Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9_P3t6AwPLPzndbRczepeeS37h4.roa
File: 9_P3t6AwPLPzndbRczepeeS37h4.roa (raw, json)
Hash identifier: e6swXB/k3ie3lEFOsEQMStrmR2R04dMTT34GAhRFPIQ=
Subject key identifier: F7:F3:F7:B7:A0:30:3C:B3:F3:9D:D6:D1:73:37:A9:79:E4:B7:EE:1E
Certificate issuer: /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial: 018CC8016CD3FA4725565D679420589532C9
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9_P3t6AwPLPzndbRczepeeS37h4.roa
Signing time: Tue 02 Jan 2024 02:29:45 +0000
ROA not before: Tue 02 Jan 2024 02:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60783
IP address blocks: 185.25.232.0/22 maxlen: 24
2a0a:8fc0::/29 maxlen: 29
2a04:3480::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:6c:d3:fa:47:25:56:5d:67:94:20:58:95:32:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Validity
Not Before: Jan 2 02:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f7f3f7b7a0303cb3f39dd6d17337a979e4b7ee1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:f6:6c:0e:fc:94:3e:4d:d4:86:7e:f6:9e:c8:
13:03:67:45:19:2d:03:1f:36:17:bd:ba:20:cb:f7:
a4:5d:bb:04:a9:23:4b:8d:d4:2e:0a:df:b0:b7:55:
74:25:72:41:5c:d2:3e:a9:e6:4d:1d:a0:c7:90:59:
fb:5c:89:9d:22:7e:f6:79:b9:4e:3c:bc:9a:91:76:
1f:8d:83:22:8a:86:d6:06:cc:98:9f:3b:48:06:4f:
dd:c8:0b:89:c2:ba:c3:db:bb:26:45:1b:1d:6f:c6:
a9:0a:33:88:e0:8b:1c:a1:db:a2:df:83:f4:a7:61:
35:e6:a2:e8:ac:78:58:a2:1b:2e:51:b6:92:0a:17:
41:c9:f9:a4:43:98:b0:06:06:3b:df:56:d8:c6:60:
93:51:4e:91:b1:58:95:ee:c3:b7:9c:a7:d2:c2:8d:
ed:86:fc:76:55:a9:be:e1:3d:60:4f:c5:9d:14:09:
04:55:09:f1:ce:63:ef:ee:c8:35:5a:61:26:80:d3:
06:d5:10:a6:3b:76:2d:52:a7:5a:68:0a:2b:f6:79:
de:18:62:80:7c:28:c4:b0:fc:6d:67:27:8a:4c:8a:
a3:82:12:d6:6b:96:ae:4f:8a:3e:4a:3d:da:e1:60:
5f:3d:52:50:be:2e:c4:95:ec:e4:83:3b:10:e3:3d:
79:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:F3:F7:B7:A0:30:3C:B3:F3:9D:D6:D1:73:37:A9:79:E4:B7:EE:1E
X509v3 Authority Key Identifier:
keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9_P3t6AwPLPzndbRczepeeS37h4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.232.0/22
IPv6:
2a04:3480::/29
2a0a:8fc0::/29
Signature Algorithm: sha256WithRSAEncryption
5e:6b:f6:bb:ac:f5:c8:84:ad:a3:39:8f:76:0f:d1:9e:1a:61:
dc:66:cf:f4:ce:c1:1d:28:98:ee:ec:e9:99:0d:7b:a6:31:72:
28:8c:a7:95:80:30:0f:ce:54:eb:69:53:34:c7:ce:1b:6e:3c:
ef:c5:cf:35:51:50:17:6a:2e:f4:f9:43:ea:42:b5:d4:74:dc:
20:5b:4e:be:5b:65:fd:f4:73:4b:9e:4b:ce:4e:6d:ba:8d:66:
4c:7b:a2:66:80:92:23:82:82:a7:6f:33:f9:d3:4b:71:bf:85:
6b:5d:49:e0:59:8d:74:70:f6:0e:8a:ec:21:e1:fd:67:24:68:
93:20:eb:ea:b7:fd:58:23:f0:07:3f:e4:3a:77:68:c1:11:49:
6c:17:f8:63:9f:b6:22:08:4c:36:c7:a3:59:3f:74:dc:3e:24:
8e:43:23:17:42:0c:9b:1c:e5:ce:20:84:4d:d5:46:e3:2d:38:
cd:ed:7e:15:c9:1e:ea:c3:f3:16:aa:61:41:04:9c:a5:09:e9:
92:f1:34:ad:46:26:eb:60:0f:09:55:cc:ba:f5:ac:10:ca:a2:
a4:94:5d:b5:48:81:82:01:39:e1:c2:ba:ba:92:32:0a:7c:c0:
1a:3d:f0:42:3a:4a:24:80:47:b0:82:73:e0:5b:02:c8:14:0b:
74:2b:04:99
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzIAWzT+kclVl1nlCBYlTLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2YzZjdiN2EwMzAzY2IzZjM5ZGQ2ZDE3MzM3YTk3OWU0YjdlZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvZsDvyUPk3Uhn72nsgTA2dFGS0D
HzYXvbogy/ekXbsEqSNLjdQuCt+wt1V0JXJBXNI+qeZNHaDHkFn7XImdIn72eblO
PLyakXYfjYMiiobWBsyYnztIBk/dyAuJwrrD27smRRsdb8apCjOI4Iscodui34P0
p2E15qLorHhYohsuUbaSChdByfmkQ5iwBgY731bYxmCTUU6RsViV7sO3nKfSwo3t
hvx2Vam+4T1gT8WdFAkEVQnxzmPv7sg1WmEmgNMG1RCmO3YtUqdaaAor9nneGGKA
fCjEsPxtZyeKTIqjghLWa5auT4o+Sj3a4WBfPVJQvi7ElezkgzsQ4z150wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPfz97egMDyz853W0XM3qXnkt+4eMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvOV9QM3Q2QXdQTFB6bmRiUmN6ZXBlZVMzN2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuRnoMBQE
AgACMA4DBQMqBDSAAwUDKgqPwDANBgkqhkiG9w0BAQsFAAOCAQEAXmv2u6z1yISt
ozmPdg/Rnhph3GbP9M7BHSiY7uzpmQ17pjFyKIynlYAwD85U62lTNMfOG24878XP
NVFQF2ou9PlD6kK11HTcIFtOvltl/fRzS55Lzk5tuo1mTHuiZoCSI4KCp28z+dNL
cb+Fa11J4FmNdHD2DorsIeH9ZyRokyDr6rf9WCPwBz/kOndowRFJbBf4Y5+2IghM
NsejWT903D4kjkMjF0IMmxzlziCETdVG4y04ze1+Fcke6sPzFqphQQScpQnpkvE0
rUYm62APCVXMuvWsEMqipJRdtUiBggE54cK6upIyCnzAGj3wQjpKJIBHsIJz4FsC
yBQLdCsEmQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:42 2024 by rpki-client on console-fra.rpki-client.org