Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/JMUfVqJbKUSt8onFU0cDRBh_D8g.roa
File: JMUfVqJbKUSt8onFU0cDRBh_D8g.roa (raw, json)
Hash identifier: eSIQv9FTY9ZipDyzprpSv8r9hRzfcFiKhPuLa3NIJOc=
Subject key identifier: 24:C5:1F:56:A2:5B:29:44:AD:F2:89:C5:53:47:03:44:18:7F:0F:C8
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 018B04934B6572104EAF549868C991C54798
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/JMUfVqJbKUSt8onFU0cDRBh_D8g.roa
Signing time: Fri 06 Oct 2023 10:40:43 +0000
ROA not before: Fri 06 Oct 2023 10:40:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 82.206.32.0/19 maxlen: 19
217.173.128.0/19 maxlen: 23
217.140.72.0/21 maxlen: 21
82.206.0.0/19 maxlen: 24
217.140.80.0/21 maxlen: 21
217.140.88.0/21 maxlen: 21
2001:4b88::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:04:93:4b:65:72:10:4e:af:54:98:68:c9:91:c5:47:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Oct 6 10:40:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=24c51f56a25b2944adf289c553470344187f0fc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:2d:7c:e7:6a:19:2a:96:22:70:6a:32:5f:ac:
29:2f:8c:7e:2f:61:2a:bc:a4:0d:80:d3:e4:61:57:
9c:e0:5d:63:9e:fc:f9:74:9b:c4:11:0d:07:63:07:
e7:71:e2:94:13:30:e4:d9:d9:a7:42:75:6c:6e:e6:
66:12:03:a6:4b:db:42:d5:c2:21:fb:ce:c4:e6:f7:
b3:4a:45:fa:bc:5e:59:fe:2f:9b:31:7b:5c:d5:94:
a6:24:95:06:38:f0:91:7c:93:19:9f:a0:99:b7:a7:
75:a6:49:92:bf:75:1a:43:b2:3f:2a:85:10:81:df:
6f:9a:07:75:38:9c:de:71:87:65:81:9f:ec:b4:7d:
62:6b:1d:0a:c1:bf:74:63:7f:6d:7e:8b:d8:ae:f3:
e2:31:9d:56:9f:7c:30:e4:3f:b5:15:be:f6:b7:4f:
9c:32:74:c3:c1:d3:71:a8:f5:ac:1d:40:90:8c:6c:
05:ef:cb:5c:f5:42:45:4b:cc:9a:bb:22:da:3f:fc:
ca:24:ec:16:de:ff:d8:5d:56:15:a9:ff:54:2f:20:
06:90:bd:7e:b2:3f:50:43:4d:89:95:38:57:11:de:
fd:ab:67:c2:38:ba:2d:2f:6b:af:28:9e:9c:aa:d7:
c7:c5:9f:f7:61:14:41:e6:4f:10:d2:fa:50:3b:39:
08:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:C5:1F:56:A2:5B:29:44:AD:F2:89:C5:53:47:03:44:18:7F:0F:C8
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/JMUfVqJbKUSt8onFU0cDRBh_D8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.0.0/18
217.140.72.0-217.140.95.255
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
98:ba:3c:44:7e:bc:c9:22:e0:14:68:84:8b:47:43:5e:b5:d6:
5a:24:e8:f7:f8:9e:20:43:07:95:2a:f6:c1:13:8b:af:cf:8c:
1a:6f:6f:22:3b:08:79:04:09:76:b8:af:1a:91:3e:f9:04:ef:
d3:34:cb:51:70:4e:eb:45:73:fd:88:f4:23:ef:07:4f:3b:f2:
21:6e:8d:b0:95:d8:0c:32:85:f3:80:06:2d:c8:5a:b6:8b:fa:
e5:b4:87:72:94:99:7e:41:a7:f9:bd:6b:92:7c:40:3e:9c:6c:
0f:38:13:3f:7c:6d:e2:93:36:e0:0a:a3:0e:9a:e9:bd:f5:1b:
d7:2e:9b:fd:60:14:8c:13:ca:41:e7:d0:5b:f2:a2:24:7b:4a:
be:a7:e2:c9:ae:88:9c:e4:9d:77:b7:1c:f1:e7:25:69:d2:bd:
0a:c8:21:00:6e:da:72:13:63:48:e1:68:0a:4c:48:e0:72:0d:
bf:ae:f1:1a:41:09:dd:62:a5:ef:63:b0:a7:c5:87:e9:18:8d:
36:68:bc:db:bb:7b:85:0c:46:bb:e9:0a:bb:fe:11:2b:6e:34:
59:29:de:08:5c:a5:4f:85:3a:3a:d7:d0:cb:0d:41:6b:18:9a:
96:87:21:74:33:c3:6b:3c:ca:a5:f2:12:10:1b:1c:20:29:07:
86:f4:e8:68
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYsEk0tlchBOr1SYaMmRxUeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMxMDA2MTA0MDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM1MWY1NmEyNWIyOTQ0YWRmMjg5YzU1MzQ3MDM0NDE4N2YwZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC1852oZKpYicGoyX6wpL4x+L2Eq
vKQNgNPkYVec4F1jnvz5dJvEEQ0HYwfnceKUEzDk2dmnQnVsbuZmEgOmS9tC1cIh
+87E5vezSkX6vF5Z/i+bMXtc1ZSmJJUGOPCRfJMZn6CZt6d1pkmSv3UaQ7I/KoUQ
gd9vmgd1OJzecYdlgZ/stH1iax0Kwb90Y39tfovYrvPiMZ1Wn3ww5D+1Fb72t0+c
MnTDwdNxqPWsHUCQjGwF78tc9UJFS8yauyLaP/zKJOwW3v/YXVYVqf9ULyAGkL1+
sj9QQ02JlThXEd79q2fCOLotL2uvKJ6cqtfHxZ/3YRRB5k8Q0vpQOzkIfwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFCTFH1aiWylErfKJxVNHA0QYfw/IMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvSk1VZlZxSmJLVVN0OG9uRlUwY0RSQmhfRDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQGUs4AMAwD
BAPZjEgDBAXZjEADBAXZrYAwDQQCAAIwBwMFACABS4gwDQYJKoZIhvcNAQELBQAD
ggEBAJi6PER+vMki4BRohItHQ1611lok6Pf4niBDB5Uq9sETi6/PjBpvbyI7CHkE
CXa4rxqRPvkE79M0y1FwTutFc/2I9CPvB0878iFujbCV2AwyhfOABi3IWraL+uW0
h3KUmX5Bp/m9a5J8QD6cbA84Ez98beKTNuAKow6a6b31G9cum/1gFIwTykHn0Fvy
oiR7Sr6n4smuiJzknXe3HPHnJWnSvQrIIQBu2nITY0jhaApMSOByDb+u8RpBCd1i
pe9jsKfFh+kYjTZovNu7e4UMRrvpCrv+EStuNFkp3ghcpU+FOjrX0MsNQWsYmpaH
IXQzw2s8yqXyEhAbHCApB4b06Gg=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:57:13 2025 by rpki-client