw/k5uCqpNWmwaCC+nDQA06ThsiKOaI4P
hDZo2gnC72QOFd1KwdQtx81TmjTEZJNfjw/12xl8htXBw4S1X0Ghlz4CekAopbw/
Al+7FqClLFlEkC86MPtl7hdNI4n/N6e5pHKQsKMp6SLxBxgTqm2n3m+qhoTZBDOk
JgRND6Qjbs30g6xiKLGSV5Ewl2IrKyysPmoxS5ibSRIcV9t5oC/75zBa1uv7Q+E1
DUt+uVNcWP2YPYvTl0iHOUm9ADMGxneAVCb5msPRpLogTJhFPTFy
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:25:16 2025 by rpki-client