Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/SiX4fspmcwf_3Nn7FofmgpF2ogk.roa
File: SiX4fspmcwf_3Nn7FofmgpF2ogk.roa (raw, json)
Hash identifier: MUrxjK9KCYXO7Z3JTZGMCIUQbdriL9YQTsksSQQUtOI=
Subject key identifier: 4A:25:F8:7E:CA:66:73:07:FF:DC:D9:FB:16:87:E6:82:91:76:A2:09
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018B13653EAA81495D40F63FB99F5D8B1536
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/SiX4fspmcwf_3Nn7FofmgpF2ogk.roa
Signing time: Mon 09 Oct 2023 07:44:44 +0000
ROA not before: Mon 09 Oct 2023 07:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 195.242.243.0/24 maxlen: 24
185.81.181.0/24 maxlen: 24
185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
89.46.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:13:65:3e:aa:81:49:5d:40:f6:3f:b9:9f:5d:8b:15:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Oct 9 07:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4a25f87eca667307ffdcd9fb1687e6829176a209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:4e:08:71:89:0b:ae:38:5d:03:c3:64:b7:be:
8f:6f:85:8b:6d:a5:7a:72:92:80:47:04:3f:84:be:
fe:00:d6:b6:e2:1b:a3:35:90:fb:d2:ad:44:c3:40:
de:30:d2:cb:19:81:6b:55:9c:b0:d0:99:da:62:f7:
0a:49:4f:6c:c8:16:83:b5:be:f7:91:a8:74:d8:60:
7b:87:f3:10:0d:42:d4:73:05:a1:57:0b:99:f3:1c:
e6:85:94:58:9e:9d:c2:59:9b:80:1f:6d:3f:fe:3f:
61:10:30:f1:d6:4f:f7:c9:be:7f:45:65:30:2b:48:
f4:2d:4e:98:7f:4d:bd:09:85:ab:40:d8:02:f7:3f:
17:9e:45:2d:20:14:c6:64:ce:0f:e4:e1:ef:d7:54:
88:0a:61:3d:f5:2e:68:2d:99:7e:20:c9:41:ac:82:
18:ac:27:e8:ba:ca:aa:a5:ee:d0:45:62:c0:8a:84:
37:c5:d9:99:30:bf:41:ec:8b:f1:9f:20:c3:0b:45:
66:29:3b:d7:79:42:6c:69:72:4a:f0:a0:19:b1:ff:
b8:aa:07:62:7b:d8:fc:02:65:9d:31:49:bf:33:23:
b5:65:fe:a9:68:f5:9b:35:8c:56:55:7f:17:ad:c8:
1e:2a:29:ec:4e:cc:02:e5:f3:45:20:e5:3a:82:6a:
4d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:25:F8:7E:CA:66:73:07:FF:DC:D9:FB:16:87:E6:82:91:76:A2:09
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/SiX4fspmcwf_3Nn7FofmgpF2ogk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.10.0/24
93.114.61.0/24
185.81.180.0/23
195.242.243.0/24
Signature Algorithm: sha256WithRSAEncryption
18:0f:6c:90:cc:a2:2e:31:55:bd:61:1d:a3:03:f9:af:10:fe:
58:ac:c4:2a:46:40:4e:00:bc:12:19:9d:7e:ca:f7:3c:19:77:
0f:38:61:41:ee:53:15:61:5a:05:c0:77:db:f7:b0:c9:a3:aa:
52:a4:0c:1c:fa:ac:ca:10:30:ff:f9:18:d6:19:25:36:f6:18:
e0:00:b3:f9:c8:05:58:dc:84:53:67:99:8d:36:a2:9f:c8:30:
9b:f3:d5:a7:60:e2:68:52:cb:2d:57:19:68:43:00:6b:a5:01:
60:05:ad:62:83:2a:bf:66:ef:df:04:84:76:29:34:0d:c7:cf:
3c:49:1a:d6:cb:98:9a:57:23:a7:27:1e:04:80:10:80:4b:42:
e8:72:fe:58:7a:6b:35:6a:ae:29:78:f1:8b:c8:c6:d3:50:a5:
21:37:09:8a:4c:a8:b3:19:a1:46:59:db:ec:81:d8:c1:76:f8:
eb:0f:4d:fa:a3:21:c8:6c:95:7e:d6:10:eb:48:bf:3f:a2:40:
59:87:e3:5c:a9:b4:0f:bb:f1:e7:21:cc:f3:1e:2c:c8:94:27:
82:de:b7:e5:5f:44:18:d5:2c:62:67:7d:76:3b:77:9b:77:70:
90:45:f5:52:bb:3f:f0:b3:0c:7f:89:88:86:dc:25:8b:27:76:
46:c4:1d:87
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYsTZT6qgUldQPY/uZ9dixU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMxMDA5MDc0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI1Zjg3ZWNhNjY3MzA3ZmZkY2Q5ZmIxNjg3ZTY4MjkxNzZhMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE4IcYkLrjhdA8Nkt76Pb4WLbaV6
cpKARwQ/hL7+ANa24hujNZD70q1Ew0DeMNLLGYFrVZyw0JnaYvcKSU9syBaDtb73
kah02GB7h/MQDULUcwWhVwuZ8xzmhZRYnp3CWZuAH20//j9hEDDx1k/3yb5/RWUw
K0j0LU6Yf029CYWrQNgC9z8XnkUtIBTGZM4P5OHv11SICmE99S5oLZl+IMlBrIIY
rCfousqqpe7QRWLAioQ3xdmZML9B7IvxnyDDC0VmKTvXeUJsaXJK8KAZsf+4qgdi
e9j8AmWdMUm/MyO1Zf6paPWbNYxWVX8XrcgeKinsTswC5fNFIOU6gmpN/wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEol+H7KZnMH/9zZ+xaH5oKRdqIJMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvU2lYNGZzcG1jd2ZfM05uN0ZvZm1ncEYyb2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWS4KAwQA
XXI9AwQBuVG0AwQAw/LzMA0GCSqGSIb3DQEBCwUAA4IBAQAYD2yQzKIuMVW9YR2j
A/mvEP5YrMQqRkBOALwSGZ1+yvc8GXcPOGFB7lMVYVoFwHfb97DJo6pSpAwc+qzK
EDD/+RjWGSU29hjgALP5yAVY3IRTZ5mNNqKfyDCb89WnYOJoUsstVxloQwBrpQFg
Ba1igyq/Zu/fBIR2KTQNx888SRrWy5iaVyOnJx4EgBCAS0Locv5Yems1aq4pePGL
yMbTUKUhNwmKTKizGaFGWdvsgdjBdvjrD036oyHIbJV+1hDrSL8/okBZh+NcqbQP
u/HnIczzHizIlCeC3rflX0QY1SxiZ312O3ebd3CQRfVSuz/wswx/iYiG3CWLJ3ZG
xB2H
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:36:46 2025 by rpki-client