Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/R3R8bergaIJYe2vJMXHLMRsVink.roa
File: R3R8bergaIJYe2vJMXHLMRsVink.roa (raw, json)
Hash identifier: nROJ1GlwOFaCTW41pfuCh1trJlZN9yy6gKt6IZVtMY4=
Subject key identifier: 47:74:7C:6D:EA:E0:68:82:58:7B:6B:C9:31:71:CB:31:1B:15:8A:79
Certificate issuer: /CN=813e051cb831d1989607bb76c0bc5693ff947b53
Certificate serial: 01856F9DD1E2C122B6499C696043CAA28C14
Authority key identifier: 81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/R3R8bergaIJYe2vJMXHLMRsVink.roa
Signing time: Sun 01 Jan 2023 23:14:51 +0000
ROA not before: Sun 01 Jan 2023 23:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35372
IP address blocks: 185.79.99.0/24 maxlen: 24
185.232.152.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:9d:d1:e2:c1:22:b6:49:9c:69:60:43:ca:a2:8c:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=813e051cb831d1989607bb76c0bc5693ff947b53
Validity
Not Before: Jan 1 23:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=47747c6deae06882587b6bc93171cb311b158a79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:d6:71:e4:a4:08:23:ed:5e:cd:7b:c4:92:3d:
42:fa:25:43:e9:57:ab:09:1b:2d:4e:fc:97:9c:ca:
fd:ab:7e:a6:4b:70:8a:13:88:3d:27:e2:56:c6:9b:
e4:c9:60:45:89:9e:09:88:71:cb:6c:59:fc:e9:e7:
c8:5e:59:e9:83:f7:b6:47:a5:5a:b5:08:72:a7:17:
7a:7e:db:10:3f:6d:1a:d0:cb:5b:04:8a:0f:2e:ff:
7d:88:a6:b7:94:03:b4:3f:5f:53:9c:93:a0:cf:67:
4b:b6:ef:2b:f4:1b:ad:f1:32:7d:dc:ee:2a:6e:3b:
ea:4f:ef:46:76:2e:ba:05:6c:c0:52:fb:00:bc:fb:
88:06:cf:33:ab:41:67:d0:54:11:31:ce:6a:f9:43:
84:44:8f:7c:5e:7f:40:22:08:2c:6b:49:bb:10:e6:
56:e9:10:56:08:40:b3:4f:93:b1:7b:f0:84:05:f5:
40:d6:72:2b:30:d4:e2:c6:55:85:e3:0a:76:06:06:
79:8d:d4:5c:c7:1d:df:ca:00:47:e1:1e:56:8d:d0:
e2:c7:c1:0b:1c:d3:67:13:05:5d:02:f2:bc:f1:3b:
eb:7a:b6:30:08:95:5c:ad:71:4a:1b:a8:de:03:73:
e0:cc:01:d4:0e:63:9a:d7:c3:3a:c4:65:b2:22:d5:
ec:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:74:7C:6D:EA:E0:68:82:58:7B:6B:C9:31:71:CB:31:1B:15:8A:79
X509v3 Authority Key Identifier:
keyid:81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/R3R8bergaIJYe2vJMXHLMRsVink.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.79.99.0/24
185.232.152.0/24
Signature Algorithm: sha256WithRSAEncryption
19:54:31:24:1a:fe:8d:4b:72:f1:8e:15:9f:36:cb:d8:87:8a:
f2:f9:e7:e3:f2:67:a5:13:b7:60:50:bb:e8:b3:e8:a6:79:b7:
f1:24:91:e5:2e:92:44:c7:0b:e9:63:4b:82:d0:16:83:7f:8f:
d9:72:ca:1b:95:74:2e:2f:f2:e6:7b:5f:e9:f3:8d:76:cb:9a:
93:4b:0a:1b:c9:b3:52:6f:70:3b:f4:21:1c:5c:fd:37:4e:54:
ad:9b:66:09:30:6c:13:24:38:ec:f9:6e:5f:d2:aa:a3:18:92:
1c:7d:6b:e0:6c:7a:40:04:6a:1c:2b:d1:bf:54:08:22:39:ab:
18:99:b3:f4:a6:04:3d:82:5b:93:c9:aa:7d:6a:a4:96:dd:21:
5a:53:7d:cc:ca:03:f9:b4:d3:a0:1f:1f:56:9c:c4:4a:49:ba:
20:0e:ce:e4:b5:28:b0:24:f2:86:70:ab:5e:f0:a5:3e:38:d3:
4b:c6:c3:1c:67:da:3d:fa:01:5c:fe:86:32:f4:ab:ea:f3:bc:
f7:ef:55:32:6b:fe:31:6a:72:f2:74:38:b8:6e:5f:c9:fd:0e:
09:8b:75:38:67:d0:95:c9:88:8f:6a:8b:21:03:93:df:65:1f:
e9:10:e5:12:6f:1f:9d:be:20:88:ad:30:d4:e2:97:83:0b:4f:
fb:d4:6e:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvndHiwSK2SZxpYEPKoowUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxM2UwNTFjYjgzMWQxOTg5NjA3YmI3NmMwYmM1NjkzZmY5
NDdiNTMwHhcNMjMwMTAxMjMxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc0N2M2ZGVhZTA2ODgyNTg3YjZiYzkzMTcxY2IzMTFiMTU4YTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNZx5KQII+1ezXvEkj1C+iVD6Ver
CRstTvyXnMr9q36mS3CKE4g9J+JWxpvkyWBFiZ4JiHHLbFn86efIXlnpg/e2R6Va
tQhypxd6ftsQP20a0MtbBIoPLv99iKa3lAO0P19TnJOgz2dLtu8r9But8TJ93O4q
bjvqT+9Gdi66BWzAUvsAvPuIBs8zq0Fn0FQRMc5q+UOERI98Xn9AIggsa0m7EOZW
6RBWCECzT5Oxe/CEBfVA1nIrMNTixlWF4wp2BgZ5jdRcxx3fygBH4R5WjdDix8EL
HNNnEwVdAvK88TvrerYwCJVcrXFKG6jeA3PgzAHUDmOa18M6xGWyItXsKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEd0fG3q4GiCWHtryTFxyzEbFYp5MB8GA1UdIwQY
MBaAFIE+BRy4MdGYlge7dsC8VpP/lHtTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQt
ZjU3N2FhNDZkZTgzLzEvUjNSOGJlcmdhSUpZZTJ2Sk1YSExNUnNWaW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQtZjU3N2FhNDZkZTgz
LzEvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuU9jAwQA
ueiYMA0GCSqGSIb3DQEBCwUAA4IBAQAZVDEkGv6NS3LxjhWfNsvYh4ry+efj8mel
E7dgULvos+imebfxJJHlLpJExwvpY0uC0BaDf4/ZcsoblXQuL/Lme1/p8412y5qT
SwobybNSb3A79CEcXP03TlStm2YJMGwTJDjs+W5f0qqjGJIcfWvgbHpABGocK9G/
VAgiOasYmbP0pgQ9gluTyap9aqSW3SFaU33MygP5tNOgHx9WnMRKSbogDs7ktSiw
JPKGcKte8KU+ONNLxsMcZ9o9+gFc/oYy9Kvq87z371Uya/4xanLydDi4bl/J/Q4J
i3U4Z9CVyYiPaoshA5PfZR/pEOUSbx+dviCIrTDU4peDC0/71G7d
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:22:33 2025 by rpki-client