Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/8yOFEG7kOjgQ8KVlBbEtTJIfZl8.roa
File: 8yOFEG7kOjgQ8KVlBbEtTJIfZl8.roa (raw, json)
Hash identifier: FSlHKw4vRUaP4vS6zlCqVYbU/btTfmKVypqyOwnce+I=
Subject key identifier: F3:23:85:10:6E:E4:3A:38:10:F0:A5:65:05:B1:2D:4C:92:1F:66:5F
Certificate issuer: /CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Certificate serial: 01856C1C8CF7CD43711A05BE2D6404CABD46
Authority key identifier: C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/8yOFEG7kOjgQ8KVlBbEtTJIfZl8.roa
Signing time: Sun 01 Jan 2023 06:54:48 +0000
ROA not before: Sun 01 Jan 2023 06:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41589
IP address blocks: 81.25.128.0/20 maxlen: 20
195.34.86.0/23 maxlen: 23
91.142.48.0/20 maxlen: 24
217.171.176.0/20 maxlen: 20
79.141.16.0/20 maxlen: 20
185.118.100.0/22 maxlen: 24
2a02:4d8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:1c:8c:f7:cd:43:71:1a:05:be:2d:64:04:ca:bd:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Validity
Not Before: Jan 1 06:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f32385106ee43a3810f0a56505b12d4c921f665f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:75:f9:a2:71:02:77:d0:2b:3e:1e:5a:6a:c4:
a7:bb:d5:db:1b:65:0d:20:c9:7c:8f:0d:ea:4e:dc:
2f:99:07:b6:83:a7:91:e5:9d:1e:ea:83:59:15:c2:
e1:fe:62:52:5c:50:35:23:ef:22:ce:bd:09:48:35:
4f:21:44:4d:25:3c:de:cb:20:96:71:53:70:bf:8d:
19:2b:84:c2:93:d5:3f:ba:3c:76:f1:3a:b6:ff:22:
1a:37:d4:2e:4c:34:d1:e7:ba:93:41:ac:8b:8b:47:
d7:c1:84:87:83:be:4f:4b:cb:6a:ad:23:52:c9:77:
b6:e8:0c:d5:3d:12:6b:09:1e:93:b1:d3:d5:33:e7:
d1:74:c1:14:e1:01:51:a6:23:3c:1c:fe:76:d3:4a:
45:e0:42:92:27:d2:88:cb:78:1f:66:eb:dc:b9:01:
1c:61:7b:01:f9:f0:a1:4d:eb:a3:d5:93:5b:d9:26:
9a:f2:1b:9a:c9:76:51:18:6a:84:72:06:5e:d5:c4:
10:53:aa:d7:13:0c:ae:70:5f:42:88:00:75:b4:cc:
ff:50:0c:89:44:a4:3c:3d:88:78:60:a9:80:79:12:
df:01:0f:98:6b:bc:1f:5b:99:18:23:89:7a:9a:4c:
4f:f1:f9:07:19:53:6d:eb:28:0e:52:17:a7:64:bf:
d6:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:23:85:10:6E:E4:3A:38:10:F0:A5:65:05:B1:2D:4C:92:1F:66:5F
X509v3 Authority Key Identifier:
keyid:C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/8yOFEG7kOjgQ8KVlBbEtTJIfZl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/xPiLXG5RFuUM8rW99D6HIPHYxg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.141.16.0/20
81.25.128.0/20
91.142.48.0/20
185.118.100.0/22
195.34.86.0/23
217.171.176.0/20
IPv6:
