Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jwjAfsFTl5dC1AyHizarR9vJcmE.roa
File: jwjAfsFTl5dC1AyHizarR9vJcmE.roa (raw, json)
Hash identifier: nGc5v6AeHwtMSX2mAGDvE5ZJKH+EjJJpB42gn9jRP60=
Subject key identifier: 8F:08:C0:7E:C1:53:97:97:42:D4:0C:87:8B:36:AB:47:DB:C9:72:61
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 019096B1D20B44EEE1AFC56219F561C8F36A
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jwjAfsFTl5dC1AyHizarR9vJcmE.roa
Signing time: Tue 09 Jul 2024 08:52:34 +0000
ROA not before: Tue 09 Jul 2024 08:52:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61220
IP address blocks: 84.54.14.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
89.43.78.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
193.31.117.0/24 maxlen: 24
193.31.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:96:b1:d2:0b:44:ee:e1:af:c5:62:19:f5:61:c8:f3:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jul 9 08:52:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8f08c07ec153979742d40c878b36ab47dbc97261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a8:c6:e7:2d:0d:1e:cd:2b:0d:6e:1e:2d:3b:
ae:7f:4f:2a:86:f6:ee:9d:ff:36:d2:9b:41:20:e1:
f8:67:17:a8:02:16:f8:d2:b4:d1:b7:23:48:7f:7b:
9a:ef:f5:ce:6e:6e:a4:60:cd:2e:88:34:df:0d:86:
37:df:28:db:69:90:1e:74:ce:97:4e:77:4a:4f:e2:
7b:ea:cb:e4:92:45:83:ff:87:46:e3:c8:42:9e:95:
74:9a:68:c2:8e:6c:08:e2:80:62:ca:7b:4a:82:b9:
9d:6b:21:e7:66:e2:80:05:8e:3e:52:ee:48:9d:b8:
a4:b1:98:cd:e6:ac:35:28:c5:78:79:17:a0:34:de:
c2:72:04:29:90:44:d7:ce:b6:43:48:07:a0:2c:a3:
47:3e:ee:cd:db:99:fc:e3:06:d7:25:b8:b5:f2:5b:
39:9b:9c:73:a9:bc:7f:e4:9e:20:1f:7e:9f:d3:d7:
bb:34:03:16:70:44:69:e0:7d:0a:5b:3f:44:73:33:
1e:e5:f7:ac:c5:54:1c:85:56:35:e0:59:c1:34:9b:
8e:03:c1:ba:a1:cf:55:4a:fd:59:cd:ff:67:0f:b4:
ea:e1:76:01:54:f7:32:7f:84:0c:94:cc:8a:fb:33:
c5:6f:f9:28:f9:aa:fd:9a:ab:30:88:22:9d:4e:41:
53:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:08:C0:7E:C1:53:97:97:42:D4:0C:87:8B:36:AB:47:DB:C9:72:61
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jwjAfsFTl5dC1AyHizarR9vJcmE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
176.98.42.0/23
185.81.152.0/22
193.31.117.0/24
193.31.119.0/24
Signature Algorithm: sha256WithRSAEncryption
39:69:50:e8:63:19:ed:e7:aa:bd:6b:13:c3:84:4e:7c:2c:c6:
8c:15:04:aa:db:12:1d:a5:6f:96:17:bb:25:41:e9:60:d2:6a:
85:9d:44:54:0c:2e:f3:95:ac:d6:e4:d8:5e:57:c2:4c:d7:19:
37:28:38:79:1f:6b:4c:4e:83:0d:87:82:2d:a1:cf:6c:90:24:
74:b2:78:60:d7:0c:15:0e:b2:c5:d3:00:f2:f1:23:20:64:3f:
5f:e2:1c:c3:d4:27:c2:71:ca:59:de:e7:18:82:a6:7d:4b:a1:
cc:50:e8:6e:1f:36:71:54:d7:42:e5:00:f2:45:58:6d:fd:84:
4d:7e:39:38:d7:e4:e3:31:5f:d0:8c:aa:3e:84:ab:83:a1:74:
c1:fb:cc:fd:28:f2:7a:c5:73:64:34:8e:2d:70:71:99:af:fc:
3b:19:7d:df:37:3e:f2:43:ee:2d:2a:ce:eb:be:aa:f4:16:d3:
26:08:05:dd:0f:85:1f:e0:b0:27:c5:26:fc:3b:02:04:00:b1:
f4:f2:46:c7:6c:64:e6:e7:07:df:7c:1b:d7:c7:37:74:03:20:
1b:a7:10:f4:bf:08:65:41:b7:3b:45:9b:ca:94:88:c8:56:15:
a6:de:e6:b4:93:fc:29:12:af:71:21:5a:ee:75:85:7a:ae:55:
54:35:aa:9f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZCWsdILRO7hr8ViGfVhyPNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwNzA5MDg1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA4YzA3ZWMxNTM5Nzk3NDJkNDBjODc4YjM2YWI0N2RiYzk3MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKjG5y0NHs0rDW4eLTuuf08qhvbu
nf820ptBIOH4ZxeoAhb40rTRtyNIf3ua7/XObm6kYM0uiDTfDYY33yjbaZAedM6X
TndKT+J76svkkkWD/4dG48hCnpV0mmjCjmwI4oBiyntKgrmdayHnZuKABY4+Uu5I
nbiksZjN5qw1KMV4eRegNN7CcgQpkETXzrZDSAegLKNHPu7N25n84wbXJbi18ls5
m5xzqbx/5J4gH36f09e7NAMWcERp4H0KWz9EczMe5fesxVQchVY14FnBNJuOA8G6
oc9VSv1Zzf9nD7Tq4XYBVPcyf4QMlMyK+zPFb/ko+ar9mqswiCKdTkFTVQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFI8IwH7BU5eXQtQMh4s2q0fbyXJhMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvandqQWZzRlRsNWRDMUF5SGl6YXJSOXZKY21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYAwQAwR91AwQAwR93MA0GCSqGSIb3DQEBCwUA
A4IBAQA5aVDoYxnt56q9axPDhE58LMaMFQSq2xIdpW+WF7slQelg0mqFnURUDC7z
lazW5NheV8JM1xk3KDh5H2tMToMNh4Itoc9skCR0snhg1wwVDrLF0wDy8SMgZD9f
4hzD1CfCccpZ3ucYgqZ9S6HMUOhuHzZxVNdC5QDyRVht/YRNfjk41+TjMV/QjKo+
hKuDoXTB+8z9KPJ6xXNkNI4tcHGZr/w7GX3fNz7yQ+4tKs7rvqr0FtMmCAXdD4Uf
4LAnxSb8OwIEALH08kbHbGTm5wfffBvXxzd0AyAbpxD0vwhlQbc7RZvKlIjIVhWm
3ua0k/wpEq9xIVrudYV6rlVUNaqf
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:49:55 2025 by rpki-client