Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/jIOkaoukv7hDWRXGHYTiGAcaskM.roa
File: jIOkaoukv7hDWRXGHYTiGAcaskM.roa (raw, json)
Hash identifier: zhBLSwkOvHR4Qrq1dKun7XTW49lrmCSrIY/tBjw8m5E=
Subject key identifier: 8C:83:A4:6A:8B:A4:BF:B8:43:59:15:C6:1D:84:E2:18:07:1A:B2:43
Certificate issuer: /CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Certificate serial: 0182E96140BED97B5CDE0E49771C050836A4
Authority key identifier: 96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/jIOkaoukv7hDWRXGHYTiGAcaskM.roa
Signing time: Mon 29 Aug 2022 11:34:01 +0000
ROA not before: Mon 29 Aug 2022 11:34:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 40975
IP address blocks: 89.40.170.0/24 maxlen: 24
86.107.192.0/24 maxlen: 24
185.84.64.0/23 maxlen: 23
185.84.66.0/24 maxlen: 24
89.35.6.0/23 maxlen: 23
217.19.14.0/23 maxlen: 23
86.104.254.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:e9:61:40:be:d9:7b:5c:de:0e:49:77:1c:05:08:36:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Validity
Not Before: Aug 29 11:34:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8c83a46a8ba4bfb8435915c61d84e218071ab243
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:04:35:66:6c:6c:fa:c7:0d:6c:10:fc:ce:a1:
eb:fa:6e:25:8a:d2:72:57:af:c4:30:e8:6c:2a:34:
88:67:a4:6d:20:d5:b7:67:70:fe:79:af:e3:0f:bb:
8e:ea:4c:cf:c0:ec:0d:55:98:a4:14:5e:c8:9e:d9:
d6:c5:73:d7:2f:0c:5e:46:d3:61:fb:ef:32:22:95:
17:ba:6b:f4:f3:3d:04:ec:c4:7e:4e:cb:e7:d7:5a:
ea:9f:51:d7:b8:1b:ac:cd:ff:50:a5:1f:11:c7:a5:
29:1c:47:25:6d:d3:4c:ec:ed:8c:dc:07:62:fc:b5:
67:cf:6f:e8:44:c7:76:e6:3e:b3:58:91:3c:37:63:
c0:46:9a:0a:76:e1:1d:aa:c3:77:f2:56:6e:a9:ae:
b3:db:df:41:55:4a:47:a9:2e:e5:a2:c6:10:1f:2b:
11:45:4f:f3:5a:39:9b:2b:1d:92:0f:6e:9a:ed:5c:
08:a1:93:69:0f:48:85:7d:7b:65:fe:b1:30:1a:34:
3c:2e:7d:86:7e:2e:e1:87:b2:90:a8:ab:bc:52:29:
37:e0:75:6d:44:58:61:1f:18:34:a3:de:e6:86:9f:
1a:20:6c:30:bb:8a:ae:14:de:47:f4:8d:f7:4e:90:
27:11:44:7c:e8:13:56:bc:85:9a:e9:c6:56:13:9d:
49:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:83:A4:6A:8B:A4:BF:B8:43:59:15:C6:1D:84:E2:18:07:1A:B2:43
X509v3 Authority Key Identifier:
keyid:96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/jIOkaoukv7hDWRXGHYTiGAcaskM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.254.0/23
86.107.192.0/24
89.35.6.0/23
89.40.170.0/24
185.84.64.0-185.84.66.255
217.19.14.0/23
Signature Algorithm: sha256WithRSAEncryption
