Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/6rcnGgTopLFWbkZNbLkKWTUdksw.roa
File: 6rcnGgTopLFWbkZNbLkKWTUdksw.roa (raw, json)
Hash identifier: egD9BLz/luBgKLANmFFpnZ+hEXFzBmDOjRcha740/sY=
Subject key identifier: EA:B7:27:1A:04:E8:A4:B1:56:6E:46:4D:6C:B9:0A:59:35:1D:92:CC
Certificate issuer: /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial: 01926B1013E6C357524BF473E1A3B0208DAE
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/6rcnGgTopLFWbkZNbLkKWTUdksw.roa
Signing time: Tue 08 Oct 2024 07:37:48 +0000
ROA not before: Tue 08 Oct 2024 07:37:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197731
IP address blocks: 83.137.192.0/21 maxlen: 24
2a00:a0c0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:6b:10:13:e6:c3:57:52:4b:f4:73:e1:a3:b0:20:8d:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
Validity
Not Before: Oct 8 07:37:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=eab7271a04e8a4b1566e464d6cb90a59351d92cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:10:5c:29:f3:eb:25:12:e0:70:df:06:df:84:
79:e9:c6:ac:88:49:79:9b:88:f7:a2:a1:95:fe:6f:
5d:c6:32:e7:9f:25:58:49:a1:d8:ce:81:d0:1e:75:
7b:cc:e5:c5:12:74:c2:17:30:76:51:6f:e5:50:3c:
82:ad:5e:94:d6:90:e4:b5:80:6e:c3:f9:19:95:1e:
12:69:fa:66:9b:3e:d0:51:c5:4b:0e:80:07:ca:dd:
11:3b:72:11:50:be:bc:ad:a4:9d:78:66:4f:0e:ab:
c2:3c:ab:36:bb:5b:8b:58:a4:d6:1c:a3:c9:ee:ac:
b8:1c:bd:93:fe:1d:4c:00:bc:fc:57:97:78:59:97:
d8:e7:32:d0:99:1f:38:50:7d:09:4a:5d:af:eb:32:
ea:02:94:8e:5c:d9:cc:57:d8:ee:44:30:06:aa:f7:
31:e4:37:58:12:44:df:66:89:71:15:53:fb:85:f1:
9d:d9:3b:db:cd:ea:43:50:0c:75:97:fd:9a:e2:ec:
72:97:8d:a0:5e:bb:6e:43:a7:5d:62:d2:62:0d:b4:
4f:7f:6c:33:d8:d8:78:51:26:2e:41:aa:7a:ab:6f:
38:48:dc:a6:68:ff:5e:8c:c2:6f:66:ed:12:e0:00:
9b:1b:95:23:77:15:64:5f:37:7c:4d:84:f6:c8:5e:
18:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:B7:27:1A:04:E8:A4:B1:56:6E:46:4D:6C:B9:0A:59:35:1D:92:CC
X509v3 Authority Key Identifier:
keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/6rcnGgTopLFWbkZNbLkKWTUdksw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.192.0/21
IPv6:
2a00:a0c0::/32
Signature Algorithm: sha256WithRSAEncryption
74:b1:12:d0:94:70:29:f7:0e:46:88:8d:3f:ef:d1:3a:7c:6b:
d0:2a:b8:e9:c3:b4:64:dc:76:ec:d5:d7:fb:d3:86:2d:e4:e9:
25:38:3f:46:c6:c6:40:e2:68:99:c2:ab:4c:4b:e9:d5:59:88:
f8:2e:fb:25:01:0a:e5:94:7c:4a:a1:3b:ae:c7:d1:94:03:92:
ca:db:1c:69:6e:b9:df:64:7a:84:2a:96:34:20:e3:46:ae:4c:
ce:97:18:de:d3:46:24:a3:8c:36:66:c8:59:ed:5c:53:16:fb:
32:37:79:3f:79:1d:4f:16:25:f1:71:24:bb:90:64:cd:52:f8:
88:23:4e:53:b4:db:7e:db:f9:d6:75:3d:72:a4:4e:f1:76:7e:
e1:08:06:0f:2d:68:0c:79:e3:f6:90:d7:73:8e:70:3a:7c:c4:
41:64:9d:27:84:5e:4c:ff:3f:a8:f6:97:ae:67:0f:27:35:7e:
85:a6:71:77:93:7d:c7:8a:f7:16:b6:95:f4:51:82:2e:42:c3:
32:b9:77:05:68:b1:15:64:bd:8c:9f:ce:fc:36:57:26:8c:ab:
8e:e3:19:fb:43:ca:a6:e3:8a:12:50:66:80:70:00:cf:95:4d:
94:95:ad:db:b2:79:3b:a3:a2:94:ba:2e:1c:e7:6a:13:4c:8f:
d2:d2:c1:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJrEBPmw1dSS/Rz4aOwII2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjQxMDA4MDczNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWI3MjcxYTA0ZThhNGIxNTY2ZTQ2NGQ2Y2I5MGE1OTM1MWQ5MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxBcKfPrJRLgcN8G34R56casiEl5
m4j3oqGV/m9dxjLnnyVYSaHYzoHQHnV7zOXFEnTCFzB2UW/lUDyCrV6U1pDktYBu
w/kZlR4Safpmmz7QUcVLDoAHyt0RO3IRUL68raSdeGZPDqvCPKs2u1uLWKTWHKPJ
7qy4HL2T/h1MALz8V5d4WZfY5zLQmR84UH0JSl2v6zLqApSOXNnMV9juRDAGqvcx
5DdYEkTfZolxFVP7hfGd2TvbzepDUAx1l/2a4uxyl42gXrtuQ6ddYtJiDbRPf2wz
2Nh4USYuQap6q284SNymaP9ejMJvZu0S4ACbG5UjdxVkXzd8TYT2yF4Y2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOq3JxoE6KSxVm5GTWy5Clk1HZLMMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvNnJjbkdnVG9wTEZXYmtaTmJMa0tXVFVka3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4nAMA0E
AgACMAcDBQAqAKDAMA0GCSqGSIb3DQEBCwUAA4IBAQB0sRLQlHAp9w5GiI0/79E6
fGvQKrjpw7Rk3Hbs1df704Yt5OklOD9GxsZA4miZwqtMS+nVWYj4LvslAQrllHxK
oTuux9GUA5LK2xxpbrnfZHqEKpY0IONGrkzOlxje00Yko4w2ZshZ7VxTFvsyN3k/
eR1PFiXxcSS7kGTNUviII05TtNt+2/nWdT1ypE7xdn7hCAYPLWgMeeP2kNdzjnA6
fMRBZJ0nhF5M/z+o9peuZw8nNX6FpnF3k33HivcWtpX0UYIuQsMyuXcFaLEVZL2M
n878NlcmjKuO4xn7Q8qm44oSUGaAcADPlU2Ula3bsnk7o6KUui4c52oTTI/S0sE2
-----END CERTIFICATE-----
Generated at Sat Apr 19 06:27:26 2025 by rpki-client