Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/rQJosk_qdyi4nvfAeydXq3pJgiQ.roa
File: rQJosk_qdyi4nvfAeydXq3pJgiQ.roa (raw, json)
Hash identifier: GaAWzMA8e3WdL+bb2tmUPvyv8IS0TmVmqYJiNHFnq4c=
Subject key identifier: AD:02:68:B2:4F:EA:77:28:B8:9E:F7:C0:7B:27:57:AB:7A:49:82:24
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 0A0C23ED
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/rQJosk_qdyi4nvfAeydXq3pJgiQ.roa
Signing time: Wed 05 Jan 2022 18:06:13 +0000
ROA not before: Wed 05 Jan 2022 18:06:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61084
IP address blocks: 193.31.116.0/24 maxlen: 24
213.226.119.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
84.54.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 168567789 (0xa0c23ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 5 18:06:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ad0268b24fea7728b89ef7c07b2757ab7a498224
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:5c:eb:75:ca:71:e4:f7:9a:2f:b6:26:0d:c6:
0b:0b:1e:9b:25:38:22:46:8a:48:25:87:c9:0e:22:
60:12:9b:38:88:f4:92:5f:c7:59:61:cb:4d:aa:d2:
80:a3:e2:28:53:8d:88:0d:83:3e:34:e5:48:bb:1a:
ff:35:73:3c:4e:bc:84:df:c4:a9:00:08:6a:e0:78:
00:06:27:30:1a:fb:62:12:24:d9:f1:1b:29:c7:de:
75:4d:27:a4:1f:b2:bc:75:33:53:e9:3d:f8:ee:38:
02:ce:32:76:e5:56:1e:e3:ef:85:5e:9e:b9:be:cc:
e2:a0:b9:ee:6c:26:5e:df:e9:3d:79:ad:d2:83:a4:
bf:d7:8e:4d:f7:9e:93:dc:16:77:25:18:00:ad:bc:
de:e2:53:d7:0c:5c:1b:78:f6:23:1f:7b:a3:93:72:
25:68:d1:ad:e6:4d:49:c5:22:03:8c:d7:36:8e:bc:
cc:6e:a5:2b:22:da:dd:de:2c:e2:02:01:fc:b1:eb:
36:12:7d:b2:5c:32:9f:51:58:5e:e7:5e:18:26:2b:
15:c7:3b:f2:80:3a:ed:98:8f:e9:58:d1:00:51:c5:
80:79:06:dd:d5:5e:f6:cc:5a:6e:64:89:44:66:0b:
6d:17:1b:bf:e7:d3:da:d8:32:7d:4a:5d:26:65:38:
f8:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:02:68:B2:4F:EA:77:28:B8:9E:F7:C0:7B:27:57:AB:7A:49:82:24
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/rQJosk_qdyi4nvfAeydXq3pJgiQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.13.0/24
176.98.41.0/24
193.31.116.0/24
213.226.119.0/24
Signature Algorithm: sha256WithRSAEncryption
00:da:8d:f9:b8:66:2d:0c:2c:fa:cf:b9:bc:0d:bb:36:ef:d4:
59:32:c7:5e:3b:0e:6b:fc:29:c8:66:e9:ac:6d:9d:45:81:ec:
9d:6d:74:6a:72:64:05:ef:12:04:e0:12:b2:92:85:fe:58:5b:
ae:97:b7:78:37:e7:ef:57:55:3a:78:75:70:a7:79:d5:d9:34:
d0:21:54:75:0c:d0:8b:f3:8f:aa:fe:9f:e2:d8:3c:35:cf:a0:
c4:3f:7b:72:c3:da:02:74:93:7d:72:7d:37:ec:d6:80:33:c7:
d6:88:1a:b3:cb:4b:9d:8d:c9:1b:e8:36:a1:0c:19:c8:60:7e:
4f:bc:f8:2e:54:e1:cd:b7:aa:fe:e7:a2:9f:85:38:45:c4:58:
f3:e7:f2:d4:f5:1b:54:e0:eb:8e:df:9a:06:4b:39:68:11:e3:
44:79:fe:b0:88:eb:af:04:80:73:71:9d:a8:9e:38:e7:07:27:
a3:56:aa:e3:58:e1:71:01:31:2e:04:5e:c7:ce:c2:dc:e5:04:
af:a2:a7:ae:97:41:64:21:0f:0b:ea:fe:6a:9b:f1:c9:5f:bd:
cb:6a:86:c4:6b:09:3e:06:0c:45:e3:b8:2e:61:cd:c9:07:1f:
47:4a:cf:7d:fc:9e:e2:34:5f:a1:c4:7b:22:0f:66:81:a9:2e:
33:d6:7d:50
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIECgwj7TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZGIzNDc3NGIwMTk3OTI4NGZkOWU3NTRmZWE2OGZhM2M2MTc4M2QwMB4XDTIyMDEw
NTE4MDYxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWQwMjY4YjI0ZmVh
NzcyOGI4OWVmN2MwN2IyNzU3YWI3YTQ5ODIyNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMdc63XKceT3mi+2Jg3GCwsemyU4IkaKSCWHyQ4iYBKbOIj0
kl/HWWHLTarSgKPiKFONiA2DPjTlSLsa/zVzPE68hN/EqQAIauB4AAYnMBr7YhIk
2fEbKcfedU0npB+yvHUzU+k9+O44As4yduVWHuPvhV6eub7M4qC57mwmXt/pPXmt
0oOkv9eOTfeek9wWdyUYAK283uJT1wxcG3j2Ix97o5NyJWjRreZNScUiA4zXNo68
zG6lKyLa3d4s4gIB/LHrNhJ9slwyn1FYXudeGCYrFcc78oA67ZiP6VjRAFHFgHkG
3dVe9sxabmSJRGYLbRcbv+fT2tgyfUpdJmU4+C8CAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBStAmiyT+p3KLie98B7J1erekmCJDAfBgNVHSMEGDAWgBSNs0d0sBl5KE/Z
51T+po+jxheD0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2piTkhkTEFaZVNoUDJlZFVfcWFQbzhZWGc5QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvNzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8x
L3JRSm9za19xZHlpNG52ZkFleWRYcTNwSmdpUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
NzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8xL2piTkhkTEFaZVNo
UDJlZFVfcWFQbzhZWGc5QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFQ2DQMEALBiKQMEAMEfdAMEANXi
dzANBgkqhkiG9w0BAQsFAAOCAQEAANqN+bhmLQws+s+5vA27Nu/UWTLHXjsOa/wp
yGbprG2dRYHsnW10anJkBe8SBOASspKF/lhbrpe3eDfn71dVOnh1cKd51dk00CFU
dQzQi/OPqv6f4tg8Nc+gxD97csPaAnSTfXJ9N+zWgDPH1ogas8tLnY3JG+g2oQwZ
yGB+T7z4LlThzbeq/uein4U4RcRY8+fy1PUbVODrjt+aBks5aBHjRHn+sIjrrwSA
c3GdqJ445wcno1aq41jhcQExLgRex87C3OUEr6KnrpdBZCEPC+r+apvxyV+9y2qG
xGsJPgYMReO4LmHNyQcfR0rPffye4jRfocR7Ig9mgakuM9Z9UA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:45:36 2025 by rpki-client