Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/gdI33GNOPKDiESYGP0wfk1SSVnU.roa
File: gdI33GNOPKDiESYGP0wfk1SSVnU.roa (raw, json)
Hash identifier: xJSjW898OWJYFWHdJxnnAU1XNdpx/bpx6Q9RkYZHmvs=
Subject key identifier: 81:D2:37:DC:63:4E:3C:A0:E2:11:26:06:3F:4C:1F:93:54:92:56:75
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 01857169E42506BD1AA91F327FDABADA4B4F
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/gdI33GNOPKDiESYGP0wfk1SSVnU.roa
Signing time: Mon 02 Jan 2023 07:37:23 +0000
ROA not before: Mon 02 Jan 2023 07:37:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44620
IP address blocks: 84.54.12.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:e4:25:06:bd:1a:a9:1f:32:7f:da:ba:da:4b:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 2 07:37:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=81d237dc634e3ca0e21126063f4c1f9354925675
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:64:d5:74:f9:f3:90:cf:02:72:66:9c:75:5c:
30:1c:7b:50:63:5a:1e:c9:b3:5b:2b:f4:4d:cb:45:
d4:ea:c5:11:80:32:94:33:50:fd:7c:96:cd:cb:47:
1d:bd:a2:55:d4:36:52:ad:89:ab:f7:59:12:9b:9f:
b4:ac:20:88:7d:6b:26:35:ee:a6:09:98:ab:0a:4f:
75:c0:67:73:83:19:34:50:88:f4:b4:e8:9c:45:f8:
13:98:cf:c5:bd:6b:a1:b6:9c:dc:fe:30:e0:f1:24:
9e:34:d2:27:96:ae:a7:58:84:60:ba:74:ef:36:e7:
da:f5:97:c0:39:91:99:e9:94:e8:af:5b:8e:fe:8e:
5f:57:f7:eb:b6:d1:51:ec:56:18:bc:db:be:ec:3e:
45:44:1c:54:57:cd:e3:4d:dc:e8:cb:33:c7:d5:18:
19:55:7b:e0:53:0d:67:15:2d:eb:ee:52:2b:f8:99:
cf:c4:f7:c0:20:12:c7:c7:4f:8a:8e:f1:6b:4c:37:
d4:56:3e:73:8a:99:2a:c1:51:65:00:00:bb:e9:a9:
70:8d:60:0d:7c:7d:4f:13:dd:cf:04:84:79:1b:85:
29:2f:58:24:fd:db:de:7d:90:37:c2:e7:d7:29:aa:
61:e5:67:c6:5b:31:da:1e:23:eb:f5:0a:46:80:0c:
3f:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:D2:37:DC:63:4E:3C:A0:E2:11:26:06:3F:4C:1F:93:54:92:56:75
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/gdI33GNOPKDiESYGP0wfk1SSVnU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.12.0/24
Signature Algorithm: sha256WithRSAEncryption
d7:82:a4:fe:74:1c:f1:a5:90:95:33:86:14:1d:c7:92:a3:6d:
4a:2c:da:b8:24:c1:d8:b3:23:6d:e8:dd:40:c5:4f:b6:7a:7a:
61:cd:18:6d:31:9c:c8:c6:53:b6:12:9e:e2:3e:c7:a3:74:c7:
6e:33:08:f1:e7:29:a1:26:68:b3:69:a5:b0:5f:2e:2f:5d:aa:
df:ce:01:16:60:0a:f4:7e:49:4b:ac:3d:be:84:58:d6:c8:2f:
14:77:41:25:f6:6a:68:db:ce:ec:a1:54:45:b2:2c:ed:dc:60:
a2:60:d3:9d:98:63:01:ab:db:c2:48:ed:5d:a0:3b:78:db:99:
b0:1d:fb:2f:24:f6:96:c8:e1:62:74:f6:8b:da:1a:ab:3f:4b:
07:f1:44:8f:53:4f:a3:4a:f7:4d:b2:2d:4a:86:6c:4a:3d:8d:
e1:9f:7b:5e:8a:5a:a1:97:87:9a:a9:d7:c9:e3:a4:b7:f7:d5:
52:a6:9e:3b:47:85:9d:e9:20:69:78:9b:64:3e:d3:9a:0c:60:
84:71:d4:7a:9f:20:18:eb:c6:f7:e1:aa:ad:91:e7:d6:f3:7c:
ed:5a:3b:57:71:a1:3d:a9:e6:74:30:b8:b2:11:57:8a:26:bd:
1e:60:1c:57:e3:84:50:6b:38:7b:44:32:9d:93:1d:8b:43:4c:
a6:a8:5a:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxaeQlBr0aqR8yf9q62ktPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwMTAyMDczNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQyMzdkYzYzNGUzY2EwZTIxMTI2MDYzZjRjMWY5MzU0OTI1Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2TVdPnzkM8CcmacdVwwHHtQY1oe
ybNbK/RNy0XU6sURgDKUM1D9fJbNy0cdvaJV1DZSrYmr91kSm5+0rCCIfWsmNe6m
CZirCk91wGdzgxk0UIj0tOicRfgTmM/FvWuhtpzc/jDg8SSeNNInlq6nWIRgunTv
Nufa9ZfAOZGZ6ZTor1uO/o5fV/frttFR7FYYvNu+7D5FRBxUV83jTdzoyzPH1RgZ
VXvgUw1nFS3r7lIr+JnPxPfAIBLHx0+KjvFrTDfUVj5zipkqwVFlAAC76alwjWAN
fH1PE93PBIR5G4UpL1gk/dvefZA3wufXKaph5WfGWzHaHiPr9QpGgAw/2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHSN9xjTjyg4hEmBj9MH5NUklZ1MB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvZ2RJMzNHTk9QS0RpRVNZR1Awd2ZrMVNTVm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDYMMA0G
CSqGSIb3DQEBCwUAA4IBAQDXgqT+dBzxpZCVM4YUHceSo21KLNq4JMHYsyNt6N1A
xU+2enphzRhtMZzIxlO2Ep7iPsejdMduMwjx5ymhJmizaaWwXy4vXarfzgEWYAr0
fklLrD2+hFjWyC8Ud0El9mpo287soVRFsizt3GCiYNOdmGMBq9vCSO1doDt425mw
HfsvJPaWyOFidPaL2hqrP0sH8USPU0+jSvdNsi1KhmxKPY3hn3teilqhl4eaqdfJ
46S399VSpp47R4Wd6SBpeJtkPtOaDGCEcdR6nyAY68b34aqtkefW83ztWjtXcaE9
qeZ0MLiyEVeKJr0eYBxX44RQazh7RDKdkx2LQ0ymqFq/
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:38:45 2025 by rpki-client