Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bdXQKq2uEOa0-AYk6Y5Y83IU1Rw.roa
File: bdXQKq2uEOa0-AYk6Y5Y83IU1Rw.roa (raw, json)
Hash identifier: L3YHO6QtaVLsUF/i7jq6mpapOm8ABMrZD3OSdjEgpNg=
Subject key identifier: 6D:D5:D0:2A:AD:AE:10:E6:B4:F8:06:24:E9:8E:58:F3:72:14:D5:1C
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 019424458DDBCFC027A55686AD4592B597C9
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bdXQKq2uEOa0-AYk6Y5Y83IU1Rw.roa
Signing time: Wed 01 Jan 2025 23:48:45 +0000
ROA not before: Wed 01 Jan 2025 23:48:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61220
IP address blocks: 84.54.14.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
89.43.78.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
193.31.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:8d:db:cf:c0:27:a5:56:86:ad:45:92:b5:97:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 1 23:48:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6dd5d02aadae10e6b4f80624e98e58f37214d51c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b4:c7:3f:7f:c7:f5:41:28:56:76:b8:35:62:
84:dd:ad:2b:7e:1d:05:52:93:ac:f4:fb:be:0b:35:
d1:05:e3:16:68:64:25:52:f0:a4:b2:47:cc:fd:8c:
54:23:07:92:24:7e:6f:7c:5b:62:37:27:ed:a9:a2:
08:f5:9a:7a:d2:0f:6b:dd:a1:48:4c:87:6e:fc:b9:
6b:b4:53:ff:a4:ea:94:f7:80:07:00:91:08:d2:44:
fe:94:6d:c6:28:93:38:76:d1:09:ae:18:05:f9:b8:
15:68:55:10:bb:59:3a:b1:c4:dd:fa:54:c0:02:f1:
0e:e3:79:52:f9:f0:d2:ec:f1:78:5a:04:87:92:d5:
b8:bf:93:85:a1:41:70:6d:da:10:4f:e9:ef:d5:a8:
08:f7:08:7d:9d:a8:4b:79:6e:9a:b5:2e:24:68:c1:
7b:51:04:c9:a8:00:be:df:58:91:27:ab:a9:54:ee:
dc:1b:93:dc:08:d2:0d:50:03:59:a5:60:f1:89:ba:
46:fe:9c:56:96:38:58:c2:40:25:2d:e4:22:2e:fa:
54:35:d5:96:3e:e9:c3:a9:d8:6d:bc:14:ce:c0:60:
10:7e:bc:7b:2c:e0:39:96:5d:aa:9c:d4:66:d0:d8:
99:2c:84:ac:23:18:a3:b8:c6:46:c9:10:f7:da:1b:
cb:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:D5:D0:2A:AD:AE:10:E6:B4:F8:06:24:E9:8E:58:F3:72:14:D5:1C
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/bdXQKq2uEOa0-AYk6Y5Y83IU1Rw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
176.98.42.0/23
185.81.152.0/22
193.31.119.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:4e:72:da:b6:84:84:61:c6:87:0f:d8:18:ed:0c:56:9f:ac:
cc:1c:70:ae:1e:05:ab:e9:a3:40:c6:6c:39:dc:0e:4d:57:82:
f2:ef:23:bd:4c:ba:d0:1c:3f:16:cc:7a:88:a7:2c:50:8d:c2:
03:48:06:77:22:8a:45:fc:ac:8e:7a:59:d2:c2:5d:01:ea:96:
df:31:1a:f0:ca:42:b6:bd:cb:0d:2a:1a:43:30:58:c2:62:0d:
95:08:06:be:cb:9b:5f:5f:a6:33:80:12:ce:1c:a0:5a:c3:06:
61:98:2e:e1:8a:df:bb:63:0a:34:7e:87:a7:32:55:e9:c3:41:
8d:af:a2:66:aa:9d:4e:cd:1b:20:05:77:e5:8a:17:c4:f0:81:
e4:ae:ca:6c:0f:23:3a:d7:a6:8f:fa:50:06:09:74:5a:83:b6:
87:d0:f3:b4:a1:b5:c8:58:a5:24:a7:92:b5:3e:41:be:0a:b9:
29:e8:80:13:72:7b:0f:f9:38:a0:66:7a:42:80:56:a0:04:d4:
76:b4:07:a6:ca:eb:ae:96:ed:7e:f7:0f:cb:0b:5e:3a:91:ff:
cf:74:4f:7a:b3:b4:89:1c:9d:e7:6d:ea:a6:49:5f:6d:b3:c4:
8f:f6:45:b7:eb:ad:5d:1e:14:f3:8b:c8:3b:e6:41:fe:c6:5e:
6d:e8:e5:a8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQkRY3bz8AnpVaGrUWStZfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ1ZDAyYWFkYWUxMGU2YjRmODA2MjRlOThlNThmMzcyMTRkNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrTHP3/H9UEoVna4NWKE3a0rfh0F
UpOs9Pu+CzXRBeMWaGQlUvCkskfM/YxUIweSJH5vfFtiNyftqaII9Zp60g9r3aFI
TIdu/LlrtFP/pOqU94AHAJEI0kT+lG3GKJM4dtEJrhgF+bgVaFUQu1k6scTd+lTA
AvEO43lS+fDS7PF4WgSHktW4v5OFoUFwbdoQT+nv1agI9wh9nahLeW6atS4kaMF7
UQTJqAC+31iRJ6upVO7cG5PcCNINUANZpWDxibpG/pxWljhYwkAlLeQiLvpUNdWW
PunDqdhtvBTOwGAQfrx7LOA5ll2qnNRm0NiZLISsIxijuMZGyRD32hvLcQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG3V0CqtrhDmtPgGJOmOWPNyFNUcMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvYmRYUUtxMnVFT2EwLUFZazZZNVk4M0lVMVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYAwQAwR93MA0GCSqGSIb3DQEBCwUAA4IBAQC8
TnLatoSEYcaHD9gY7QxWn6zMHHCuHgWr6aNAxmw53A5NV4Ly7yO9TLrQHD8WzHqI
pyxQjcIDSAZ3IopF/KyOelnSwl0B6pbfMRrwykK2vcsNKhpDMFjCYg2VCAa+y5tf
X6YzgBLOHKBawwZhmC7hit+7Ywo0foenMlXpw0GNr6Jmqp1OzRsgBXflihfE8IHk
rspsDyM616aP+lAGCXRag7aH0PO0obXIWKUkp5K1PkG+Crkp6IATcnsP+TigZnpC
gFagBNR2tAemyuuulu1+9w/LC146kf/PdE96s7SJHJ3nbeqmSV9ts8SP9kW3661d
HhTzi8g75kH+xl5t6OWo
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:49:52 2025 by rpki-client