Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gGB80zr6WK4hzTMW2NFoHmQTLEU.roa
File: gGB80zr6WK4hzTMW2NFoHmQTLEU.roa (raw, json)
Hash identifier: TPyiRJuWgbsSkUtD7Rrtw5sp39sV0FgoCgSZx/56aD0=
Subject key identifier: 80:60:7C:D3:3A:FA:58:AE:21:CD:33:16:D8:D1:68:1E:64:13:2C:45
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018CC56E1F0060A96FD6E478E9DEF9E54E4E
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gGB80zr6WK4hzTMW2NFoHmQTLEU.roa
Signing time: Mon 01 Jan 2024 14:29:37 +0000
ROA not before: Mon 01 Jan 2024 14:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 63023
IP address blocks: 195.242.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:1f:00:60:a9:6f:d6:e4:78:e9:de:f9:e5:4e:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 1 14:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=80607cd33afa58ae21cd3316d8d1681e64132c45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:f6:c0:e2:09:46:37:b2:26:02:b2:7e:d7:85:
a1:3c:76:be:22:0d:c1:e3:bf:2e:06:a4:5d:16:87:
de:94:15:50:8e:12:87:3c:95:a3:20:4c:46:4f:41:
4b:a0:ae:8a:71:1e:63:ea:11:fd:0a:41:85:d0:5f:
87:6f:e4:cc:98:f9:9a:cd:e9:7e:e8:d4:90:2d:fb:
08:0d:2e:3a:c3:ae:2f:2e:15:ba:38:ef:ed:85:2f:
90:bc:7b:3f:f9:b2:80:c8:25:8e:e0:d7:5d:96:fd:
c0:ad:88:39:f4:d1:ef:f5:43:fc:a0:17:13:7e:c0:
97:aa:53:ce:bc:98:96:ed:67:0b:02:45:bb:63:c3:
76:1e:b2:80:7c:0c:54:da:79:e6:60:7e:2a:8d:22:
d8:3e:ee:e4:aa:29:26:f7:7e:c2:71:ff:e7:7c:46:
95:22:a0:68:b0:04:8a:1f:6f:13:e6:bb:92:00:a1:
97:b3:96:12:76:ba:c8:00:53:bc:f7:2c:8c:b4:d9:
66:0f:79:be:15:76:20:0e:43:fd:f7:b4:50:fe:34:
95:11:81:85:91:fc:2e:36:28:74:55:27:e5:e4:b2:
3a:74:e5:c6:e8:ed:4c:6c:d3:63:8a:46:1a:a3:80:
7f:45:2d:77:b6:03:36:07:e4:b1:7a:c8:b3:d6:1e:
a2:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:60:7C:D3:3A:FA:58:AE:21:CD:33:16:D8:D1:68:1E:64:13:2C:45
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gGB80zr6WK4hzTMW2NFoHmQTLEU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.242.242.0/24
Signature Algorithm: sha256WithRSAEncryption
30:03:e0:b8:58:0a:f5:79:5e:e5:2a:5b:68:72:48:88:22:c4:
78:a9:b9:5e:bf:6f:66:37:c6:36:42:27:51:a6:1e:5e:0a:6b:
5b:09:41:2e:03:78:92:ca:e2:87:87:ea:1d:5c:c2:53:db:15:
44:df:cd:26:d3:ad:02:8a:b4:42:51:3e:82:5a:01:cc:fe:13:
75:d2:0d:92:5d:43:18:91:f6:7d:29:a0:46:20:fc:bc:dc:23:
3b:eb:cf:5b:2c:2b:7d:8f:7c:77:6c:60:91:89:6d:f2:c4:58:
75:71:98:c6:c3:bd:ed:4a:fc:7f:ef:98:b5:eb:77:1b:99:06:
ce:64:bb:16:17:f7:e5:db:51:12:58:fb:84:fb:e1:47:cd:f7:
9f:1d:d8:ab:e0:23:6f:07:cf:d3:b9:b4:f2:ff:15:a7:05:e3:
87:9f:09:2c:da:10:3b:58:2c:86:f6:5d:99:48:fe:8f:f8:60:
3c:fe:d9:f2:d0:c9:19:39:84:e1:9d:f6:cc:ab:a6:59:02:cc:
3c:af:01:44:26:8c:a9:83:12:ac:9d:53:27:b5:9b:cd:b6:38:
fe:05:1a:6c:b4:08:cc:e3:87:84:45:e2:5a:c8:7c:ed:8b:b3:
ea:e1:1b:89:48:8d:65:50:ac:da:c8:91:c7:61:e3:94:d4:96:
8f:2f:f9:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh8AYKlv1uR46d755U5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDYwN2NkMzNhZmE1OGFlMjFjZDMzMTZkOGQxNjgxZTY0MTMyYzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivbA4glGN7ImArJ+14WhPHa+Ig3B
478uBqRdFofelBVQjhKHPJWjIExGT0FLoK6KcR5j6hH9CkGF0F+Hb+TMmPmazel+
6NSQLfsIDS46w64vLhW6OO/thS+QvHs/+bKAyCWO4Nddlv3ArYg59NHv9UP8oBcT
fsCXqlPOvJiW7WcLAkW7Y8N2HrKAfAxU2nnmYH4qjSLYPu7kqikm937Ccf/nfEaV
IqBosASKH28T5ruSAKGXs5YSdrrIAFO89yyMtNlmD3m+FXYgDkP997RQ/jSVEYGF
kfwuNih0VSfl5LI6dOXG6O1MbNNjikYao4B/RS13tgM2B+Sxesiz1h6iwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBgfNM6+liuIc0zFtjRaB5kEyxFMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvZ0dCODB6cjZXSzRoelRNVzJORm9IbVFUTEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/LyMA0G
CSqGSIb3DQEBCwUAA4IBAQAwA+C4WAr1eV7lKltockiIIsR4qblev29mN8Y2QidR
ph5eCmtbCUEuA3iSyuKHh+odXMJT2xVE380m060CirRCUT6CWgHM/hN10g2SXUMY
kfZ9KaBGIPy83CM7689bLCt9j3x3bGCRiW3yxFh1cZjGw73tSvx/75i163cbmQbO
ZLsWF/fl21ESWPuE++FHzfefHdir4CNvB8/TubTy/xWnBeOHnwks2hA7WCyG9l2Z
SP6P+GA8/tny0MkZOYThnfbMq6ZZAsw8rwFEJoypgxKsnVMntZvNtjj+BRpstAjM
44eEReJayHzti7Pq4RuJSI1lUKzayJHHYeOU1JaPL/nz
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:35:59 2025 by rpki-client