Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/3cZ3CPWfVFmf8ctT43YTwDw7wok.roa
File: 3cZ3CPWfVFmf8ctT43YTwDw7wok.roa (raw, json)
Hash identifier: hd8qAt9j5Rcdgi9lLCFobS84t/k7hASZa1IAju7OqmE=
Subject key identifier: DD:C6:77:08:F5:9F:54:59:9F:F1:CB:53:E3:76:13:C0:3C:3B:C2:89
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 09FAE888
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/3cZ3CPWfVFmf8ctT43YTwDw7wok.roa
Signing time: Sat 01 Jan 2022 11:55:58 +0000
ROA not before: Sat 01 Jan 2022 11:55:58 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43260
IP address blocks: 193.31.116.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 167438472 (0x9fae888)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 1 11:55:58 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ddc67708f59f54599ff1cb53e37613c03c3bc289
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:a3:a1:93:5a:21:03:10:c7:59:bb:56:2d:34:
e1:e2:38:72:49:48:65:07:6e:86:50:e7:e0:94:17:
9a:50:97:ed:50:6f:34:77:a2:b3:47:81:2d:da:ab:
7e:04:10:f2:3a:1d:73:3e:ae:9d:a0:49:c3:77:5b:
87:84:5c:e7:47:cf:3d:3c:69:0e:80:02:8a:fe:09:
02:22:63:19:b8:2a:c2:dd:17:e2:74:f6:ba:e7:4a:
fe:8e:8c:ec:a6:43:39:bb:ff:f4:98:e6:65:6f:86:
5a:8d:34:6f:61:40:83:8a:8d:45:69:25:e1:b2:97:
40:b7:75:23:bf:75:bc:a3:8c:a9:54:fb:3a:c4:99:
bb:3c:2e:98:3e:d4:c7:4d:73:db:0a:b2:30:b4:b5:
2d:aa:54:1e:bc:e3:76:99:61:93:f2:aa:42:13:28:
a4:7e:d6:55:13:a3:43:56:9d:ea:d8:cf:ba:13:61:
17:a4:d9:1c:23:01:f6:f3:78:e6:76:6c:ac:9f:a8:
3c:79:49:42:77:40:55:fe:02:d9:5b:0e:88:aa:fe:
6b:3b:31:01:bf:5d:81:ff:66:df:a4:54:87:2f:ff:
88:4b:63:3a:68:55:b7:d9:c0:7c:c3:a8:7a:90:5b:
cb:94:7e:67:5c:91:d2:e0:2b:4e:38:a1:06:7d:e4:
b1:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C6:77:08:F5:9F:54:59:9F:F1:CB:53:E3:76:13:C0:3C:3B:C2:89
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/3cZ3CPWfVFmf8ctT43YTwDw7wok.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.41.0/24
193.31.116.0/24
Signature Algorithm: sha256WithRSAEncryption
03:2e:f0:84:25:35:c1:f0:ef:51:17:d7:8b:d9:aa:76:13:3e:
b2:d3:7b:c5:b2:fb:51:8a:32:57:98:0c:bd:c0:18:6b:ee:14:
43:67:a4:42:c6:8b:60:e3:ad:5e:0c:ac:d3:2d:db:96:34:0c:
98:f0:94:e4:c1:aa:e8:69:1b:02:94:92:f4:43:b7:65:f6:25:
41:56:f6:45:fb:7d:6f:55:0e:a9:77:60:b4:8d:d6:74:33:a2:
75:2a:d9:90:4b:7e:1f:96:f4:16:90:f9:b1:3c:e9:0b:88:fa:
7a:a6:93:30:38:36:7a:d1:26:b4:27:be:bc:6e:47:91:a4:d7:
80:b5:0f:7f:af:41:a4:a0:6a:2e:13:3c:70:87:f1:e0:11:ee:
35:ab:59:51:64:9d:b7:60:4e:26:2d:41:2f:ba:2f:57:08:a0:
69:a9:82:23:96:f1:1d:60:53:0b:e4:7f:94:33:37:a6:1c:fa:
ea:cb:13:c2:df:a7:b0:88:f8:90:78:fb:c2:ee:d2:50:73:3c:
48:41:e6:98:48:5a:83:78:c3:73:b3:92:15:c0:dd:86:9b:a2:
03:03:8a:bd:0b:69:a1:f8:40:f0:17:27:60:a5:f3:45:ba:f5:
bc:4d:0a:78:56:83:af:0a:1e:56:d2:69:96:bb:0e:84:ac:e9:
5c:84:16:0a
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECfroiDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZGIzNDc3NGIwMTk3OTI4NGZkOWU3NTRmZWE2OGZhM2M2MTc4M2QwMB4XDTIyMDEw
MTExNTU1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGRjNjc3MDhmNTlm
NTQ1OTlmZjFjYjUzZTM3NjEzYzAzYzNiYzI4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM6joZNaIQMQx1m7Vi004eI4cklIZQduhlDn4JQXmlCX7VBv
NHeis0eBLdqrfgQQ8jodcz6unaBJw3dbh4Rc50fPPTxpDoACiv4JAiJjGbgqwt0X
4nT2uudK/o6M7KZDObv/9JjmZW+GWo00b2FAg4qNRWkl4bKXQLd1I791vKOMqVT7
OsSZuzwumD7Ux01z2wqyMLS1LapUHrzjdplhk/KqQhMopH7WVROjQ1ad6tjPuhNh
F6TZHCMB9vN45nZsrJ+oPHlJQndAVf4C2VsOiKr+azsxAb9dgf9m36RUhy//iEtj
OmhVt9nAfMOoepBby5R+Z1yR0uArTjihBn3ksSkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTdxncI9Z9UWZ/xy1PjdhPAPDvCiTAfBgNVHSMEGDAWgBSNs0d0sBl5KE/Z
51T+po+jxheD0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2piTkhkTEFaZVNoUDJlZFVfcWFQbzhZWGc5QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvNzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8x
LzNjWjNDUFdmVkZtZjhjdFQ0M1lUd0R3N3dvay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
NzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8xL2piTkhkTEFaZVNo
UDJlZFVfcWFQbzhZWGc5QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALBiKQMEAMEfdDANBgkqhkiG9w0B
AQsFAAOCAQEAAy7whCU1wfDvURfXi9mqdhM+stN7xbL7UYoyV5gMvcAYa+4UQ2ek
QsaLYOOtXgys0y3bljQMmPCU5MGq6GkbApSS9EO3ZfYlQVb2Rft9b1UOqXdgtI3W
dDOidSrZkEt+H5b0FpD5sTzpC4j6eqaTMDg2etEmtCe+vG5HkaTXgLUPf69BpKBq
LhM8cIfx4BHuNatZUWSdt2BOJi1BL7ovVwigaamCI5bxHWBTC+R/lDM3phz66ssT
wt+nsIj4kHj7wu7SUHM8SEHmmEhag3jDc7OSFcDdhpuiAwOKvQtpofhA8BcnYKXz
Rbr1vE0KeFaDrwoeVtJplrsOhKzpXIQWCg==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:40:18 2025 by rpki-client