Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/7_kWg7joA7bgF5Vnybf8_JVANa0.roa
File: 7_kWg7joA7bgF5Vnybf8_JVANa0.roa (raw, json)
Hash identifier: j58DnGY+e2rpWG5nyk9xHRX6GFR6AK4YEskGgRf/Rz0=
Subject key identifier: EF:F9:16:83:B8:E8:03:B6:E0:17:95:67:C9:B7:FC:FC:95:40:35:AD
Certificate issuer: /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial: 01926B0D54CD4BE29380BA7BE5AFDA0F393F
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/7_kWg7joA7bgF5Vnybf8_JVANa0.roa
Signing time: Tue 08 Oct 2024 07:34:48 +0000
ROA not before: Tue 08 Oct 2024 07:34:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34233
IP address blocks: 83.137.192.0/21 maxlen: 21
2a00:a0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:6b:0d:54:cd:4b:e2:93:80:ba:7b:e5:af:da:0f:39:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
Validity
Not Before: Oct 8 07:34:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=eff91683b8e803b6e0179567c9b7fcfc954035ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:98:75:7e:7e:b1:04:d6:b7:ef:7e:44:84:33:
11:3e:ea:dd:da:d9:6d:f0:c0:03:f4:a6:e9:0d:0d:
e0:0c:79:4a:38:15:b9:f9:74:58:87:c1:28:44:65:
5b:7f:4f:89:3d:c4:aa:85:5b:b6:bc:ce:69:d8:43:
7e:81:93:5b:3b:ee:06:d8:86:20:0d:47:57:ef:7c:
7e:f6:63:b5:f7:33:3a:c0:c1:85:2b:e5:15:67:e0:
97:78:76:dc:19:a7:6d:5d:c1:69:12:f2:c0:e7:ec:
c9:8a:a8:b0:01:a7:05:9e:ce:d7:a6:c6:cd:98:e6:
e1:12:10:66:ae:2c:9c:d5:29:ca:4f:a1:0f:39:8e:
a7:fb:65:3f:ea:35:4a:f1:9b:88:de:7b:68:38:ab:
1b:8e:14:4c:3a:8c:84:bd:c4:25:b3:ef:ec:85:d6:
51:70:5b:44:75:5a:c5:64:7c:13:77:ff:ce:bf:cd:
7d:7f:ae:ea:d8:e3:48:e5:b1:6c:1a:3a:3d:10:e2:
cf:da:8a:78:0f:cd:43:08:33:27:8d:51:1b:f9:31:
24:7e:90:44:7d:f6:e9:15:7c:29:04:0c:2e:28:ad:
ce:c1:17:49:9c:b0:b4:e2:b1:81:14:89:fa:e5:45:
47:02:93:c3:7f:51:25:1f:2c:b6:19:2d:bf:2f:ee:
7b:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:F9:16:83:B8:E8:03:B6:E0:17:95:67:C9:B7:FC:FC:95:40:35:AD
X509v3 Authority Key Identifier:
keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/7_kWg7joA7bgF5Vnybf8_JVANa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.192.0/21
IPv6:
2a00:a0c0::/32
Signature Algorithm: sha256WithRSAEncryption
69:b2:5c:ec:0c:15:f9:ba:32:61:fb:2e:90:64:36:a8:de:ba:
f6:0a:ae:27:96:ad:8f:a5:a5:42:46:d5:29:9a:11:95:b1:40:
1b:2e:d1:33:52:b5:df:d5:3c:51:f1:4a:77:62:29:96:ae:20:
05:68:71:f0:cc:ec:77:13:13:55:4b:97:5f:3f:5d:bb:cc:67:
23:6c:c8:c9:d6:9b:5a:b2:52:d3:cb:78:e9:fc:52:d7:34:d3:
54:ee:df:83:22:72:01:9c:73:3d:65:12:07:d8:e1:21:80:e9:
54:f7:c2:1b:4b:94:a8:8f:81:ae:f0:e2:b4:e8:85:62:f5:6b:
37:45:28:6b:83:72:ff:4b:ec:d8:7e:e3:1c:e6:41:77:ef:b9:
74:51:2b:07:f7:a3:ed:4e:ca:66:a6:45:9a:53:6b:47:65:c2:
bb:51:e9:85:d3:34:95:92:15:c9:06:36:b1:f8:9f:c2:88:12:
60:9d:a7:63:65:5b:39:94:86:b6:c6:49:0a:a9:01:ed:bd:45:
a1:25:55:ad:8c:24:71:fb:16:40:75:1b:a0:92:c9:c9:d0:4f:
76:17:55:33:5e:fc:27:e5:2d:aa:b6:38:da:4b:99:4d:ab:d2:
64:f7:b4:0b:0e:88:c3:68:d1:53:6f:55:dc:75:19:6d:52:a2:
56:a5:a0:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJrDVTNS+KTgLp75a/aDzk/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjQxMDA4MDczNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmY5MTY4M2I4ZTgwM2I2ZTAxNzk1NjdjOWI3ZmNmYzk1NDAzNWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZh1fn6xBNa3735EhDMRPurd2tlt
8MAD9KbpDQ3gDHlKOBW5+XRYh8EoRGVbf0+JPcSqhVu2vM5p2EN+gZNbO+4G2IYg
DUdX73x+9mO19zM6wMGFK+UVZ+CXeHbcGadtXcFpEvLA5+zJiqiwAacFns7XpsbN
mObhEhBmriyc1SnKT6EPOY6n+2U/6jVK8ZuI3ntoOKsbjhRMOoyEvcQls+/shdZR
cFtEdVrFZHwTd//Ov819f67q2ONI5bFsGjo9EOLP2op4D81DCDMnjVEb+TEkfpBE
ffbpFXwpBAwuKK3OwRdJnLC04rGBFIn65UVHApPDf1ElHyy2GS2/L+57ewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO/5FoO46AO24BeVZ8m3/PyVQDWtMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvN19rV2c3am9BN2JnRjVWbnliZjhfSlZBTmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4nAMA0E
AgACMAcDBQAqAKDAMA0GCSqGSIb3DQEBCwUAA4IBAQBpslzsDBX5ujJh+y6QZDao
3rr2Cq4nlq2PpaVCRtUpmhGVsUAbLtEzUrXf1TxR8Up3YimWriAFaHHwzOx3ExNV
S5dfP127zGcjbMjJ1ptaslLTy3jp/FLXNNNU7t+DInIBnHM9ZRIH2OEhgOlU98Ib
S5Soj4Gu8OK06IVi9Ws3RShrg3L/S+zYfuMc5kF377l0USsH96PtTspmpkWaU2tH
ZcK7UemF0zSVkhXJBjax+J/CiBJgnadjZVs5lIa2xkkKqQHtvUWhJVWtjCRx+xZA
dRugksnJ0E92F1UzXvwn5S2qtjjaS5lNq9Jk97QLDojDaNFTb1XcdRltUqJWpaB7
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:20:16 2025 by rpki-client