Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/7cFk8AzMyhLDxDs7IRiRm3Tnrjo.roa
File: 7cFk8AzMyhLDxDs7IRiRm3Tnrjo.roa (raw, json)
Hash identifier: uIF2dDyNz2CTLYbQZRDlvVNlBhy6Aw1VKzw4w30SoME=
Subject key identifier: ED:C1:64:F0:0C:CC:CA:12:C3:C4:3B:3B:21:18:91:9B:74:E7:AE:3A
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018AB192009018A716AFC6EFA7FAB191E8D4
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/7cFk8AzMyhLDxDs7IRiRm3Tnrjo.roa
Signing time: Wed 20 Sep 2023 07:50:50 +0000
ROA not before: Wed 20 Sep 2023 07:50:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.243.179.0/24 maxlen: 24
91.243.176.0/24 maxlen: 24
195.242.241.0/24 maxlen: 24
195.242.243.0/24 maxlen: 24
185.81.181.0/24 maxlen: 24
185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
93.114.62.0/24 maxlen: 24
89.46.11.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b1:92:00:90:18:a7:16:af:c6:ef:a7:fa:b1:91:e8:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Sep 20 07:50:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=edc164f00cccca12c3c43b3b2118919b74e7ae3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:e3:45:1e:4a:d3:fa:c2:36:07:d7:15:d6:36:
76:36:99:16:d9:ba:93:47:3e:9b:15:26:b6:a0:c3:
15:4b:ff:8f:22:8c:c0:c8:5e:f2:2b:ea:fc:b9:97:
86:fb:8f:f4:c9:55:a4:b2:b7:d9:c6:8a:c5:fc:55:
ae:5b:c8:6d:53:51:93:50:2e:f5:01:6a:99:48:8b:
d1:ac:64:a8:72:67:5f:bb:b8:6f:75:a0:c9:a8:c3:
26:2e:7e:3e:fc:01:1e:5a:cf:a7:f7:ea:61:f9:9a:
36:94:91:81:e3:7e:a1:15:09:46:8e:46:45:5a:c0:
8e:eb:5c:52:91:d6:8c:01:2f:c7:32:34:3e:69:97:
cd:86:06:8d:35:ce:31:83:bb:7f:8f:2e:3e:b0:f8:
92:8b:29:3c:1e:04:a0:5b:24:01:75:74:24:44:ee:
29:f8:7f:db:20:c4:9a:aa:cc:1c:5f:f2:a9:37:68:
67:6d:10:e8:23:2b:ae:3a:53:7c:43:fd:92:68:88:
5b:c7:a1:db:73:7e:96:e0:b3:12:41:2f:42:7c:ae:
3a:76:d8:5d:ae:73:00:1c:b1:c5:da:0e:76:7c:a3:
c5:91:0f:54:40:38:bc:49:53:80:b9:00:3d:f0:75:
21:ef:74:19:91:fb:d0:61:7f:8d:8a:f4:70:98:de:
fc:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:C1:64:F0:0C:CC:CA:12:C3:C4:3B:3B:21:18:91:9B:74:E7:AE:3A
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/7cFk8AzMyhLDxDs7IRiRm3Tnrjo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.11.0/24
91.243.176.0/24
91.243.179.0/24
93.114.61.0-93.114.62.255
185.81.180.0/23
195.242.241.0/24
195.242.243.0/24
Signature Algorithm: sha256WithRSAEncryption
68:aa:26:8e:27:ee:d9:33:33:aa:ef:f2:1f:e7:ea:76:97:b0:
df:fb:ad:ef:a4:82:f0:5d:e2:69:bd:ff:09:79:46:62:d9:ba:
e1:dd:f6:ea:80:d5:97:ae:71:44:f1:07:8f:e7:83:d2:c9:2b:
22:31:b0:47:9c:41:7f:e3:7b:fe:48:be:c7:df:e5:71:0d:bd:
ff:9c:57:37:b9:00:57:c4:1b:d1:82:cf:35:5e:a3:a5:a1:9d:
13:2b:ef:8b:75:f4:40:10:6c:06:83:2b:a5:34:59:17:16:e8:
a9:c8:28:30:10:9a:35:e4:73:1f:60:57:d0:59:f9:0f:60:48:
70:c5:3a:eb:85:43:8e:ed:20:d1:3d:fd:b1:0c:2d:0d:92:54:
a9:5e:fe:cc:8b:11:ba:4a:2d:07:ff:df:25:18:e5:99:58:7a:
60:9d:63:98:29:96:49:d9:73:0d:02:3c:df:9c:c4:db:1f:1f:
1c:f1:4d:e4:47:f1:6b:c4:88:9b:6f:e5:d2:b7:a9:9d:a2:1c:
b2:d1:57:ad:9d:0e:cf:55:63:31:17:d8:b1:04:11:d2:0b:e4:
d7:f7:db:1c:7a:c9:3e:96:88:94:ec:c7:18:35:79:cc:ad:d5:
d1:2e:46:f9:90:a8:c5:24:df:25:67:9c:4f:c9:62:44:cc:e0:
9c:02:35:f9
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqxkgCQGKcWr8bvp/qxkejUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwOTIwMDc1MDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGMxNjRmMDBjY2NjYTEyYzNjNDNiM2IyMTE4OTE5Yjc0ZTdhZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+NFHkrT+sI2B9cV1jZ2NpkW2bqT
Rz6bFSa2oMMVS/+PIozAyF7yK+r8uZeG+4/0yVWksrfZxorF/FWuW8htU1GTUC71
AWqZSIvRrGSocmdfu7hvdaDJqMMmLn4+/AEeWs+n9+ph+Zo2lJGB436hFQlGjkZF
WsCO61xSkdaMAS/HMjQ+aZfNhgaNNc4xg7t/jy4+sPiSiyk8HgSgWyQBdXQkRO4p
+H/bIMSaqswcX/KpN2hnbRDoIyuuOlN8Q/2SaIhbx6Hbc36W4LMSQS9CfK46dthd
rnMAHLHF2g52fKPFkQ9UQDi8SVOAuQA98HUh73QZkfvQYX+NivRwmN78MwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFO3BZPAMzMoSw8Q7OyEYkZt05646MB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvN2NGazhBek15aExEeERzN0lSaVJtM1RucmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAWS4LAwQA
W/OwAwQAW/OzMAwDBABdcj0DBABdcj4DBAG5UbQDBADD8vEDBADD8vMwDQYJKoZI
hvcNAQELBQADggEBAGiqJo4n7tkzM6rv8h/n6naXsN/7re+kgvBd4mm9/wl5RmLZ
uuHd9uqA1ZeucUTxB4/ng9LJKyIxsEecQX/je/5Ivsff5XENvf+cVze5AFfEG9GC
zzVeo6WhnRMr74t19EAQbAaDK6U0WRcW6KnIKDAQmjXkcx9gV9BZ+Q9gSHDFOuuF
Q47tINE9/bEMLQ2SVKle/syLEbpKLQf/3yUY5ZlYemCdY5gplknZcw0CPN+cxNsf
HxzxTeRH8WvEiJtv5dK3qZ2iHLLRV62dDs9VYzEX2LEEEdIL5Nf32xx6yT6WiJTs
xxg1ecyt1dEuRvmQqMUk3yVnnE/JYkTM4JwCNfk=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:40:21 2025 by rpki-client