Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bPBBZ2WG8t1xjzzAvFnE2PX5Wgk.roa
File: bPBBZ2WG8t1xjzzAvFnE2PX5Wgk.roa (raw, json)
Hash identifier: Z8qrZy+VRG/cFcQ0Oa6sAvKPpkg+jI3uMYTX0W57QDY=
Subject key identifier: 6C:F0:41:67:65:86:F2:DD:71:8F:3C:C0:BC:59:C4:D8:F5:F9:5A:09
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 018962D67CF2752F1EF3EC674C5A1312511F
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bPBBZ2WG8t1xjzzAvFnE2PX5Wgk.roa
Signing time: Mon 17 Jul 2023 07:52:51 +0000
ROA not before: Mon 17 Jul 2023 07:52:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61220
IP address blocks: 84.54.14.0/24 maxlen: 24
84.54.15.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:62:d6:7c:f2:75:2f:1e:f3:ec:67:4c:5a:13:12:51:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jul 17 07:52:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cf041676586f2dd718f3cc0bc59c4d8f5f95a09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:2d:27:cb:bd:c3:cd:8f:ea:72:51:3d:fa:c1:
d3:ce:eb:d3:6b:a2:35:1d:78:77:84:b5:06:d6:25:
f1:6e:38:9c:8e:dc:bb:23:be:07:ba:31:9c:19:2e:
9f:ce:7f:1a:9f:aa:05:cf:82:d0:0f:45:24:21:3d:
67:9f:74:f8:c0:15:5c:1e:c5:dd:ab:92:ca:ff:5c:
55:b2:d0:b1:d4:3e:d0:90:7a:2f:6e:2e:fb:d8:35:
cf:1e:ef:ac:84:ff:67:ef:34:59:2d:8f:bb:52:f1:
56:45:71:46:af:47:6c:18:c4:fb:60:00:28:59:11:
b3:b9:51:2e:91:1d:ab:7e:6a:83:47:8c:b9:2a:df:
8f:e9:40:e7:e9:37:e5:8c:7b:50:7f:bc:8a:fb:13:
8f:11:b2:e3:1f:9f:84:a0:1b:de:d4:17:64:ec:46:
85:05:28:a5:14:9e:02:a6:4e:37:b5:a2:ac:bb:13:
09:07:ea:f6:d1:43:a2:8f:34:8f:e5:49:c7:ca:e0:
e8:4d:3b:b2:10:20:b7:04:ab:19:1a:32:f2:4d:df:
40:d2:56:05:c4:60:b1:8c:40:04:2b:77:e5:6b:89:
2c:5f:8e:74:49:bc:c2:05:2c:36:f0:4f:a4:7a:88:
bb:e7:c0:43:f4:ba:c4:aa:64:89:6e:9e:f6:69:27:
6a:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:F0:41:67:65:86:F2:DD:71:8F:3C:C0:BC:59:C4:D8:F5:F9:5A:09
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bPBBZ2WG8t1xjzzAvFnE2PX5Wgk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/23
Signature Algorithm: sha256WithRSAEncryption
23:5d:62:b0:a8:00:5e:74:a4:2e:6e:85:98:80:48:11:3b:94:
f8:10:65:45:b9:41:9a:a7:6c:f9:b2:7d:60:70:ce:49:45:1e:
f5:d3:3d:3c:76:29:ea:9a:ca:3d:d7:15:ba:4d:17:66:c9:d5:
e3:c9:08:65:74:42:b3:7d:1b:d6:a5:bf:3a:3e:c7:b6:7a:1c:
a9:d3:63:6b:28:4c:cc:68:52:64:7c:53:ba:b5:6a:8d:ff:bd:
35:0d:2c:f0:44:36:f7:20:07:58:67:36:e6:07:c0:46:37:8b:
d4:f4:aa:54:d7:e4:ca:63:3f:67:69:d0:e0:bb:41:5f:60:31:
6a:c9:07:1c:7e:41:69:53:f6:77:44:e0:18:9d:3a:7f:82:fd:
8d:c3:fe:cb:14:95:59:f1:dd:de:0b:96:19:ca:4e:1a:82:8c:
95:72:c2:1a:d6:aa:56:db:68:dd:e0:4e:2d:d3:4c:d1:9e:cd:
94:96:3a:2b:32:cc:b0:1a:3c:48:9c:98:cb:e8:92:53:a0:ad:
3e:20:92:a6:67:50:f1:ee:d7:33:53:49:12:07:7e:60:67:05:
1e:2f:0c:71:32:a8:92:89:6d:25:7e:da:50:fa:d8:6f:6a:76:
63:51:37:9b:c0:16:2f:08:8c:19:40:ad:47:79:6b:70:7c:05:
9b:3f:38:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYli1nzydS8e8+xnTFoTElEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwNzE3MDc1MjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2YwNDE2NzY1ODZmMmRkNzE4ZjNjYzBiYzU5YzRkOGY1Zjk1YTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS0ny73DzY/qclE9+sHTzuvTa6I1
HXh3hLUG1iXxbjicjty7I74HujGcGS6fzn8an6oFz4LQD0UkIT1nn3T4wBVcHsXd
q5LK/1xVstCx1D7QkHovbi772DXPHu+shP9n7zRZLY+7UvFWRXFGr0dsGMT7YAAo
WRGzuVEukR2rfmqDR4y5Kt+P6UDn6TfljHtQf7yK+xOPEbLjH5+EoBve1Bdk7EaF
BSilFJ4Cpk43taKsuxMJB+r20UOijzSP5UnHyuDoTTuyECC3BKsZGjLyTd9A0lYF
xGCxjEAEK3fla4ksX450SbzCBSw28E+keoi758BD9LrEqmSJbp72aSdqgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzwQWdlhvLdcY88wLxZxNj1+VoJMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvYlBCQloyV0c4dDF4anp6QXZGbkUyUFg1V2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVDYOMA0G
CSqGSIb3DQEBCwUAA4IBAQAjXWKwqABedKQuboWYgEgRO5T4EGVFuUGap2z5sn1g
cM5JRR710z08dinqmso91xW6TRdmydXjyQhldEKzfRvWpb86Pse2ehyp02NrKEzM
aFJkfFO6tWqN/701DSzwRDb3IAdYZzbmB8BGN4vU9KpU1+TKYz9nadDgu0FfYDFq
yQccfkFpU/Z3ROAYnTp/gv2Nw/7LFJVZ8d3eC5YZyk4agoyVcsIa1qpW22jd4E4t
00zRns2UljorMsywGjxInJjL6JJToK0+IJKmZ1Dx7tczU0kSB35gZwUeLwxxMqiS
iW0lftpQ+thvanZjUTebwBYvCIwZQK1HeWtwfAWbPzj8
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:43:21 2025 by rpki-client