Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/3WYvDOH025dkP57iKRY08qPw_PM.roa
File: 3WYvDOH025dkP57iKRY08qPw_PM.roa (raw, json)
Hash identifier: pu6rHsN/eJ7dRnHM19k73jTPbW81QUqJOkiO3wBLjy0=
Subject key identifier: DD:66:2F:0C:E1:F4:DB:97:64:3F:9E:E2:29:16:34:F2:A3:F0:FC:F3
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0181D261E33F23A5CC52F0E7906DC43A4DF9
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/3WYvDOH025dkP57iKRY08qPw_PM.roa
Signing time: Wed 06 Jul 2022 07:20:39 +0000
ROA not before: Wed 06 Jul 2022 07:20:39 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 185.65.68.0/24 maxlen: 24
194.15.152.0/22 maxlen: 22
83.97.100.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:d2:61:e3:3f:23:a5:cc:52:f0:e7:90:6d:c4:3a:4d:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jul 6 07:20:39 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dd662f0ce1f4db97643f9ee2291634f2a3f0fcf3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:26:b7:b6:e6:ee:c0:a8:74:8a:a5:1f:a0:c1:
51:f4:45:a7:87:b2:09:6b:1c:a5:ec:a8:03:d7:05:
c5:42:79:e1:3a:c6:3c:e8:3c:bc:51:bb:ba:59:e8:
60:53:ba:e9:e3:23:f6:2a:4b:a6:d5:8a:44:c4:4b:
84:ad:c5:a8:f6:48:6f:99:13:12:98:21:40:36:2e:
11:92:9c:34:e9:e9:cc:e8:b2:92:a1:c7:21:05:cc:
a0:a5:b7:2c:72:8c:b2:cb:ec:c0:b4:cf:87:be:c7:
25:e7:00:9f:41:55:fe:af:c7:04:f3:d0:69:98:28:
20:a5:19:dd:43:d8:0f:de:05:44:a5:65:33:63:22:
6a:52:d4:1f:52:92:fa:fd:c3:e5:59:c2:76:a9:31:
0a:4e:83:a9:a3:df:57:21:94:9d:54:d0:9c:cf:00:
6b:17:b8:f5:c3:79:d7:12:09:58:2f:70:eb:e1:76:
f8:c5:79:ae:54:05:a9:dd:40:a2:3d:2b:2a:ef:b8:
46:79:e7:10:f1:67:50:09:5a:18:68:fd:8c:b4:15:
aa:ec:92:63:94:a5:37:5c:2b:01:78:34:b7:11:fb:
5d:c5:e0:4a:4a:13:42:86:a3:28:0c:c2:32:00:dd:
80:e6:a4:ba:07:9f:ef:96:51:5e:88:40:a9:6b:16:
1c:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:66:2F:0C:E1:F4:DB:97:64:3F:9E:E2:29:16:34:F2:A3:F0:FC:F3
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/3WYvDOH025dkP57iKRY08qPw_PM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.97.100.0/22
185.65.68.0/24
194.15.152.0/22
Signature Algorithm: sha256WithRSAEncryption
40:c4:e9:ce:e8:a3:7a:20:57:8f:a2:00:8c:ff:1b:d9:79:3f:
a4:5b:6b:da:39:43:3d:64:75:e0:4d:f7:a6:2a:a9:a4:20:5d:
40:46:00:cd:09:9a:24:84:aa:4f:65:05:7a:06:5a:07:d7:36:
66:1e:d6:77:d9:77:af:66:cd:45:0b:a0:a8:42:53:35:bc:0f:
ad:a8:e7:e5:18:64:07:1f:84:f6:00:ea:22:d5:94:79:f9:73:
5c:0b:96:64:f5:62:15:09:da:40:02:24:f3:b8:fb:eb:e9:e8:
86:fe:e5:d2:48:f9:46:a4:c5:11:b4:32:26:42:b5:a2:e6:4b:
4e:e4:56:98:81:cb:56:7f:3f:e2:69:be:eb:cc:d8:ec:67:0f:
8d:72:e9:fb:3f:98:37:4a:ba:b1:34:ec:cd:04:c2:f4:fc:a6:
73:ef:00:2c:36:6e:5b:c2:d1:d6:33:bf:5c:cd:08:c0:ff:aa:
ad:b0:af:f4:a2:d3:97:cd:31:72:88:b7:3c:e0:98:db:4b:b6:
95:0b:67:2b:cb:30:ea:06:1d:9e:0b:8a:ab:de:e6:65:19:81:
0b:f4:e6:a4:69:15:6b:fe:b3:34:f8:d8:6e:ff:b5:a2:bf:b2:
ef:73:82:12:9d:18:41:c2:78:b4:44:e4:3d:f0:79:50:4c:06:
40:0d:09:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYHSYeM/I6XMUvDnkG3EOk35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjIwNzA2MDcyMDM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY2MmYwY2UxZjRkYjk3NjQzZjllZTIyOTE2MzRmMmEzZjBmY2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuia3tubuwKh0iqUfoMFR9EWnh7IJ
axyl7KgD1wXFQnnhOsY86Dy8Ubu6WehgU7rp4yP2Kkum1YpExEuErcWo9khvmRMS
mCFANi4Rkpw06enM6LKSocchBcygpbcscoyyy+zAtM+Hvscl5wCfQVX+r8cE89Bp
mCggpRndQ9gP3gVEpWUzYyJqUtQfUpL6/cPlWcJ2qTEKToOpo99XIZSdVNCczwBr
F7j1w3nXEglYL3Dr4Xb4xXmuVAWp3UCiPSsq77hGeecQ8WdQCVoYaP2MtBWq7JJj
lKU3XCsBeDS3EftdxeBKShNChqMoDMIyAN2A5qS6B5/vllFeiECpaxYcDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN1mLwzh9NuXZD+e4ikWNPKj8PzzMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvM1dZdkRPSDAyNWRrUDU3aUtSWTA4cVB3X1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCU2FkAwQA
uUFEAwQCwg+YMA0GCSqGSIb3DQEBCwUAA4IBAQBAxOnO6KN6IFePogCM/xvZeT+k
W2vaOUM9ZHXgTfemKqmkIF1ARgDNCZokhKpPZQV6BloH1zZmHtZ32XevZs1FC6Co
QlM1vA+tqOflGGQHH4T2AOoi1ZR5+XNcC5Zk9WIVCdpAAiTzuPvr6eiG/uXSSPlG
pMURtDImQrWi5ktO5FaYgctWfz/iab7rzNjsZw+Ncun7P5g3SrqxNOzNBML0/KZz
7wAsNm5bwtHWM79czQjA/6qtsK/0otOXzTFyiLc84JjbS7aVC2cryzDqBh2eC4qr
3uZlGYEL9OakaRVr/rM0+Nhu/7Wiv7Lvc4ISnRhBwni0ROQ98HlQTAZADQkD
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:34:53 2025 by rpki-client