Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/cFFxu9E-8uHkWXGIPlc9ogEWm_o.roa
File: cFFxu9E-8uHkWXGIPlc9ogEWm_o.roa (raw, json)
Hash identifier: WEuMGBjd4Le1+cThjyZT+pf8U8KvDVNzEfGqma3YBxI=
Subject key identifier: 70:51:71:BB:D1:3E:F2:E1:E4:59:71:88:3E:57:3D:A2:01:16:9B:FA
Certificate issuer: /CN=345b4f7b4a16db9e924f0908cee3da26f22ad481
Certificate serial: 01DEE2C7
Authority key identifier: 34:5B:4F:7B:4A:16:DB:9E:92:4F:09:08:CE:E3:DA:26:F2:2A:D4:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NFtPe0oW256STwkIzuPaJvIq1IE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/cFFxu9E-8uHkWXGIPlc9ogEWm_o.roa
Signing time: Sat 01 Jan 2022 12:56:25 +0000
ROA not before: Sat 01 Jan 2022 12:56:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50869
IP address blocks: 194.1.163.0/24 maxlen: 24
92.119.38.0/24 maxlen: 24
2001:678:d78::/48 maxlen: 48
2a0b:dd80::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31384263 (0x1dee2c7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=345b4f7b4a16db9e924f0908cee3da26f22ad481
Validity
Not Before: Jan 1 12:56:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=705171bbd13ef2e1e45971883e573da201169bfa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:39:99:f6:88:af:bb:90:c4:05:61:a5:7b:12:
81:a4:d3:b2:96:35:f1:6b:53:d6:30:0a:30:af:5b:
be:25:84:49:cb:46:e3:c9:07:99:63:95:11:c7:f3:
a2:b9:9d:e9:8e:01:27:c6:b4:8d:c7:34:c8:85:b5:
85:44:29:30:64:80:43:db:8f:d4:4c:7d:75:54:5c:
45:bb:f0:49:f9:42:77:5d:0e:be:c1:c7:3c:58:05:
8d:5a:fa:75:d8:a4:15:2e:64:3a:70:c8:31:2c:e0:
20:54:5d:8c:09:f7:cd:fd:8e:e1:a1:80:a6:9a:ce:
0f:70:e1:ca:b8:c7:da:57:81:68:50:89:19:00:85:
db:70:20:c1:83:b4:4f:c6:3d:7b:c9:37:8f:69:81:
21:ae:d6:ca:24:eb:8d:f6:e3:82:ed:2d:e4:bb:52:
85:fd:6f:94:d4:9e:65:0f:bf:99:f6:d8:9f:0c:4b:
c7:e5:83:4d:22:22:95:1c:a9:50:26:18:eb:a8:9b:
be:17:31:9f:c1:f7:13:63:71:87:10:8f:c9:dc:bf:
09:0e:ba:71:cb:35:e5:ed:84:2a:2d:94:aa:a9:c6:
2e:03:5d:ea:0c:4f:80:17:4c:bf:c4:67:7c:ef:03:
2c:45:d1:b1:60:44:02:7a:c0:b6:4f:da:bc:a0:37:
c3:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:51:71:BB:D1:3E:F2:E1:E4:59:71:88:3E:57:3D:A2:01:16:9B:FA
X509v3 Authority Key Identifier:
keyid:34:5B:4F:7B:4A:16:DB:9E:92:4F:09:08:CE:E3:DA:26:F2:2A:D4:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFtPe0oW256STwkIzuPaJvIq1IE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/cFFxu9E-8uHkWXGIPlc9ogEWm_o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/36a9af-0d6a-45e3-9ca5-40858b95fcf5/1/NFtPe0oW256STwkIzuPaJvIq1IE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.119.38.0/24
194.1.163.0/24
IPv6:
2001:678:d78::/48
