Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/3y49hmBPPUII3tNl0o96els4LoY.roa
File: 3y49hmBPPUII3tNl0o96els4LoY.roa (raw, json)
Hash identifier: v/C6Z90DxTQ8RFTYv/+dyzvJWwgctldCKHE86GTrrKg=
Subject key identifier: DF:2E:3D:86:60:4F:3D:42:08:DE:D3:65:D2:8F:7A:7A:5B:38:2E:86
Certificate issuer: /CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Certificate serial: 018BBD9FA0CD4D52415735ACC7E1CECE151D
Authority key identifier: F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/3y49hmBPPUII3tNl0o96els4LoY.roa
Signing time: Sat 11 Nov 2023 09:03:57 +0000
ROA not before: Sat 11 Nov 2023 09:03:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211467
IP address blocks: 193.34.83.0/24 maxlen: 24
185.98.219.0/24 maxlen: 24
185.98.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:bd:9f:a0:cd:4d:52:41:57:35:ac:c7:e1:ce:ce:15:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Validity
Not Before: Nov 11 09:03:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df2e3d86604f3d4208ded365d28f7a7a5b382e86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:cc:c4:24:75:87:7a:b7:cf:76:67:2f:0a:9b:
49:4f:78:57:d6:c8:96:3d:7e:a8:af:90:56:7c:0b:
9b:08:8f:83:8e:1b:2c:51:59:31:3a:24:d0:d2:b2:
d4:06:89:aa:3d:d1:03:2f:e6:a7:bc:5f:6f:66:fb:
5a:9a:14:39:42:89:35:f2:e7:93:7c:ff:47:b7:9d:
3b:5a:07:45:97:3f:1d:c9:ce:e9:23:cc:14:d2:e9:
88:32:0e:79:78:85:7e:4e:a5:6d:79:ff:c2:e4:f3:
2b:ed:01:cc:b9:6d:11:89:3e:e3:b3:9b:8b:6e:67:
68:6f:f9:ca:3b:29:35:89:88:3d:7e:f4:df:74:20:
6a:18:c7:c6:f4:6c:2a:e4:63:d5:59:3a:d5:20:d5:
46:b5:a1:d1:34:73:47:ca:aa:9e:93:66:3d:21:2a:
5a:c7:cf:ba:69:a1:de:1f:dc:c7:70:18:33:fb:f6:
81:e2:b0:16:e3:4f:e2:67:c7:2c:ca:e1:a7:28:08:
13:35:6f:b3:0e:2a:fe:55:43:3d:ab:a8:ae:d1:ed:
b5:0c:52:e7:1e:3c:d3:b0:78:40:a3:18:e9:04:84:
96:14:d3:3a:26:4d:99:c0:7f:3f:51:af:7f:51:51:
7b:6c:bf:dd:8b:e7:5c:e4:80:d5:c4:de:a7:5d:61:
48:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:2E:3D:86:60:4F:3D:42:08:DE:D3:65:D2:8F:7A:7A:5B:38:2E:86
X509v3 Authority Key Identifier:
keyid:F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/3y49hmBPPUII3tNl0o96els4LoY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.98.217.0/24
185.98.219.0/24
193.34.83.0/24
Signature Algorithm: sha256WithRSAEncryption
68:54:fa:60:bf:83:31:b1:d6:70:3d:df:6a:dc:f9:74:30:ff:
8a:46:6a:44:20:b5:78:90:c0:13:43:0e:5c:92:03:77:49:6c:
4d:6f:ed:06:66:e8:de:8c:52:04:71:8a:fb:26:bf:d2:a4:67:
26:32:84:b5:cb:9e:0c:a6:a1:3f:59:d1:b8:10:cd:86:4f:6c:
e5:83:aa:9c:68:77:02:f5:ee:f9:d6:a3:90:42:71:35:7c:01:
bb:0e:20:4b:a3:cd:78:f0:7b:d3:2e:9b:85:90:67:10:e3:70:
db:ea:f5:6f:48:b9:e2:05:aa:6f:d5:84:47:91:5e:a3:13:82:
1c:53:38:a0:4b:0e:35:61:6d:67:cf:fe:d3:f7:d7:d9:6a:23:
26:42:27:e9:b5:16:a9:db:cf:e3:ff:4e:c3:55:b2:df:71:30:
9d:42:28:06:b7:aa:1f:d8:fc:01:30:87:9b:0f:2f:90:d0:16:
85:2b:68:46:ba:e9:ff:10:10:20:21:f5:4f:86:7a:13:9f:f7:
99:b1:06:d1:25:5a:43:8d:9d:81:d8:a1:07:4c:ae:00:4e:f7:
41:31:01:78:fc:9a:7c:43:62:f9:eb:48:b0:9d:f6:20:d0:68:
93:d5:bc:a7:10:18:53:bc:5a:8a:f7:0f:fa:29:3a:b4:5d:9b:
17:49:ff:89
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYu9n6DNTVJBVzWsx+HOzhUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2FhNzk3YjkwMGZjMzU1ZmMyNDEyNDY3NzUxZWViMmMx
YzY0YmUwHhcNMjMxMTExMDkwMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJlM2Q4NjYwNGYzZDQyMDhkZWQzNjVkMjhmN2E3YTViMzgyZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6szEJHWHerfPdmcvCptJT3hX1siW
PX6or5BWfAubCI+DjhssUVkxOiTQ0rLUBomqPdEDL+anvF9vZvtamhQ5Qok18ueT
fP9Ht507WgdFlz8dyc7pI8wU0umIMg55eIV+TqVtef/C5PMr7QHMuW0RiT7js5uL
bmdob/nKOyk1iYg9fvTfdCBqGMfG9Gwq5GPVWTrVINVGtaHRNHNHyqqek2Y9ISpa
x8+6aaHeH9zHcBgz+/aB4rAW40/iZ8csyuGnKAgTNW+zDir+VUM9q6iu0e21DFLn
HjzTsHhAoxjpBISWFNM6Jk2ZwH8/Ua9/UVF7bL/di+dc5IDVxN6nXWFIBQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN8uPYZgTz1CCN7TZdKPenpbOC6GMB8GA1UdIwQY
MBaAFPjKp5e5APw1X8JBJGd1HussHGS+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NcW5sN2tBX0RWZndrRWtaM1VlNnl3Y1pMNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4
LTlkYjNkNDRjNmQyZi8xLzN5NDlobUJQUFVJSTN0Tmwwbzk2ZWxzNExvWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4LTlkYjNkNDRjNmQy
Zi8xLzEtTXFubDdrQV9EVmZ3a0VrWjNVZTZ5d2NaTDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC5YtkD
BAC5YtsDBADBIlMwDQYJKoZIhvcNAQELBQADggEBAGhU+mC/gzGx1nA932rc+XQw
/4pGakQgtXiQwBNDDlySA3dJbE1v7QZm6N6MUgRxivsmv9KkZyYyhLXLngymoT9Z
0bgQzYZPbOWDqpxodwL17vnWo5BCcTV8AbsOIEujzXjwe9Mum4WQZxDjcNvq9W9I
ueIFqm/VhEeRXqMTghxTOKBLDjVhbWfP/tP319lqIyZCJ+m1Fqnbz+P/TsNVst9x
MJ1CKAa3qh/Y/AEwh5sPL5DQFoUraEa66f8QECAh9U+GehOf95mxBtElWkONnYHY
oQdMrgBO90ExAXj8mnxDYvnrSLCd9iDQaJPVvKcQGFO8Wor3D/opOrRdmxdJ/4k=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:20:58 2025 by rpki-client