Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/Fs0J_mR9AKZ0fuEyuf6HfTJDPo0.roa
File: Fs0J_mR9AKZ0fuEyuf6HfTJDPo0.roa (raw, json)
Hash identifier: jLnoKva5usK/wddj0c9y8/d8kixj5Lt4PLePh7Gotvw=
Subject key identifier: 16:CD:09:FE:64:7D:00:A6:74:7E:E1:32:B9:FE:87:7D:32:43:3E:8D
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 019424B3F8185AF09560A64B0D3C1E92246C
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/Fs0J_mR9AKZ0fuEyuf6HfTJDPo0.roa
Signing time: Thu 02 Jan 2025 01:49:21 +0000
ROA not before: Thu 02 Jan 2025 01:49:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41269
IP address blocks: 193.47.166.0/24 maxlen: 24
193.238.108.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:f8:18:5a:f0:95:60:a6:4b:0d:3c:1e:92:24:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 2 01:49:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=16cd09fe647d00a6747ee132b9fe877d32433e8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b3:41:db:58:a7:6a:7b:09:ac:0e:aa:27:19:
be:b0:0b:70:d5:99:47:be:41:bc:f0:8e:0a:6e:cd:
4c:fc:9e:b3:31:48:1a:14:ec:e7:da:ef:d8:39:f2:
2d:5b:f9:e1:91:de:f3:44:d5:4e:58:4f:2a:07:18:
72:86:74:01:a3:a2:c4:a2:db:9a:1f:2c:7b:6e:e4:
4e:5c:f3:bb:11:bb:3b:84:d2:42:b3:0e:4a:94:92:
1a:48:af:62:a2:d6:44:8d:b3:33:ea:05:8d:ea:0a:
0d:f1:76:9c:b4:ed:23:fb:6d:42:9f:4a:96:42:23:
74:5f:67:30:3a:77:de:d2:a7:60:92:bd:20:be:8e:
65:9b:12:10:0a:9a:4b:ed:c7:9d:79:88:7f:09:ca:
1b:37:1b:9a:cc:1d:ee:05:d6:e1:da:f7:79:3b:26:
75:ea:0e:b9:0e:05:bc:11:e5:94:4b:43:f1:8d:c6:
8c:ab:57:28:7c:4d:13:81:37:0c:f8:26:ae:c3:c0:
02:91:67:8e:77:99:56:33:c9:ff:6f:9d:d8:7e:4c:
5a:99:42:5e:2a:f5:b4:c5:88:eb:45:c6:1d:ed:0f:
d0:cf:4f:cf:67:7b:a8:d6:0b:3b:9b:56:07:5d:20:
44:ef:4c:1a:d8:25:f4:bf:38:1c:33:ed:8e:a6:ef:
94:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:CD:09:FE:64:7D:00:A6:74:7E:E1:32:B9:FE:87:7D:32:43:3E:8D
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/Fs0J_mR9AKZ0fuEyuf6HfTJDPo0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.47.166.0/24
193.238.108.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:48:48:4d:28:e3:94:3f:cd:53:a3:a3:61:bd:d8:e9:d6:bc:
0c:e1:34:9e:9a:2c:31:e4:24:32:12:9d:50:33:a1:b1:a9:08:
d1:fb:c0:ed:02:7b:23:05:14:43:73:ec:02:cc:2f:04:4a:37:
48:9c:44:0f:2a:e1:17:b2:e7:94:b6:4a:d5:f0:96:45:b8:44:
02:cc:65:6a:4c:ef:52:d7:a7:83:f3:83:21:14:bd:7c:60:ca:
df:d8:c5:87:53:e2:2a:5b:60:5a:83:1e:9c:0f:75:8c:12:d5:
d3:fe:27:c9:94:73:e3:70:d2:25:93:dc:ed:10:d4:cf:74:fc:
b7:fb:34:25:b2:47:b4:2d:fd:bd:61:2a:e1:ca:39:c1:d7:c0:
86:b7:e3:8f:63:e7:e1:80:2b:bf:dd:f1:d2:87:78:4b:30:06:
ee:3b:8c:c6:00:f2:47:a3:a3:09:48:bf:1f:a2:9c:46:eb:ca:
17:2d:a8:9e:f2:90:cb:e7:b7:a3:be:d9:1c:90:94:bb:3b:99:
c4:48:be:fd:c1:71:5f:17:dc:4f:95:b4:1f:07:5d:7c:52:4d:
ef:9a:9f:ad:0a:eb:70:7c:1e:78:e2:2a:14:90:1a:66:73:75:
e1:7f:85:33:69:38:6b:c3:e9:4d:ab:01:58:00:84:b6:d7:9d:
6b:1c:9f:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks/gYWvCVYKZLDTwekiRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjUwMTAyMDE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmNkMDlmZTY0N2QwMGE2NzQ3ZWUxMzJiOWZlODc3ZDMyNDMzZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LNB21inansJrA6qJxm+sAtw1ZlH
vkG88I4Kbs1M/J6zMUgaFOzn2u/YOfItW/nhkd7zRNVOWE8qBxhyhnQBo6LEotua
Hyx7buROXPO7Ebs7hNJCsw5KlJIaSK9iotZEjbMz6gWN6goN8XactO0j+21Cn0qW
QiN0X2cwOnfe0qdgkr0gvo5lmxIQCppL7cedeYh/CcobNxuazB3uBdbh2vd5OyZ1
6g65DgW8EeWUS0PxjcaMq1cofE0TgTcM+Cauw8ACkWeOd5lWM8n/b53YfkxamUJe
KvW0xYjrRcYd7Q/Qz0/PZ3uo1gs7m1YHXSBE70wa2CX0vzgcM+2Opu+UyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBbNCf5kfQCmdH7hMrn+h30yQz6NMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvRnMwSl9tUjlBS1owZnVFeXVmNkhmVEpEUG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS+mAwQA
we5sMA0GCSqGSIb3DQEBCwUAA4IBAQCcSEhNKOOUP81To6Nhvdjp1rwM4TSemiwx
5CQyEp1QM6GxqQjR+8DtAnsjBRRDc+wCzC8ESjdInEQPKuEXsueUtkrV8JZFuEQC
zGVqTO9S16eD84MhFL18YMrf2MWHU+IqW2Bagx6cD3WMEtXT/ifJlHPjcNIlk9zt
ENTPdPy3+zQlske0Lf29YSrhyjnB18CGt+OPY+fhgCu/3fHSh3hLMAbuO4zGAPJH
o6MJSL8fopxG68oXLaie8pDL57ejvtkckJS7O5nESL79wXFfF9xPlbQfB118Uk3v
mp+tCutwfB544ioUkBpmc3Xhf4UzaThrw+lNqwFYAIS2151rHJ+6
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:48:10 2025 by rpki-client