Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/3BDabQP_-GobpPFyOOf3nPvKyNg.roa
File: 3BDabQP_-GobpPFyOOf3nPvKyNg.roa (raw, json)
Hash identifier: FaNfiiIxqzh6ezatmLTk4fTz0o80aDYk8OCJEpDU66k=
Subject key identifier: DC:10:DA:6D:03:FF:F8:6A:1B:A4:F1:72:38:E7:F7:9C:FB:CA:C8:D8
Certificate issuer: /CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Certificate serial: 018AC8B802DE28190EB794B3D0EC8B0D83E8
Authority key identifier: 7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/3BDabQP_-GobpPFyOOf3nPvKyNg.roa
Signing time: Sun 24 Sep 2023 19:43:37 +0000
ROA not before: Sun 24 Sep 2023 19:43:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198482
IP address blocks: 151.237.0.0/24 maxlen: 24
151.237.0.0/20 maxlen: 20
151.237.1.0/24 maxlen: 24
151.237.2.0/24 maxlen: 24
151.237.3.0/24 maxlen: 24
151.237.4.0/24 maxlen: 24
151.237.8.0/24 maxlen: 24
151.237.9.0/24 maxlen: 24
151.237.10.0/24 maxlen: 24
151.237.11.0/24 maxlen: 24
151.237.5.0/24 maxlen: 24
151.237.6.0/24 maxlen: 24
85.187.208.0/24 maxlen: 24
85.187.209.0/24 maxlen: 24
85.187.210.0/24 maxlen: 24
85.187.211.0/24 maxlen: 24
85.187.212.0/24 maxlen: 24
85.187.213.0/24 maxlen: 24
85.187.214.0/24 maxlen: 24
85.187.215.0/24 maxlen: 24
85.187.221.0/24 maxlen: 24
85.187.220.0/24 maxlen: 24
151.237.94.0/23 maxlen: 23
151.237.94.0/24 maxlen: 24
151.237.95.0/24 maxlen: 24
151.237.12.0/24 maxlen: 24
151.237.13.0/24 maxlen: 24
151.237.14.0/24 maxlen: 24
151.237.15.0/24 maxlen: 24
195.234.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:c8:b8:02:de:28:19:0e:b7:94:b3:d0:ec:8b:0d:83:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Validity
Not Before: Sep 24 19:43:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dc10da6d03fff86a1ba4f17238e7f79cfbcac8d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:74:e8:91:99:ec:8e:c8:82:f8:4a:36:46:1d:
1c:ef:c4:67:54:24:45:38:b1:c1:17:09:b3:b2:e5:
08:cd:25:22:3c:74:9f:cc:b6:83:75:47:a8:cd:49:
d2:38:c2:03:eb:66:60:de:f3:02:cf:61:54:ba:11:
80:2c:a0:89:cf:d6:d8:42:c2:82:ff:3b:2e:35:c3:
52:c3:a8:f6:58:25:fa:6a:7d:44:0b:b6:78:83:82:
d7:34:c6:8d:60:40:83:b1:c4:c4:92:39:31:ec:e4:
6e:96:3b:0c:38:1d:c8:79:39:de:62:8a:be:4f:80:
76:7f:27:c8:6f:6b:cf:e7:2c:ff:97:26:4c:00:24:
2b:15:b4:6c:c6:66:7f:33:62:7e:bd:ea:17:ff:74:
57:84:84:46:00:55:33:c7:12:00:a7:1d:72:6c:2e:
9d:61:61:97:01:4a:4d:d5:13:7a:fb:95:50:0e:36:
3f:db:9a:eb:da:d5:f0:76:b3:d2:b8:95:18:79:df:
a6:77:d8:fa:7c:e5:97:68:a4:c1:86:c2:8a:a1:18:
de:09:c9:b9:8a:43:07:e3:1b:4f:20:15:24:ca:6c:
80:a5:99:d7:87:e0:72:d5:6b:1c:46:70:8d:d5:cf:
b0:54:f9:9a:f9:db:33:af:5f:3f:2f:4f:3a:cb:58:
78:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:10:DA:6D:03:FF:F8:6A:1B:A4:F1:72:38:E7:F7:9C:FB:CA:C8:D8
