Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/1JZ-gU-zIdKLcUCU1zTiPnzq2nc.roa
File: 1JZ-gU-zIdKLcUCU1zTiPnzq2nc.roa (raw, json)
Hash identifier: 7gokoSj1KSAwYxc9MNFceuO+D/fa5pJCYcuBmHp48ws=
Subject key identifier: D4:96:7E:81:4F:B3:21:D2:8B:71:40:94:D7:34:E2:3E:7C:EA:DA:77
Certificate issuer: /CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
Certificate serial: 018CC4245E5380B504BAF5FFF910BE2D70B9
Authority key identifier: 87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/1JZ-gU-zIdKLcUCU1zTiPnzq2nc.roa
Signing time: Mon 01 Jan 2024 08:29:26 +0000
ROA not before: Mon 01 Jan 2024 08:29:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16589
IP address blocks: 84.238.132.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:5e:53:80:b5:04:ba:f5:ff:f9:10:be:2d:70:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
Validity
Not Before: Jan 1 08:29:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d4967e814fb321d28b714094d734e23e7ceada77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:18:c0:af:e3:c3:eb:35:0f:f2:5f:0f:5b:3d:
b6:f0:42:8a:e2:6c:71:9d:fe:56:9e:27:99:36:0c:
a3:3c:82:2b:a7:fa:da:37:a1:ab:cc:11:62:28:1c:
96:87:7f:69:ad:e0:20:56:bd:16:b7:09:95:93:77:
d4:a9:2a:5b:3c:19:47:29:65:9f:32:52:14:e1:cb:
06:84:fe:28:8f:6c:43:03:1d:e3:04:d9:27:8c:9b:
92:ed:5e:3b:19:37:ae:3e:2f:ba:51:15:3f:2f:11:
65:05:43:f1:82:14:86:3e:a7:26:55:ed:0e:5d:f6:
f7:06:02:67:3e:80:4a:01:d8:a3:4c:bc:b8:36:e5:
2a:58:02:29:f0:96:bd:7c:7d:db:12:98:52:50:58:
8f:fd:46:e0:79:93:07:36:55:cc:6f:30:c4:d4:a0:
ed:36:d8:5a:89:7b:0f:02:30:7a:80:e4:eb:92:1c:
e7:ed:c6:25:96:ca:c9:73:00:34:77:08:c9:ba:ed:
1a:1e:67:8a:c5:9f:1d:28:0f:49:a8:44:d0:86:62:
62:d5:28:84:a2:d1:91:5e:1c:bf:ec:4a:7d:de:6d:
54:60:70:b5:77:8e:42:01:86:3e:60:0c:c1:c6:a6:
bf:d2:71:94:72:3d:01:09:59:83:2c:ad:bb:56:37:
4a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:96:7E:81:4F:B3:21:D2:8B:71:40:94:D7:34:E2:3E:7C:EA:DA:77
X509v3 Authority Key Identifier:
keyid:87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/1JZ-gU-zIdKLcUCU1zTiPnzq2nc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/h1bSd2jhHZSgu837P7zXQNRaAPQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.238.132.0/23
Signature Algorithm: sha256WithRSAEncryption
1b:dc:5d:17:71:93:c6:40:de:e1:5e:a9:37:26:61:ab:e8:ba:
a4:18:6f:ec:b9:27:74:52:a8:da:82:62:31:bf:9a:18:04:ef:
97:64:f4:6b:12:e6:d0:14:1e:a9:18:f0:42:4e:9e:75:30:74:
3e:5a:15:67:fe:46:19:65:ea:f9:df:c7:3d:aa:35:7d:22:97:
e0:46:66:77:09:db:1c:f8:c8:a4:bd:f4:5b:bc:35:79:7e:50:
af:fe:ca:33:2d:fc:d8:5b:60:c2:6e:79:ef:64:92:e9:8e:d8:
1f:c5:54:32:7f:4b:55:1c:d5:a2:9e:62:2f:73:2c:c6:fd:bb:
6a:20:42:59:c0:38:89:8b:19:c6:e0:b0:d5:31:af:72:1f:21:
17:59:c6:92:e3:01:ee:0d:ae:75:68:c6:ac:f0:28:f2:5c:9b:
e6:0c:6c:9c:10:c4:71:ac:d9:8c:aa:a6:87:cf:66:82:24:4d:
5f:5b:7f:0b:14:92:09:e8:8c:b8:1b:97:6c:43:7c:b1:4f:3d:
85:c5:67:d1:06:2b:8c:13:bd:ab:8b:4a:51:8e:b8:47:44:53:
e0:ad:89:e7:3d:2b:5c:d2:02:4a:a5:50:68:ad:1d:7a:06:16:
25:aa:d3:42:d8:d7:34:fa:82:5f:6f:02:46:ea:6f:fd:5f:b9:
d2:14:b2:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJF5TgLUEuvX/+RC+LXC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NTZkMjc3NjhlMTFkOTRhMGJiY2RmYjNmYmNkNzQwZDQ1
YTAwZjQwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk2N2U4MTRmYjMyMWQyOGI3MTQwOTRkNzM0ZTIzZTdjZWFkYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhjAr+PD6zUP8l8PWz228EKK4mxx
nf5WnieZNgyjPIIrp/raN6GrzBFiKByWh39preAgVr0WtwmVk3fUqSpbPBlHKWWf
MlIU4csGhP4oj2xDAx3jBNknjJuS7V47GTeuPi+6URU/LxFlBUPxghSGPqcmVe0O
Xfb3BgJnPoBKAdijTLy4NuUqWAIp8Ja9fH3bEphSUFiP/UbgeZMHNlXMbzDE1KDt
NthaiXsPAjB6gOTrkhzn7cYllsrJcwA0dwjJuu0aHmeKxZ8dKA9JqETQhmJi1SiE
otGRXhy/7Ep93m1UYHC1d45CAYY+YAzBxqa/0nGUcj0BCVmDLK27VjdK2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSWfoFPsyHSi3FAlNc04j586tp3MB8GA1UdIwQY
MBaAFIdW0ndo4R2UoLvN+z+810DUWgD0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMt
YzNhMDJkN2MwNjk3LzEvMUpaLWdVLXpJZEtMY1VDVTF6VGlQbnpxMm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMtYzNhMDJkN2MwNjk3
LzEvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVO6EMA0G
CSqGSIb3DQEBCwUAA4IBAQAb3F0XcZPGQN7hXqk3JmGr6LqkGG/suSd0UqjagmIx
v5oYBO+XZPRrEubQFB6pGPBCTp51MHQ+WhVn/kYZZer538c9qjV9IpfgRmZ3Cdsc
+MikvfRbvDV5flCv/sozLfzYW2DCbnnvZJLpjtgfxVQyf0tVHNWinmIvcyzG/btq
IEJZwDiJixnG4LDVMa9yHyEXWcaS4wHuDa51aMas8CjyXJvmDGycEMRxrNmMqqaH
z2aCJE1fW38LFJIJ6Iy4G5dsQ3yxTz2FxWfRBiuME72ri0pRjrhHRFPgrYnnPStc
0gJKpVBorR16BhYlqtNC2Nc0+oJfbwJG6m/9X7nSFLKB
-----END CERTIFICATE-----
Generated at Sat Apr 5 23:16:17 2025 by rpki-client