2a0b:dd80::/29
Signature Algorithm: sha256WithRSAEncryption
34:d8:9c:c9:eb:4b:3a:ca:d3:07:da:d5:66:4f:fe:75:d7:4f:
76:c3:23:15:ac:94:11:e8:ce:82:ad:19:dc:1b:07:0a:e6:2c:
75:2f:42:78:38:ed:5e:17:73:b1:55:f0:b3:61:38:78:46:2e:
2c:75:47:11:33:cf:93:4e:1e:a0:e2:4b:ee:b6:2a:9b:df:ae:
8a:4e:d5:81:5b:3b:5b:b8:55:af:26:ce:97:9b:e5:b2:c4:82:
be:43:7c:6e:a7:82:2c:52:80:e6:47:ea:61:78:5e:c1:2a:df:
77:43:71:d6:f4:62:5e:0b:56:2b:99:a1:d9:b9:bc:95:ea:b8:
23:b0:ac:ee:de:cf:89:1b:9e:67:4e:d2:5f:b0:6f:60:16:47:
5a:a5:aa:4a:ea:a1:fd:e1:32:25:b8:3a:dc:35:e2:c0:bc:1c:
94:bb:3e:0b:b5:75:48:3d:de:af:6a:2e:a0:b2:51:b8:42:f3:
3d:64:f7:a8:61:fa:2f:bd:0f:01:45:1a:1e:cf:a9:05:da:06:
16:fb:ac:80:df:ec:b4:79:17:de:72:67:94:eb:5a:17:d7:10:
1a:86:99:8c:a6:b2:c2:ce:e1:04:5d:f7:86:dd:ad:70:3f:38:
c3:b7:bb:3d:b9:b0:e2:11:c3:66:5c:96:82:2e:2c:15:b7:f4:
75:b3:0c:22
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEAd7ixzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDViNGY3YjRhMTZkYjllOTI0ZjA5MDhjZWUzZGEyNmYyMmFkNDgxMB4XDTIyMDEw
MTEyNTYyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzA1MTcxYmJkMTNl
ZjJlMWU0NTk3MTg4M2U1NzNkYTIwMTE2OWJmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANg5mfaIr7uQxAVhpXsSgaTTspY18WtT1jAKMK9bviWESctG
48kHmWOVEcfzormd6Y4BJ8a0jcc0yIW1hUQpMGSAQ9uP1Ex9dVRcRbvwSflCd10O
vsHHPFgFjVr6ddikFS5kOnDIMSzgIFRdjAn3zf2O4aGApprOD3DhyrjH2leBaFCJ
GQCF23AgwYO0T8Y9e8k3j2mBIa7WyiTrjfbjgu0t5LtShf1vlNSeZQ+/mfbYnwxL
x+WDTSIilRypUCYY66ibvhcxn8H3E2NxhxCPydy/CQ66ccs15e2EKi2UqqnGLgNd
6gxPgBdMv8RnfO8DLEXRsWBEAnrAtk/avKA3wyMCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBRwUXG70T7y4eRZcYg+Vz2iARab+jAfBgNVHSMEGDAWgBQ0W097ShbbnpJP
CQjO49om8irUgTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05GdFBlMG9XMjU2U1R3a0l6dVBhSnZJcTFJRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvMzZhOWFmLTBkNmEtNDVlMy05Y2E1LTQwODU4Yjk1ZmNmNS8x
L2NGRnh1OUUtOHVIa1dYR0lQbGM5b2dFV21fby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
MzZhOWFmLTBkNmEtNDVlMy05Y2E1LTQwODU4Yjk1ZmNmNS8xL05GdFBlMG9XMjU2
U1R3a0l6dVBhSnZJcTFJRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwEgQCAAEwDAMEAFx3JgMEAMIBozAWBAIAAjAQAwcA
IAEGeA14AwUDKgvdgDANBgkqhkiG9w0BAQsFAAOCAQEANNicyetLOsrTB9rVZk/+
dddPdsMjFayUEejOgq0Z3BsHCuYsdS9CeDjtXhdzsVXws2E4eEYuLHVHETPPk04e
oOJL7rYqm9+uik7VgVs7W7hVrybOl5vlssSCvkN8bqeCLFKA5kfqYXhewSrfd0Nx
1vRiXgtWK5mh2bm8leq4I7Cs7t7PiRueZ07SX7BvYBZHWqWqSuqh/eEyJbg63DXi
wLwclLs+C7V1SD3er2ouoLJRuELzPWT3qGH6L70PAUUaHs+pBdoGFvusgN/stHkX
3nJnlOtaF9cQGoaZjKayws7hBF33ht2tcD84w7e7Pbmw4hHDZlyWgi4sFbf0dbMM
Ig==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:47:31 2025 by rpki-client