7d:e2:5c:35:ea:c2:cc:cf:0f:67:fe:e4:c6:f9:50:3f:a5:c0:
75:d2:ef:dc:a3:03:75:9a:01:eb:84:94:22:ea:a3:a4:6f:33:
a5:2a:6a:0d:81:f8:be:ea:00:e6:66:45:6e:47:5e:f5:73:3b:
f6:66:36:00:b5:ae:09:bc:2b:5f:1e:9b:c7:67:e7:1d:2a:2f:
5b:a7:16:1a:71:a7:e8:99:a7:1b:dc:09:eb:60:f5:98:1e:14:
08:f8:f4:02:4d:6c:6a:a2:5f:3f:45:12:da:87:fc:f2:65:66:
0f:dc:7f:61:da:60:62:96:98:7c:3f:2e:98:4a:26:f8:88:96:
60:d1:a3:82:db:1d:65:d4:b4:cd:b2:83:6b:28:05:65:13:4d:
69:a3:37:5c:a9:33:f2:c5:4f:be:a5:42:c3:87:a4:91:6a:0d:
6b:f6:e8:16:5c:50:53:70:82:4c:f0:16:07:27:c7:69:f0:ac:
69:ad:80:2b:04:4c:4a:56:a2:a5:24:7d:cf:c2:d3:12:2f:60:
06:2d:38:bb:d5:2a:03:ee:b4:75:ab:f6:b8:fe:e1:47:2b:1f:
f2:aa:c1:be:f8:3f:fc:1f:b0:bc:62:30:8a:c0:d9:36:48:9b:
23:3d:08:1e:e0:5f:a5:57:35:13:c0:94:6b:29:9b:05:fe:a8:
a5:73:b0:56
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYLpYUC+2Xtc3g5JdxwFCDakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmFlMzQ2MzkzOGIyNmY4M2I3NmYwYzRkZjgxZGZhYmIx
NWE0ZWIwHhcNMjIwODI5MTEzNDAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzgzYTQ2YThiYTRiZmI4NDM1OTE1YzYxZDg0ZTIxODA3MWFiMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAQ1Zmxs+scNbBD8zqHr+m4litJy
V6/EMOhsKjSIZ6RtINW3Z3D+ea/jD7uO6kzPwOwNVZikFF7IntnWxXPXLwxeRtNh
++8yIpUXumv08z0E7MR+Tsvn11rqn1HXuBuszf9QpR8Rx6UpHEclbdNM7O2M3Adi
/LVnz2/oRMd25j6zWJE8N2PARpoKduEdqsN38lZuqa6z299BVUpHqS7losYQHysR
RU/zWjmbKx2SD26a7VwIoZNpD0iFfXtl/rEwGjQ8Ln2Gfi7hh7KQqKu8Uik34HVt
RFhhHxg0o97mhp8aIGwwu4quFN5H9I33TpAnEUR86BNWvIWa6cZWE51JSQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFIyDpGqLpL+4Q1kVxh2E4hgHGrJDMB8GA1UdIwQY
MBaAFJYq40Y5OLJvg7dvDE34Hfq7FaTrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMt
OWVkZjBkMTdmYjkxLzEvaklPa2FvdWt2N2hEV1JYR0hZVGlHQWNhc2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMtOWVkZjBkMTdmYjkx
LzEvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBVmj+AwQA
VmvAAwQBWSMGAwQAWSiqMAwDBAa5VEADBAC5VEIDBAHZEw4wDQYJKoZIhvcNAQEL
BQADggEBAH3iXDXqwszPD2f+5Mb5UD+lwHXS79yjA3WaAeuElCLqo6RvM6Uqag2B
+L7qAOZmRW5HXvVzO/ZmNgC1rgm8K18em8dn5x0qL1unFhpxp+iZpxvcCetg9Zge
FAj49AJNbGqiXz9FEtqH/PJlZg/cf2HaYGKWmHw/LphKJviIlmDRo4LbHWXUtM2y
g2soBWUTTWmjN1ypM/LFT76lQsOHpJFqDWv26BZcUFNwgkzwFgcnx2nwrGmtgCsE
TEpWoqUkfc/C0xIvYAYtOLvVKgPutHWr9rj+4UcrH/Kqwb74P/wfsLxiMIrA2TZI
myM9CB7gX6VXNRPAlGspmwX+qKVzsFY=
-----END CERTIFICATE-----
Generated at Tue Mar 11 05:01:24 2025 by rpki-client