Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/dHfEN_Eoj6NXHQvtNt7TxVZqjOA.roa
File: dHfEN_Eoj6NXHQvtNt7TxVZqjOA.roa (raw, json)
Hash identifier: 9MQVI/nyFhK0NvMIiuZETTv2jgGHLALZx9Jdz8aseX8=
Subject key identifier: 74:77:C4:37:F1:28:8F:A3:57:1D:0B:ED:36:DE:D3:C5:56:6A:8C:E0
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018B4CFAA384C373DAD7EC075832BD6608BB
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/dHfEN_Eoj6NXHQvtNt7TxVZqjOA.roa
Signing time: Fri 20 Oct 2023 12:06:16 +0000
ROA not before: Fri 20 Oct 2023 12:06:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.81.181.0/24 maxlen: 24
185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
89.46.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:4c:fa:a3:84:c3:73:da:d7:ec:07:58:32:bd:66:08:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Oct 20 12:06:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7477c437f1288fa3571d0bed36ded3c5566a8ce0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:07:4b:c0:a5:bc:d8:ce:cd:57:52:cf:23:b8:
39:97:ce:c6:b4:17:c6:68:44:b3:76:b9:b9:2f:b9:
3e:8d:1c:45:d0:47:b2:82:85:8f:8b:f3:f6:80:9b:
5b:d4:46:3d:8b:79:94:73:69:85:16:83:30:40:91:
4e:97:1f:0f:ac:75:37:cf:41:66:99:d1:b8:6d:7b:
54:4b:11:85:60:e4:55:56:91:79:4a:ba:60:92:30:
1f:dc:ae:67:ee:1f:ff:11:61:67:08:aa:f7:84:f7:
06:05:87:e7:64:48:77:45:ff:f9:31:43:bc:ce:f4:
c2:6a:5d:f7:7c:c0:7a:a6:27:b3:df:b3:73:a9:0a:
05:47:e5:20:a7:22:e4:59:c6:40:99:a3:ab:a8:69:
f5:72:ad:3c:fd:ae:80:cd:df:27:4f:f4:8d:bd:d0:
52:36:37:d4:8e:7c:c8:85:7a:5a:65:55:46:4e:8b:
81:8b:e9:20:b4:99:e6:40:d0:b9:f6:dc:29:39:83:
c8:28:55:93:95:80:fa:20:f1:ee:1b:4e:fd:01:c5:
c0:47:1e:2a:fe:01:0d:1f:cb:02:0e:56:cd:2b:98:
7d:02:7d:e4:09:f0:35:c4:93:c6:55:4f:ca:f0:e6:
23:68:7f:4b:9f:fa:74:cb:7c:7f:7e:9d:6c:67:69:
98:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:77:C4:37:F1:28:8F:A3:57:1D:0B:ED:36:DE:D3:C5:56:6A:8C:E0
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/dHfEN_Eoj6NXHQvtNt7TxVZqjOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.10.0/24
93.114.61.0/24
185.81.180.0/23
Signature Algorithm: sha256WithRSAEncryption
40:51:2c:b8:7a:ab:77:08:09:2e:07:89:84:a1:d9:79:9e:3b:
27:66:fe:72:89:33:0c:c5:22:0f:3d:68:4f:59:04:6b:30:29:
1c:e3:35:c0:1d:dd:b8:4e:39:f8:b7:b0:6e:1f:bc:ef:17:1b:
7f:ec:69:f3:75:a2:0b:49:47:ac:e9:b8:ee:9e:ce:b5:08:e6:
3d:02:40:9e:80:2b:bc:be:dd:2d:64:cc:49:2a:35:b9:d4:ac:
dc:2b:00:64:df:9a:11:4b:1b:b4:d3:81:0e:52:77:46:90:41:
bd:22:4e:ba:3f:66:55:97:16:6f:ce:2e:65:3d:ff:a8:aa:49:
d6:35:1d:8d:14:8d:a8:1b:90:62:cd:4b:ac:ec:ee:1c:1f:03:
44:1b:fd:03:a3:a3:ca:79:e5:86:cc:11:f1:14:47:6e:20:c3:
2f:f5:75:87:1f:06:a6:6f:ce:3b:f2:1e:2a:46:89:72:27:9f:
13:3b:cf:9b:45:77:c1:ef:4e:a3:89:4c:6d:7c:dc:f1:05:52:
09:95:32:87:11:f5:11:5c:0d:f5:f1:f6:73:73:b1:24:27:51:
a4:7e:65:32:61:03:ec:ee:d6:1f:6c:7e:99:b0:34:5d:e9:5f:
aa:41:56:7b:69:ad:33:74:3a:e8:aa:74:fe:c1:4b:ed:86:7a:
c8:69:2c:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYtM+qOEw3Pa1+wHWDK9Zgi7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMxMDIwMTIwNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDc3YzQzN2YxMjg4ZmEzNTcxZDBiZWQzNmRlZDNjNTU2NmE4Y2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwdLwKW82M7NV1LPI7g5l87GtBfG
aESzdrm5L7k+jRxF0EeygoWPi/P2gJtb1EY9i3mUc2mFFoMwQJFOlx8PrHU3z0Fm
mdG4bXtUSxGFYORVVpF5SrpgkjAf3K5n7h//EWFnCKr3hPcGBYfnZEh3Rf/5MUO8
zvTCal33fMB6piez37NzqQoFR+UgpyLkWcZAmaOrqGn1cq08/a6Azd8nT/SNvdBS
NjfUjnzIhXpaZVVGTouBi+kgtJnmQNC59twpOYPIKFWTlYD6IPHuG079AcXARx4q
/gENH8sCDlbNK5h9An3kCfA1xJPGVU/K8OYjaH9Ln/p0y3x/fp1sZ2mYHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHR3xDfxKI+jVx0L7Tbe08VWaozgMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvZEhmRU5fRW9qNk5YSFF2dE50N1R4Vlpxak9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWS4KAwQA
XXI9AwQBuVG0MA0GCSqGSIb3DQEBCwUAA4IBAQBAUSy4eqt3CAkuB4mEodl5njsn
Zv5yiTMMxSIPPWhPWQRrMCkc4zXAHd24Tjn4t7BuH7zvFxt/7GnzdaILSUes6bju
ns61COY9AkCegCu8vt0tZMxJKjW51KzcKwBk35oRSxu004EOUndGkEG9Ik66P2ZV
lxZvzi5lPf+oqknWNR2NFI2oG5BizUus7O4cHwNEG/0Do6PKeeWGzBHxFEduIMMv
9XWHHwamb8478h4qRolyJ58TO8+bRXfB706jiUxtfNzxBVIJlTKHEfURXA318fZz
c7EkJ1GkfmUyYQPs7tYfbH6ZsDRd6V+qQVZ7aa0zdDroqnT+wUvthnrIaSxM
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:52 2025 by rpki-client