X509v3 Authority Key Identifier:
keyid:7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/3BDabQP_-GobpPFyOOf3nPvKyNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.187.208.0/21
85.187.220.0/23
151.237.0.0/20
151.237.94.0/23
195.234.98.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:7f:11:07:1d:8f:cc:ec:59:1b:85:14:36:3c:1f:f7:b6:c8:
45:92:b4:9a:ce:64:f1:a6:1a:72:8f:fd:e2:b3:fc:f1:1f:bc:
fb:15:5e:93:23:c1:60:fa:d7:58:05:a8:2f:70:f3:ef:42:80:
02:75:4b:3b:f9:66:cf:bd:29:6f:55:5a:63:5a:8d:5a:f5:d2:
83:e9:52:86:6e:b3:59:3f:3a:b9:6a:6e:23:d0:13:0f:d5:86:
87:fd:f8:f3:f5:a8:ec:6d:b3:48:9e:aa:ca:5b:26:82:55:35:
a0:3a:2c:22:41:03:38:a2:61:ff:42:70:76:82:e5:ae:ba:f1:
90:28:87:0d:63:1f:c9:cc:3c:50:9a:c2:fe:3e:df:fd:fb:b1:
3b:84:2b:c5:ce:0e:25:5e:56:ac:10:a2:e7:db:af:3e:90:a5:
3d:e0:84:ac:7f:c8:56:f9:06:5f:20:b2:c1:c3:de:93:e3:9e:
8d:c0:3a:e1:86:4f:66:41:8d:a7:95:8d:bb:84:a9:5a:70:b4:
4f:90:79:96:6f:92:2f:67:f9:6f:4b:9d:40:54:b1:71:ba:af:
df:b9:8b:27:4e:75:05:2c:8d:7c:1c:32:af:95:47:49:97:31:
8b:89:5b:03:86:1e:3d:35:9e:e4:38:ee:0b:1c:d2:2b:5e:44:
ce:10:f7:63
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYrIuALeKBkOt5Sz0OyLDYPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkN2I0YmNhYmViMjk2MDVlYTUxMWRlOTczZTQ2NzVjNGI4
YTI5ZGYwHhcNMjMwOTI0MTk0MzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzEwZGE2ZDAzZmZmODZhMWJhNGYxNzIzOGU3Zjc5Y2ZiY2FjOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nTokZnsjsiC+Eo2Rh0c78RnVCRF
OLHBFwmzsuUIzSUiPHSfzLaDdUeozUnSOMID62Zg3vMCz2FUuhGALKCJz9bYQsKC
/zsuNcNSw6j2WCX6an1EC7Z4g4LXNMaNYECDscTEkjkx7ORuljsMOB3IeTneYoq+
T4B2fyfIb2vP5yz/lyZMACQrFbRsxmZ/M2J+veoX/3RXhIRGAFUzxxIApx1ybC6d
YWGXAUpN1RN6+5VQDjY/25rr2tXwdrPSuJUYed+md9j6fOWXaKTBhsKKoRjeCcm5
ikMH4xtPIBUkymyApZnXh+By1WscRnCN1c+wVPma+dszr18/L086y1h47wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNwQ2m0D//hqG6Txcjjn95z7ysjYMB8GA1UdIwQY
MBaAFH17S8q+spYF6lEd6XPkZ1xLiinfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGIt
NDQ3NjE3YTRhNzQ0LzEvM0JEYWJRUF8tR29icFBGeU9PZjNuUHZLeU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGItNDQ3NjE3YTRhNzQ0
LzEvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDVbvQAwQB
VbvcAwQEl+0AAwQBl+1eAwQAw+piMA0GCSqGSIb3DQEBCwUAA4IBAQBrfxEHHY/M
7FkbhRQ2PB/3tshFkrSazmTxphpyj/3is/zxH7z7FV6TI8Fg+tdYBagvcPPvQoAC
dUs7+WbPvSlvVVpjWo1a9dKD6VKGbrNZPzq5am4j0BMP1YaH/fjz9ajsbbNInqrK
WyaCVTWgOiwiQQM4omH/QnB2guWuuvGQKIcNYx/JzDxQmsL+Pt/9+7E7hCvFzg4l
XlasEKLn268+kKU94ISsf8hW+QZfILLBw96T456NwDrhhk9mQY2nlY27hKlacLRP
kHmWb5IvZ/lvS51AVLFxuq/fuYsnTnUFLI18HDKvlUdJlzGLiVsDhh49NZ7kOO4L
HNIrXkTOEPdj
-----END CERTIFICATE-----
Generated at Tue Apr 8 04:02:10 2025 by rpki-client