Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/rCDcBMO8-Y7gCY3l6MKbPWzoFCA.roa
File: rCDcBMO8-Y7gCY3l6MKbPWzoFCA.roa (raw, json)
Hash identifier: t+xuUj8nDYxbhB6FPdv/K+PbbGycpclotyOmsYM96JU=
Subject key identifier: AC:20:DC:04:C3:BC:F9:8E:E0:09:8D:E5:E8:C2:9B:3D:6C:E8:14:20
Certificate issuer: /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial: 018D6514C52EB2715E5F9F62E17AE230A956
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/rCDcBMO8-Y7gCY3l6MKbPWzoFCA.roa
Signing time: Thu 01 Feb 2024 14:31:16 +0000
ROA not before: Thu 01 Feb 2024 14:31:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8866
IP address blocks: 87.116.82.0/24 maxlen: 24
217.75.139.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:65:14:c5:2e:b2:71:5e:5f:9f:62:e1:7a:e2:30:a9:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Validity
Not Before: Feb 1 14:31:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ac20dc04c3bcf98ee0098de5e8c29b3d6ce81420
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:63:cb:56:cd:47:20:29:fe:e5:d0:7b:85:78:
7b:23:d1:20:dd:1d:cb:6c:ab:3d:c5:f7:b4:ad:7e:
02:3a:7c:f9:89:28:3c:93:e8:85:7a:02:1c:ac:4a:
cd:31:15:12:a7:80:ed:d6:50:9d:62:4b:51:13:c3:
c3:e0:c8:d7:12:d8:fa:ee:f5:98:85:c0:ea:74:c7:
41:d8:25:97:86:3d:5f:37:8d:20:3b:22:02:ae:70:
dc:07:85:ef:94:8d:63:91:5b:dd:76:ce:af:34:7e:
e5:75:5b:d0:bf:72:78:10:d0:0c:96:3c:ad:1f:24:
b2:55:0f:83:71:da:79:d9:07:63:36:9c:a1:0b:37:
d7:56:e2:36:8e:ae:38:00:17:65:31:bb:fb:cf:df:
e0:91:f8:57:b2:57:df:0a:e6:ee:4f:95:99:ab:8f:
4e:29:58:66:61:a3:93:22:fe:87:53:41:fa:0a:e0:
d6:7f:e6:46:b2:a9:3e:98:75:67:f7:fe:35:86:a7:
fd:7c:7e:41:43:2e:90:5b:0b:e8:f0:85:3d:bc:78:
21:dc:04:a4:cd:26:c3:e6:41:5f:07:39:68:4b:37:
ff:60:03:2a:1b:60:f5:53:6b:8d:af:58:de:78:63:
d2:76:a0:61:1f:db:7c:90:ae:90:32:c5:07:f2:9f:
29:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:20:DC:04:C3:BC:F9:8E:E0:09:8D:E5:E8:C2:9B:3D:6C:E8:14:20
X509v3 Authority Key Identifier:
keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/rCDcBMO8-Y7gCY3l6MKbPWzoFCA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.116.82.0/24
217.75.139.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:d9:7d:b4:8c:00:f0:b0:18:1b:9c:44:dc:c3:4c:30:75:44:
5c:4f:ee:c3:9d:25:e1:2e:53:f4:c0:6f:84:42:98:e8:5d:cf:
57:71:41:71:62:28:be:ac:80:54:da:eb:cc:30:aa:55:47:ff:
62:a5:1e:14:68:b6:71:78:48:eb:26:ba:9b:5e:35:6a:fa:27:
da:cc:33:d0:8a:4a:29:ca:4a:59:0c:d9:de:6e:45:a5:c8:90:
69:02:3d:9c:5f:0b:d4:c6:9c:d6:b7:ee:14:99:cc:5c:3a:f3:
62:8c:6b:94:2c:30:a5:6c:0d:a1:a9:96:98:59:5e:9c:ff:92:
2d:b0:7f:11:a2:ae:48:e0:a7:bb:08:dd:4b:2e:dd:c8:87:5b:
60:a4:c1:6f:24:e9:c8:46:98:aa:cc:18:8b:62:73:f6:e5:ea:
ed:84:fd:12:45:a6:3f:fc:0f:e0:f0:5a:54:7f:11:00:de:49:
bf:c5:f1:52:ae:00:c9:92:ea:27:83:ff:08:13:31:55:3b:69:
b8:f3:0c:17:da:fc:3c:b9:f7:12:f6:5b:93:be:26:0e:e8:84:
aa:14:c0:73:98:e3:6f:13:97:3a:79:f5:52:a9:f4:81:52:59:
30:44:21:28:9c:85:30:cb:11:3d:38:ec:ff:0a:c2:53:b3:fa:
d7:0c:6b:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1lFMUusnFeX59i4XriMKlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMjAxMTQzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzIwZGMwNGMzYmNmOThlZTAwOThkZTVlOGMyOWIzZDZjZTgxNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGPLVs1HICn+5dB7hXh7I9Eg3R3L
bKs9xfe0rX4COnz5iSg8k+iFegIcrErNMRUSp4Dt1lCdYktRE8PD4MjXEtj67vWY
hcDqdMdB2CWXhj1fN40gOyICrnDcB4XvlI1jkVvdds6vNH7ldVvQv3J4ENAMljyt
HySyVQ+Dcdp52QdjNpyhCzfXVuI2jq44ABdlMbv7z9/gkfhXslffCubuT5WZq49O
KVhmYaOTIv6HU0H6CuDWf+ZGsqk+mHVn9/41hqf9fH5BQy6QWwvo8IU9vHgh3ASk
zSbD5kFfBzloSzf/YAMqG2D1U2uNr1jeeGPSdqBhH9t8kK6QMsUH8p8pPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwg3ATDvPmO4AmN5ejCmz1s6BQgMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvckNEY0JNTzgtWTdnQ1kzbDZNS2JQV3pvRkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3RSAwQA
2UuLMA0GCSqGSIb3DQEBCwUAA4IBAQBK2X20jADwsBgbnETcw0wwdURcT+7DnSXh
LlP0wG+EQpjoXc9XcUFxYii+rIBU2uvMMKpVR/9ipR4UaLZxeEjrJrqbXjVq+ifa
zDPQikopykpZDNnebkWlyJBpAj2cXwvUxpzWt+4UmcxcOvNijGuULDClbA2hqZaY
WV6c/5ItsH8Roq5I4Ke7CN1LLt3Ih1tgpMFvJOnIRpiqzBiLYnP25erthP0SRaY/
/A/g8FpUfxEA3km/xfFSrgDJkuong/8IEzFVO2m48wwX2vw8ufcS9luTviYO6ISq
FMBzmONvE5c6efVSqfSBUlkwRCEonIUwyxE9OOz/CsJTs/rXDGvp
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:19:13 2025 by rpki-client