2a02:4d8::/32
Signature Algorithm: sha256WithRSAEncryption
1b:15:36:f5:51:7e:68:9f:ed:1b:c1:e3:a5:c3:c6:01:7c:b9:
e3:f7:97:7f:18:39:05:b4:7f:3f:21:98:ba:7f:79:37:d9:39:
6a:9b:f4:df:01:66:e7:63:56:4f:96:1e:9e:9a:b0:99:f3:ca:
ef:10:96:67:6b:9d:4e:85:39:75:48:d6:25:82:97:ab:c9:f0:
2a:11:46:4f:99:47:de:93:45:b2:8b:6b:af:08:52:ff:ee:ad:
16:e9:a2:4c:f6:ac:7b:41:33:3a:29:2d:c3:af:01:66:bd:cf:
5f:c0:e7:d1:2f:46:6b:72:83:39:df:e4:cb:94:d3:a9:52:e1:
5d:d0:8e:c9:a4:ce:d5:b0:75:ae:59:f9:98:47:13:8d:81:8a:
8d:b8:6c:b9:ed:c9:05:88:90:44:5d:09:66:7c:67:4e:57:87:
63:28:0c:b6:9c:07:fe:78:e8:2e:cd:32:f3:56:d8:75:9a:74:
77:e0:12:28:f9:a6:c7:ad:d3:85:0e:93:f3:a9:f3:3b:46:96:
d1:14:95:55:ef:32:64:0d:cd:4c:8f:72:22:87:df:98:8d:8d:
6b:08:1a:08:e4:3f:62:42:af:e4:0e:58:f1:c6:9d:f7:a1:27:
26:4f:d5:b5:28:6e:a3:74:fe:d9:bf:66:57:c6:11:5c:00:79:
be:a1:74:ae
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVsHIz3zUNxGgW+LWQEyr1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Zjg4YjVjNmU1MTE2ZTUwY2YyYjViZGY0M2U4NzIwZjFk
OGM2MGYwHhcNMjMwMTAxMDY1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzIzODUxMDZlZTQzYTM4MTBmMGE1NjUwNWIxMmQ0YzkyMWY2NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3X5onECd9ArPh5aasSnu9XbG2UN
IMl8jw3qTtwvmQe2g6eR5Z0e6oNZFcLh/mJSXFA1I+8izr0JSDVPIURNJTzeyyCW
cVNwv40ZK4TCk9U/ujx28Tq2/yIaN9QuTDTR57qTQayLi0fXwYSHg75PS8tqrSNS
yXe26AzVPRJrCR6TsdPVM+fRdMEU4QFRpiM8HP5200pF4EKSJ9KIy3gfZuvcuQEc
YXsB+fChTeuj1ZNb2Saa8huayXZRGGqEcgZe1cQQU6rXEwyucF9CiAB1tMz/UAyJ
RKQ8PYh4YKmAeRLfAQ+Ya7wfW5kYI4l6mkxP8fkHGVNt6ygOUhenZL/WJQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFPMjhRBu5Do4EPClZQWxLUySH2ZfMB8GA1UdIwQY
MBaAFMT4i1xuURblDPK1vfQ+hyDx2MYPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjct
MDczNjM5OTM4NDM3LzEvOHlPRkVHN2tPamdROEtWbEJiRXRUSklmWmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjctMDczNjM5OTM4NDM3
LzEveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQET40QAwQE
URmAAwQEW44wAwQCuXZkAwQBwyJWAwQE2auwMA0EAgACMAcDBQAqAgTYMA0GCSqG
SIb3DQEBCwUAA4IBAQAbFTb1UX5on+0bweOlw8YBfLnj95d/GDkFtH8/IZi6f3k3
2Tlqm/TfAWbnY1ZPlh6emrCZ88rvEJZna51OhTl1SNYlgperyfAqEUZPmUfek0Wy
i2uvCFL/7q0W6aJM9qx7QTM6KS3DrwFmvc9fwOfRL0ZrcoM53+TLlNOpUuFd0I7J
pM7VsHWuWfmYRxONgYqNuGy57ckFiJBEXQlmfGdOV4djKAy2nAf+eOguzTLzVth1
mnR34BIo+abHrdOFDpPzqfM7RpbRFJVV7zJkDc1Mj3Iih9+YjY1rCBoI5D9iQq/k
Dljxxp33oScmT9W1KG6jdP7Zv2ZXxhFcAHm+oXSu
-----END CERTIFICATE-----
Generated at Tue Apr 22 14:25:15 2025 by rpki-client