Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/DHjwfxcqOiIJ3-_rT00rA_Nqs8M.roa
File: DHjwfxcqOiIJ3-_rT00rA_Nqs8M.roa (raw, json)
Hash identifier: QOmlUeM/EV+w4OiD1o7hU2JFhE/b8GtXEm24DFOqKKs=
Subject key identifier: 0C:78:F0:7F:17:2A:3A:22:09:DF:EF:EB:4F:4D:2B:03:F3:6A:B3:C3
Certificate issuer: /CN=a036af22669183ba26f23976530e349b34651968
Certificate serial: 018572A804E86609ECEB2A67A8D4D7A30425
Authority key identifier: A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/DHjwfxcqOiIJ3-_rT00rA_Nqs8M.roa
Signing time: Mon 02 Jan 2023 13:24:52 +0000
ROA not before: Mon 02 Jan 2023 13:24:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30910
IP address blocks: 185.39.16.0/23 maxlen: 23
80.64.16.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:a8:04:e8:66:09:ec:eb:2a:67:a8:d4:d7:a3:04:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a036af22669183ba26f23976530e349b34651968
Validity
Not Before: Jan 2 13:24:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c78f07f172a3a2209dfefeb4f4d2b03f36ab3c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:75:ec:1c:99:fe:b2:83:45:ce:21:8a:e9:17:
81:78:8e:2c:ff:fd:f3:6d:47:11:f0:9b:cb:2d:6b:
76:18:aa:e4:18:41:4b:4c:9e:a6:95:1f:31:c7:de:
1a:56:e2:e1:e6:c0:2c:4e:69:8f:9f:28:be:7f:7a:
4b:0d:39:e4:be:bc:76:e8:2d:54:c8:38:13:df:4c:
23:57:9a:aa:aa:ee:35:f9:dd:0d:b9:ad:31:c2:94:
1f:44:00:dc:87:56:03:38:1f:3a:00:f4:aa:77:5a:
59:e1:f3:74:3d:95:16:b4:3d:bb:64:42:26:08:ad:
c7:cc:76:0f:f7:ab:e2:61:24:b5:9a:d1:db:3b:26:
a8:a2:3c:c9:fc:e0:03:08:bd:09:1f:66:e8:8e:e9:
b9:de:7c:a4:82:41:b6:f2:d9:a8:8d:ce:a8:2c:da:
2b:88:19:14:3e:1b:d5:5a:f5:9c:04:d6:68:3b:e2:
df:e5:4e:90:8a:3f:fe:3c:e6:b7:d0:74:79:ce:9d:
86:e5:16:79:7b:c6:1e:a1:9b:b9:1d:5b:cd:58:20:
16:e9:92:66:8b:73:ac:d2:16:87:db:6d:87:69:44:
16:a7:a8:36:b1:27:7d:01:2e:07:1f:33:79:f2:75:
a7:f4:a8:a9:0a:bc:17:67:0e:2b:a9:8e:55:ed:72:
6a:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:78:F0:7F:17:2A:3A:22:09:DF:EF:EB:4F:4D:2B:03:F3:6A:B3:C3
X509v3 Authority Key Identifier:
keyid:A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/DHjwfxcqOiIJ3-_rT00rA_Nqs8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oDavImaRg7om8jl2Uw40mzRlGWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.16.0/21
185.39.16.0/23
Signature Algorithm: sha256WithRSAEncryption
24:63:3e:5b:2c:23:16:8b:b7:d3:4a:2a:57:66:7c:83:bf:20:
8f:b2:b6:10:d7:46:50:3d:64:de:83:4e:3a:81:db:31:4a:df:
44:11:0b:94:b3:ee:72:9b:cf:61:62:6e:79:37:ed:5b:00:78:
0f:55:1f:0d:70:83:db:54:c2:72:85:03:1b:dc:66:36:69:eb:
a0:cb:72:5a:b4:bf:8c:38:dc:cf:7a:b8:2d:46:1f:66:90:54:
1b:d2:f9:c1:71:3f:50:9e:16:f6:89:c7:08:51:fe:33:90:e1:
1e:f3:b3:86:ee:9c:ee:54:a7:dd:2b:4c:43:cb:b2:59:da:e3:
6a:64:aa:ae:9f:60:08:71:68:ce:57:a7:9c:7e:1d:65:6e:a7:
f4:fa:b7:fb:7c:93:7c:01:81:37:4b:89:2f:86:8d:6d:c6:9d:
8b:6d:92:f2:9d:51:d5:3f:0c:a4:79:ea:d8:85:08:52:f4:a4:
57:01:f5:74:cc:7e:40:88:77:67:95:78:05:c7:a8:14:a9:3d:
57:26:91:c3:0b:2e:ca:cb:90:b9:09:f4:21:27:a5:d1:70:d9:
91:ef:24:18:4f:95:29:37:ff:2f:07:17:fc:16:56:ca:20:42:
c1:01:86:44:fc:5c:90:e1:a0:e9:f1:88:75:59:57:b3:d2:d9:
b3:e1:0b:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyqAToZgns6ypnqNTXowQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMzZhZjIyNjY5MTgzYmEyNmYyMzk3NjUzMGUzNDliMzQ2
NTE5NjgwHhcNMjMwMTAyMTMyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc4ZjA3ZjE3MmEzYTIyMDlkZmVmZWI0ZjRkMmIwM2YzNmFiM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynXsHJn+soNFziGK6ReBeI4s//3z
bUcR8JvLLWt2GKrkGEFLTJ6mlR8xx94aVuLh5sAsTmmPnyi+f3pLDTnkvrx26C1U
yDgT30wjV5qqqu41+d0Nua0xwpQfRADch1YDOB86APSqd1pZ4fN0PZUWtD27ZEIm
CK3HzHYP96viYSS1mtHbOyaoojzJ/OADCL0JH2bojum53nykgkG28tmojc6oLNor
iBkUPhvVWvWcBNZoO+Lf5U6Qij/+POa30HR5zp2G5RZ5e8YeoZu5HVvNWCAW6ZJm
i3Os0haH222HaUQWp6g2sSd9AS4HHzN58nWn9KipCrwXZw4rqY5V7XJqBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAx48H8XKjoiCd/v609NKwPzarPDMB8GA1UdIwQY
MBaAFKA2ryJmkYO6JvI5dlMONJs0ZRloMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUt
N2M1OTY0OTkwMzk3LzEvREhqd2Z4Y3FPaUlKMy1fclQwMHJBX05xczhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUtN2M1OTY0OTkwMzk3
LzEvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUEAQAwQB
uScQMA0GCSqGSIb3DQEBCwUAA4IBAQAkYz5bLCMWi7fTSipXZnyDvyCPsrYQ10ZQ
PWTeg046gdsxSt9EEQuUs+5ym89hYm55N+1bAHgPVR8NcIPbVMJyhQMb3GY2aeug
y3JatL+MONzPergtRh9mkFQb0vnBcT9Qnhb2iccIUf4zkOEe87OG7pzuVKfdK0xD
y7JZ2uNqZKqun2AIcWjOV6ecfh1lbqf0+rf7fJN8AYE3S4kvho1txp2LbZLynVHV
PwykeerYhQhS9KRXAfV0zH5AiHdnlXgFx6gUqT1XJpHDCy7Ky5C5CfQhJ6XRcNmR
7yQYT5UpN/8vBxf8FlbKIELBAYZE/FyQ4aDp8Yh1WVez0tmz4Qtf
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:51 2025 by rpki-client