Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/I7mgYA0uQBmIg_hyCKkDqBaXuEg.roa
File: I7mgYA0uQBmIg_hyCKkDqBaXuEg.roa (raw, json)
Hash identifier: n+9oObaHGsHsvTmUEfYetda5cKl6xlieisHFdNk7oqI=
Subject key identifier: 23:B9:A0:60:0D:2E:40:19:88:83:F8:72:08:A9:03:A8:16:97:B8:48
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 018EF249CB52F6AFE0C2C3257DFBF2DDE015
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/I7mgYA0uQBmIg_hyCKkDqBaXuEg.roa
Signing time: Thu 18 Apr 2024 17:38:26 +0000
ROA not before: Thu 18 Apr 2024 17:38:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16154
IP address blocks: 80.95.24.0/21 maxlen: 24
88.213.194.0/23 maxlen: 24
88.213.200.0/22 maxlen: 22
88.213.204.0/22 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f2:49:cb:52:f6:af:e0:c2:c3:25:7d:fb:f2:dd:e0:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Apr 18 17:38:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=23b9a0600d2e40198883f87208a903a81697b848
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:aa:11:e6:b6:5b:f4:f6:3c:b8:03:59:d0:49:
7b:da:4c:87:7b:aa:8e:ba:58:80:00:41:78:74:24:
b5:e8:26:91:df:7c:47:b1:df:e6:ff:c6:40:f9:b9:
02:b4:94:6e:7a:9b:78:ab:d6:5b:27:4b:1a:25:dc:
0f:bd:66:d4:26:bd:63:33:97:eb:97:81:fb:af:4c:
55:35:cb:9c:73:e8:18:87:96:be:c7:4c:54:39:bd:
95:b2:6b:cb:08:4b:07:4d:67:43:e7:cb:18:c8:d2:
2f:d5:f2:99:75:ed:67:b4:11:12:3f:52:c9:17:eb:
4d:c1:55:f5:e7:73:eb:b8:9f:77:ec:77:47:bf:b8:
14:1e:a0:87:86:d6:c1:81:f9:ab:a6:aa:cd:1d:a8:
fe:f0:c5:57:1f:ff:98:b5:94:65:07:9e:5e:8b:d1:
e6:69:c6:ee:14:09:ab:0d:7c:46:ad:56:06:f7:4a:
26:39:21:99:63:29:ba:05:82:a5:32:d6:63:51:8e:
7b:d8:d0:58:26:27:97:54:0a:6e:36:81:b7:60:cc:
28:ab:55:a0:fe:f0:1a:5b:73:aa:9a:1e:93:cc:0d:
09:69:67:64:d7:ea:f8:f5:d6:8c:62:f1:8c:40:2f:
42:97:0c:cf:60:47:4b:0b:d3:9d:b0:f3:50:83:1d:
38:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:B9:A0:60:0D:2E:40:19:88:83:F8:72:08:A9:03:A8:16:97:B8:48
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/I7mgYA0uQBmIg_hyCKkDqBaXuEg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.194.0/23
88.213.200.0/21
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
5a:1b:b8:7e:2a:21:60:2d:60:9d:da:c0:01:a2:4a:57:ac:0c:
7b:97:2d:16:ef:7c:d3:ca:40:d5:75:1e:4c:d8:51:8f:c1:6f:
0f:b6:3e:51:ee:4a:42:f0:c5:74:6a:cc:cb:16:2e:24:ff:bf:
de:5f:97:40:8c:97:3c:6b:be:29:af:fd:02:cd:76:43:3a:eb:
21:77:17:28:5e:51:84:f7:ec:ed:de:be:c2:c6:df:77:54:d5:
f0:df:dd:79:7d:5d:a5:a4:b9:0c:8b:d7:c3:c8:28:b2:17:51:
6a:79:b8:7e:4a:5a:b0:2e:a7:b1:d4:dd:52:15:2c:a3:f3:18:
db:c7:c0:f0:d6:3c:2d:c3:7c:a7:47:15:1b:a1:3f:d5:b6:62:
05:20:9e:f4:e1:28:58:ac:e8:a0:12:d3:7f:3f:f7:0f:bc:2a:
66:50:e9:72:df:4c:67:ce:34:f8:00:1a:4b:00:e6:7f:33:73:
22:c8:06:c7:35:86:aa:4d:e9:19:31:a9:de:d5:f0:a5:e9:5c:
7b:52:2d:81:f6:95:f6:b2:39:79:c4:db:dd:86:7d:8e:0c:e8:
1f:43:24:05:c1:92:01:59:31:90:b3:58:eb:06:8e:1c:a9:fa:
05:30:c6:1c:fa:0d:9a:49:f2:a9:f0:a0:20:9b:cd:52:dd:84:
5b:91:e3:97
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY7ySctS9q/gwsMlffvy3eAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjQwNDE4MTczODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2I5YTA2MDBkMmU0MDE5ODg4M2Y4NzIwOGE5MDNhODE2OTdiODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6oR5rZb9PY8uANZ0El72kyHe6qO
uliAAEF4dCS16CaR33xHsd/m/8ZA+bkCtJRuept4q9ZbJ0saJdwPvWbUJr1jM5fr
l4H7r0xVNcucc+gYh5a+x0xUOb2VsmvLCEsHTWdD58sYyNIv1fKZde1ntBESP1LJ
F+tNwVX153PruJ937HdHv7gUHqCHhtbBgfmrpqrNHaj+8MVXH/+YtZRlB55ei9Hm
acbuFAmrDXxGrVYG90omOSGZYym6BYKlMtZjUY572NBYJieXVApuNoG3YMwoq1Wg
/vAaW3Oqmh6TzA0JaWdk1+r49daMYvGMQC9ClwzPYEdLC9OdsPNQgx04VQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCO5oGANLkAZiIP4cgipA6gWl7hIMB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEvSTdtZ1lBMHVRQm1JZ19oeUNLa0RxQmFYdUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDUF8YAwQB
WNXCAwQDWNXIAwQF2U9AMA0EAgACMAcDBQAqAnkAMA0GCSqGSIb3DQEBCwUAA4IB
AQBaG7h+KiFgLWCd2sABokpXrAx7ly0W73zTykDVdR5M2FGPwW8Ptj5R7kpC8MV0
aszLFi4k/7/eX5dAjJc8a74pr/0CzXZDOushdxcoXlGE9+zt3r7Cxt93VNXw3915
fV2lpLkMi9fDyCiyF1Fqebh+SlqwLqex1N1SFSyj8xjbx8Dw1jwtw3ynRxUboT/V
tmIFIJ704ShYrOigEtN/P/cPvCpmUOly30xnzjT4ABpLAOZ/M3MiyAbHNYaqTekZ
Mane1fCl6Vx7Ui2B9pX2sjl5xNvdhn2ODOgfQyQFwZIBWTGQs1jrBo4cqfoFMMYc
+g2aSfKp8KAgm81S3YRbkeOX
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:36:48 2025 by rpki-client