Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oyIoqNwl0E1GXR7evDbTNhQLRMs.roa
File: oyIoqNwl0E1GXR7evDbTNhQLRMs.roa (raw, json)
Hash identifier: bSAaY+YrqmGEGHvDhCoVPl2jKFFOfX3UBW7z6GoAiQc=
Subject key identifier: A3:22:28:A8:DC:25:D0:4D:46:5D:1E:DE:BC:36:D3:36:14:0B:44:CB
Certificate issuer: /CN=a036af22669183ba26f23976530e349b34651968
Certificate serial: 018CC425456FC1E860915EB861A6514D114A
Authority key identifier: A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oyIoqNwl0E1GXR7evDbTNhQLRMs.roa
Signing time: Mon 01 Jan 2024 08:30:26 +0000
ROA not before: Mon 01 Jan 2024 08:30:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 30910
IP address blocks: 185.39.16.0/23 maxlen: 23
80.64.16.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:45:6f:c1:e8:60:91:5e:b8:61:a6:51:4d:11:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a036af22669183ba26f23976530e349b34651968
Validity
Not Before: Jan 1 08:30:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a32228a8dc25d04d465d1edebc36d336140b44cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:f7:3f:b9:af:86:9c:8e:3b:7c:1c:4f:48:db:
67:76:fa:ff:c1:9c:b4:fd:b3:d3:ec:7e:95:df:60:
36:86:fe:8e:8b:95:71:2b:46:d7:d4:80:0f:27:d2:
7f:18:09:fb:c2:c0:ab:9c:f0:21:d4:d5:77:be:a8:
e6:6d:33:50:a1:80:6a:33:f1:39:9c:59:20:08:97:
11:6d:47:d6:95:51:f6:ea:5e:b4:3a:6f:2c:5f:57:
b1:68:dc:54:35:00:05:a2:c9:f7:5a:ed:75:6f:cd:
4d:f6:3b:db:38:6a:12:5c:95:2c:56:c3:9e:74:ae:
f3:5a:70:39:44:0b:06:b0:93:05:8e:41:d7:e3:eb:
1d:bb:70:20:c9:39:0c:d0:e3:ff:20:7d:93:9a:8f:
aa:48:02:90:94:e5:8d:1d:e3:04:d1:fc:ef:fd:5c:
ed:9f:f0:44:b8:5e:da:bb:eb:eb:9d:64:19:81:68:
8b:9a:cc:73:fc:d0:65:92:3b:35:bd:2f:18:f3:f3:
c4:18:78:54:b9:d2:e4:aa:ad:71:a4:df:f6:23:fd:
e6:3e:9d:ec:05:ef:56:0b:16:33:d9:f6:d2:44:ce:
36:eb:c8:02:7b:57:21:2a:b0:0c:f6:2c:1f:ac:f6:
31:b5:72:dc:45:ba:7c:94:2e:bc:10:bc:b7:d1:08:
b6:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:22:28:A8:DC:25:D0:4D:46:5D:1E:DE:BC:36:D3:36:14:0B:44:CB
X509v3 Authority Key Identifier:
keyid:A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oyIoqNwl0E1GXR7evDbTNhQLRMs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oDavImaRg7om8jl2Uw40mzRlGWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.16.0/21
185.39.16.0/23
Signature Algorithm: sha256WithRSAEncryption
4a:c0:18:e3:7a:09:3f:70:bf:9d:10:fa:ca:4e:e6:7f:91:b3:
f6:a8:86:3b:0b:54:bc:ee:bd:e5:7f:8f:3d:1f:16:22:25:11:
b2:e1:88:99:41:87:d4:12:b6:9f:3e:0f:bb:36:af:f4:78:11:
73:b2:93:6c:3b:1f:89:c9:07:12:0c:3b:d7:27:aa:63:1d:f8:
1d:4f:2e:32:f1:6c:48:6d:54:10:91:59:54:92:9b:54:bc:16:
e4:2f:de:3e:07:0f:7e:53:ef:7c:f4:d5:84:24:70:25:58:b3:
c2:34:95:ef:3a:3b:ca:ed:b8:2a:18:30:1e:4c:b1:65:84:38:
4a:f8:3d:cf:87:78:6b:b0:92:f8:b2:29:03:83:75:32:f9:03:
3e:f2:9f:12:0b:f8:78:c7:95:58:5a:f5:b7:ac:e1:dc:91:3a:
43:88:90:ed:bd:0e:b6:bd:0f:02:ff:27:a2:c4:92:51:97:31:
44:ef:a4:35:85:27:34:71:d1:59:0b:51:3d:dd:0d:3a:ed:32:
ef:09:6f:0c:35:ea:01:e2:74:37:f7:f2:02:4b:ed:06:8b:fc:
b0:a1:5a:0f:0a:b1:c8:b6:3a:a2:46:9a:d0:ea:18:8d:2c:25:
f2:1c:e4:9d:1d:f1:d9:56:19:67:74:78:53:3e:93:00:04:54:
08:37:4b:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJUVvwehgkV64YaZRTRFKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMzZhZjIyNjY5MTgzYmEyNmYyMzk3NjUzMGUzNDliMzQ2
NTE5NjgwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzIyMjhhOGRjMjVkMDRkNDY1ZDFlZGViYzM2ZDMzNjE0MGI0NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPc/ua+GnI47fBxPSNtndvr/wZy0
/bPT7H6V32A2hv6Oi5VxK0bX1IAPJ9J/GAn7wsCrnPAh1NV3vqjmbTNQoYBqM/E5
nFkgCJcRbUfWlVH26l60Om8sX1exaNxUNQAFosn3Wu11b81N9jvbOGoSXJUsVsOe
dK7zWnA5RAsGsJMFjkHX4+sdu3AgyTkM0OP/IH2Tmo+qSAKQlOWNHeME0fzv/Vzt
n/BEuF7au+vrnWQZgWiLmsxz/NBlkjs1vS8Y8/PEGHhUudLkqq1xpN/2I/3mPp3s
Be9WCxYz2fbSRM4268gCe1chKrAM9iwfrPYxtXLcRbp8lC68ELy30Qi2oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKMiKKjcJdBNRl0e3rw20zYUC0TLMB8GA1UdIwQY
MBaAFKA2ryJmkYO6JvI5dlMONJs0ZRloMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUt
N2M1OTY0OTkwMzk3LzEvb3lJb3FOd2wwRTFHWFI3ZXZEYlROaFFMUk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUtN2M1OTY0OTkwMzk3
LzEvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUEAQAwQB
uScQMA0GCSqGSIb3DQEBCwUAA4IBAQBKwBjjegk/cL+dEPrKTuZ/kbP2qIY7C1S8
7r3lf489HxYiJRGy4YiZQYfUErafPg+7Nq/0eBFzspNsOx+JyQcSDDvXJ6pjHfgd
Ty4y8WxIbVQQkVlUkptUvBbkL94+Bw9+U+989NWEJHAlWLPCNJXvOjvK7bgqGDAe
TLFlhDhK+D3Ph3hrsJL4sikDg3Uy+QM+8p8SC/h4x5VYWvW3rOHckTpDiJDtvQ62
vQ8C/yeixJJRlzFE76Q1hSc0cdFZC1E93Q067TLvCW8MNeoB4nQ39/ICS+0Gi/yw
oVoPCrHItjqiRprQ6hiNLCXyHOSdHfHZVhlndHhTPpMABFQIN0s0
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:05 2025 by rpki-client