Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/m_uHkKzeHTlIhwMd9AHYeFv1FAE.roa
File: m_uHkKzeHTlIhwMd9AHYeFv1FAE.roa (raw, json)
Hash identifier: LWJYptHPJ2ovYE7xeBU/B2TKHxCqBp6T8ZpeIHM8tLI=
Subject key identifier: 9B:FB:87:90:AC:DE:1D:39:48:87:03:1D:F4:01:D8:78:5B:F5:14:01
Certificate issuer: /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial: 0194D16B21B8701E52223F54C2C0E10579C9
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/m_uHkKzeHTlIhwMd9AHYeFv1FAE.roa
Signing time: Tue 04 Feb 2025 14:44:06 +0000
ROA not before: Tue 04 Feb 2025 14:44:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8866
IP address blocks: 87.116.82.0/24 maxlen: 24
217.75.139.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d1:6b:21:b8:70:1e:52:22:3f:54:c2:c0:e1:05:79:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Validity
Not Before: Feb 4 14:44:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9bfb8790acde1d394887031df401d8785bf51401
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:fe:ef:18:3d:63:f5:5b:f4:5c:46:77:fc:71:
3f:28:1c:3f:15:8e:30:95:2b:aa:33:a5:28:eb:50:
ea:b4:9f:d5:b0:69:a6:f5:a2:d1:1e:cb:f0:69:ad:
9f:12:70:e7:18:f1:97:a4:2b:a4:3f:ae:d2:cd:ea:
8f:e2:d4:d2:b8:8f:d4:c3:ba:e8:ce:fa:48:c5:e3:
9c:52:72:b2:c5:7e:d0:56:0a:b8:9c:60:b4:1c:27:
ac:8a:a1:42:c6:cc:62:f1:ca:77:37:27:b2:56:61:
cd:11:10:cc:ab:59:2f:a3:f4:13:74:33:72:ea:8e:
74:5d:5d:4a:a8:c0:1c:66:44:b8:7e:b6:f1:fe:8a:
3c:0c:fe:15:d1:34:5c:6b:ca:9d:74:8f:d6:f8:cd:
3c:e3:34:af:ac:63:44:89:86:99:a6:09:2f:d5:bc:
a9:95:3a:6f:7c:5f:63:df:bb:4f:51:db:2d:de:9c:
ee:d0:bb:5b:45:e4:c2:9f:5e:f7:e0:57:80:5e:1c:
f8:04:bd:56:88:b2:2a:18:fd:15:6d:cc:63:cb:54:
7d:3c:fc:57:8e:ac:90:a6:da:25:16:a6:52:40:d1:
44:da:22:1c:e2:67:ec:83:71:f7:44:6f:ab:4b:0b:
11:46:dd:f3:6b:87:71:c7:ed:c0:ee:fd:e7:d4:87:
f6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:FB:87:90:AC:DE:1D:39:48:87:03:1D:F4:01:D8:78:5B:F5:14:01
X509v3 Authority Key Identifier:
keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/m_uHkKzeHTlIhwMd9AHYeFv1FAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.116.82.0/24
217.75.139.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:a9:91:8b:3f:4a:a6:84:5a:e6:81:bb:fb:8e:f1:72:73:17:
2c:1f:b3:54:0b:6b:fa:a4:db:dc:aa:8e:ae:4f:c0:a8:b5:5c:
4f:3a:ab:72:cb:eb:27:98:db:19:7f:12:11:19:98:ec:35:23:
c3:2f:dc:9d:5c:52:e9:f7:f5:0b:44:c6:85:b6:23:ed:93:a5:
45:64:fb:1f:00:da:db:54:ba:0e:69:e1:70:2a:88:a7:fd:e7:
9a:6f:ed:f7:69:f5:2b:30:a9:e9:65:2f:2e:e8:79:02:ba:1d:
ba:1c:4c:7b:c8:d6:ed:45:ab:c6:dc:a9:e3:fb:fa:22:41:f7:
6b:b0:99:34:21:fc:f2:ac:0c:f7:c9:f5:b3:b8:29:31:a8:66:
03:cf:53:14:5a:70:c5:ca:7b:38:c5:1a:5a:08:06:10:ed:3a:
61:91:5a:94:dd:d2:bd:8a:d9:ac:de:a2:74:1e:89:d6:1f:48:
95:74:57:10:e9:22:36:37:44:2e:b3:88:ec:f2:fd:da:1a:a0:
0c:54:c5:7b:29:08:f9:4b:34:32:7f:93:b6:55:35:1b:0f:c2:
20:da:28:43:76:4d:c6:7d:52:bb:c3:ad:2b:37:81:11:37:36:
d9:90:aa:c1:fd:ca:6e:50:a6:f5:4c:5c:15:f8:cb:b6:ac:c6:
76:65:cc:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTRayG4cB5SIj9UwsDhBXnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjUwMjA0MTQ0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZiODc5MGFjZGUxZDM5NDg4NzAzMWRmNDAxZDg3ODViZjUxNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8f7vGD1j9Vv0XEZ3/HE/KBw/FY4w
lSuqM6Uo61DqtJ/VsGmm9aLRHsvwaa2fEnDnGPGXpCukP67SzeqP4tTSuI/Uw7ro
zvpIxeOcUnKyxX7QVgq4nGC0HCesiqFCxsxi8cp3NyeyVmHNERDMq1kvo/QTdDNy
6o50XV1KqMAcZkS4frbx/oo8DP4V0TRca8qddI/W+M084zSvrGNEiYaZpgkv1byp
lTpvfF9j37tPUdst3pzu0LtbReTCn1734FeAXhz4BL1WiLIqGP0Vbcxjy1R9PPxX
jqyQptolFqZSQNFE2iIc4mfsg3H3RG+rSwsRRt3za4dxx+3A7v3n1If2PQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJv7h5Cs3h05SIcDHfQB2Hhb9RQBMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvbV91SGtLemVIVGxJaHdNZDlBSFllRnYxRkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3RSAwQA
2UuLMA0GCSqGSIb3DQEBCwUAA4IBAQB/qZGLP0qmhFrmgbv7jvFycxcsH7NUC2v6
pNvcqo6uT8CotVxPOqtyy+snmNsZfxIRGZjsNSPDL9ydXFLp9/ULRMaFtiPtk6VF
ZPsfANrbVLoOaeFwKoin/eeab+33afUrMKnpZS8u6HkCuh26HEx7yNbtRavG3Knj
+/oiQfdrsJk0IfzyrAz3yfWzuCkxqGYDz1MUWnDFyns4xRpaCAYQ7TphkVqU3dK9
itms3qJ0HonWH0iVdFcQ6SI2N0Qus4js8v3aGqAMVMV7KQj5SzQyf5O2VTUbD8Ig
2ihDdk3GfVK7w60rN4ERNzbZkKrB/cpuUKb1TFwV+Mu2rMZ2Zcy3
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:04:00 2025 by rpki-client