Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/cjzjZ9TXQ1oHZsWaI-sPLeSme_0.roa
File: cjzjZ9TXQ1oHZsWaI-sPLeSme_0.roa (raw, json)
Hash identifier: jadR+Zd7Kp+s9Ya4RFFZ6ze6Yf1HzGId4tusIIZtCCo=
Subject key identifier: 72:3C:E3:67:D4:D7:43:5A:07:66:C5:9A:23:EB:0F:2D:E4:A6:7B:FD
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 01868D499A4E619B6454F4B6212E81CC1435
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/cjzjZ9TXQ1oHZsWaI-sPLeSme_0.roa
Signing time: Sun 26 Feb 2023 10:34:16 +0000
ROA not before: Sun 26 Feb 2023 10:34:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16154
IP address blocks: 88.213.192.0/20 maxlen: 24
88.213.192.0/21 maxlen: 24
88.213.192.0/22 maxlen: 24
88.213.200.0/21 maxlen: 24
80.95.24.0/21 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:8d:49:9a:4e:61:9b:64:54:f4:b6:21:2e:81:cc:14:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Feb 26 10:34:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=723ce367d4d7435a0766c59a23eb0f2de4a67bfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:27:f1:2a:87:3e:b1:13:cf:c1:9a:ff:cb:81:
c4:95:b4:08:91:9b:06:e6:43:1f:53:cb:9e:d4:98:
5d:b4:f9:08:86:63:64:94:62:72:72:10:76:f9:a1:
a5:e7:11:81:32:98:ef:49:83:16:7e:65:fe:b9:a1:
c4:3a:b1:63:29:34:bb:63:3e:35:ca:7e:90:19:60:
28:9d:8e:8e:2d:3b:c8:f2:07:ae:0d:00:2a:ad:df:
e5:cf:55:bc:b9:2d:fb:25:3e:43:5a:ed:2b:47:05:
e3:dc:40:51:ff:7e:5d:bc:54:85:d4:51:07:de:8d:
cc:77:73:da:57:a6:3b:00:95:70:02:e0:75:8b:5c:
6a:60:42:3f:ca:86:fd:dd:3d:e0:14:29:f5:d3:5c:
08:a2:1d:9b:7a:c4:b4:51:06:3e:2b:d9:3c:14:ba:
f6:30:07:4e:0a:79:7d:b7:77:12:fa:cb:ba:d7:a9:
eb:a1:97:49:9c:3c:0a:94:b9:5e:70:49:92:a1:05:
fd:2d:0a:08:54:f5:14:cc:f2:ca:d6:ec:81:dd:35:
34:bd:dc:46:1e:0c:da:82:f8:f8:19:62:0f:eb:4a:
a2:f5:81:2d:56:37:8d:a7:7c:97:37:02:fa:07:75:
9f:2a:c3:58:a5:a7:40:8a:79:b1:33:d4:21:1d:aa:
5e:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:3C:E3:67:D4:D7:43:5A:07:66:C5:9A:23:EB:0F:2D:E4:A6:7B:FD
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/cjzjZ9TXQ1oHZsWaI-sPLeSme_0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.192.0/20
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
33:4d:a2:cf:27:45:01:92:ef:29:29:25:26:7d:0d:97:6e:68:
4e:5d:e5:63:0f:8f:32:d8:9b:08:ae:52:cc:1f:20:bd:3b:6c:
b6:fc:cd:f9:7b:c1:0a:a5:f1:c4:e3:be:5b:ea:ed:f8:97:80:
7b:97:02:ad:57:ab:bb:11:6c:2e:4d:82:6a:c8:61:ff:b5:6b:
cb:7a:31:e9:ab:29:7a:ac:de:53:e1:ab:8d:e1:b6:db:34:c2:
1f:c2:cf:6a:e2:56:a2:c7:c9:b6:0a:25:78:18:b4:47:b7:ac:
24:44:96:3b:b2:76:c6:ea:43:4b:22:38:ee:ac:1b:8b:bd:b9:
d6:c7:3a:a3:cb:95:60:e2:2c:da:6a:43:04:ad:82:53:6c:5c:
d7:93:ce:e3:50:74:61:5c:2b:90:25:76:3a:1a:03:22:36:11:
68:78:3e:94:3a:4f:3f:eb:f0:55:d3:18:f6:55:32:c9:68:21:
03:46:36:bd:f5:c3:d5:d8:b6:41:4c:8e:69:c7:9a:7e:99:9d:
0c:4a:b7:86:9c:09:ae:70:dd:12:31:8b:bc:8b:44:4f:cf:c8:
f4:57:d2:33:9e:a9:99:e1:cb:85:a0:33:fd:63:dc:c8:ad:31:
86:b1:88:2f:6a:e9:9f:b5:5c:27:48:9d:70:e2:db:48:93:2e:
cc:11:e8:95
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYaNSZpOYZtkVPS2IS6BzBQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjMwMjI2MTAzNDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNjZTM2N2Q0ZDc0MzVhMDc2NmM1OWEyM2ViMGYyZGU0YTY3YmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ifxKoc+sRPPwZr/y4HElbQIkZsG
5kMfU8ue1JhdtPkIhmNklGJychB2+aGl5xGBMpjvSYMWfmX+uaHEOrFjKTS7Yz41
yn6QGWAonY6OLTvI8geuDQAqrd/lz1W8uS37JT5DWu0rRwXj3EBR/35dvFSF1FEH
3o3Md3PaV6Y7AJVwAuB1i1xqYEI/yob93T3gFCn101wIoh2besS0UQY+K9k8FLr2
MAdOCnl9t3cS+su616nroZdJnDwKlLlecEmSoQX9LQoIVPUUzPLK1uyB3TU0vdxG
Hgzagvj4GWIP60qi9YEtVjeNp3yXNwL6B3WfKsNYpadAinmxM9QhHapeRQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHI842fU10NaB2bFmiPrDy3kpnv9MB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEvY2p6alo5VFhRMW9IWnNXYUktc1BMZVNtZV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDUF8YAwQE
WNXAAwQF2U9AMA0EAgACMAcDBQAqAnkAMA0GCSqGSIb3DQEBCwUAA4IBAQAzTaLP
J0UBku8pKSUmfQ2XbmhOXeVjD48y2JsIrlLMHyC9O2y2/M35e8EKpfHE475b6u34
l4B7lwKtV6u7EWwuTYJqyGH/tWvLejHpqyl6rN5T4auN4bbbNMIfws9q4laix8m2
CiV4GLRHt6wkRJY7snbG6kNLIjjurBuLvbnWxzqjy5Vg4izaakMErYJTbFzXk87j
UHRhXCuQJXY6GgMiNhFoeD6UOk8/6/BV0xj2VTLJaCEDRja99cPV2LZBTI5px5p+
mZ0MSreGnAmucN0SMYu8i0RPz8j0V9IznqmZ4cuFoDP9Y9zIrTGGsYgvaumftVwn
SJ1w4ttIky7MEeiV
-----END CERTIFICATE-----
Generated at Tue Apr 22 17:13:43 2025 by rpki-client