Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/haLcAJngb-nwO4StkjUZiaSbc34.roa
File: haLcAJngb-nwO4StkjUZiaSbc34.roa (raw, json)
Hash identifier: ViWFttBLXyeJ/aJGC1oA+QPvuvPTaAcnjQ8rJ6dIWoc=
Subject key identifier: 85:A2:DC:00:99:E0:6F:E9:F0:3B:84:AD:92:35:19:89:A4:9B:73:7E
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 018EED1EDA69CCD8468EE36BF903237B9EA9
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/haLcAJngb-nwO4StkjUZiaSbc34.roa
Signing time: Wed 17 Apr 2024 17:33:25 +0000
ROA not before: Wed 17 Apr 2024 17:33:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16154
IP address blocks: 80.95.24.0/21 maxlen: 24
88.213.194.0/23 maxlen: 24
88.213.200.0/21 maxlen: 24
88.213.204.0/22 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:ed:1e:da:69:cc:d8:46:8e:e3:6b:f9:03:23:7b:9e:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Apr 17 17:33:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85a2dc0099e06fe9f03b84ad92351989a49b737e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:b4:41:1e:eb:f9:dc:dd:39:31:04:c4:36:71:
7f:27:97:e4:18:24:3f:0c:c0:cc:d0:13:3a:0b:37:
43:39:8e:c0:d3:71:48:b4:42:3a:9e:18:0f:b9:5e:
0a:0b:b5:51:32:82:e8:3b:85:23:dc:65:35:79:ab:
d8:c9:86:c4:56:2d:bf:ce:8f:eb:f4:b7:ae:1d:25:
a8:a8:f4:50:45:2f:46:fb:d5:72:16:c1:66:95:97:
d5:6c:de:1a:3e:70:e8:db:1b:50:00:36:21:7a:e4:
dd:ad:a8:10:96:0d:88:2d:c7:3f:4e:e2:2a:bd:46:
47:ce:f1:36:d7:30:ce:71:23:4c:b4:25:c1:a7:17:
d5:bb:95:cd:e7:ec:b9:39:b6:a0:64:07:3f:02:6c:
ed:51:e5:89:2c:bd:59:f6:bb:ea:31:bd:40:78:6b:
b1:5a:53:64:d3:0f:f8:1c:7f:da:3d:37:d6:36:35:
ed:d0:42:ca:31:51:19:2f:6c:0b:6b:aa:be:78:c3:
28:9b:69:c5:b8:74:74:80:e9:c4:c6:4e:21:d6:f5:
0f:55:ab:8f:bb:7d:d6:f2:3f:33:50:fc:d2:d5:99:
d7:51:b8:1e:85:5d:bd:ab:f6:80:a0:d2:44:b6:ca:
3a:a1:a8:76:fa:fc:6f:8c:99:1e:dc:1c:be:17:7c:
ef:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A2:DC:00:99:E0:6F:E9:F0:3B:84:AD:92:35:19:89:A4:9B:73:7E
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/haLcAJngb-nwO4StkjUZiaSbc34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.194.0/23
88.213.200.0/21
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
90:27:11:75:93:7d:1f:bb:ba:23:35:a2:af:fc:73:13:1e:fc:
a3:50:3a:fe:c4:90:67:5a:3e:0d:2e:27:4e:37:5f:3b:1a:5c:
75:84:d7:ab:81:4d:4f:66:b2:5f:20:40:23:51:f4:6b:00:d8:
11:ae:1e:a1:9c:3d:4a:25:11:07:fb:c3:b8:39:67:a8:8e:22:
75:f7:b8:7e:3d:a1:71:94:f7:9c:f9:27:e6:83:d4:28:78:ea:
f5:cc:26:56:7f:80:44:85:d7:99:eb:2d:e3:42:77:e7:f2:28:
6c:50:97:2d:a6:cf:6c:f6:d7:1a:62:9f:1d:ec:53:da:62:c5:
a5:fb:2d:0a:05:d3:ef:64:d6:ef:65:7a:83:eb:15:bd:ba:4d:
7c:2e:21:7f:0b:29:9c:2f:24:e8:05:51:64:f0:b9:20:cc:f7:
bf:95:12:31:83:9e:d1:b9:1c:cd:3e:2d:91:47:53:c9:de:5f:
9f:10:21:c7:23:49:a9:af:37:e7:46:c5:cf:6c:97:85:2f:69:
5e:43:41:84:0d:8e:50:0f:5f:26:c4:42:0c:58:94:5c:3d:1f:
2a:b4:ce:03:44:11:5b:c5:16:06:aa:48:10:e7:39:49:45:a4:
a7:c8:7f:cd:cd:25:96:cc:f0:d2:05:b3:35:31:2f:97:57:33:
c0:89:12:b2
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY7tHtppzNhGjuNr+QMje56pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjQwNDE3MTczMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWEyZGMwMDk5ZTA2ZmU5ZjAzYjg0YWQ5MjM1MTk4OWE0OWI3MzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLRBHuv53N05MQTENnF/J5fkGCQ/
DMDM0BM6CzdDOY7A03FItEI6nhgPuV4KC7VRMoLoO4Uj3GU1eavYyYbEVi2/zo/r
9LeuHSWoqPRQRS9G+9VyFsFmlZfVbN4aPnDo2xtQADYheuTdragQlg2ILcc/TuIq
vUZHzvE21zDOcSNMtCXBpxfVu5XN5+y5ObagZAc/AmztUeWJLL1Z9rvqMb1AeGux
WlNk0w/4HH/aPTfWNjXt0ELKMVEZL2wLa6q+eMMom2nFuHR0gOnExk4h1vUPVauP
u33W8j8zUPzS1ZnXUbgehV29q/aAoNJEtso6oah2+vxvjJke3By+F3zv9wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIWi3ACZ4G/p8DuErZI1GYmkm3N+MB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEvaGFMY0FKbmdiLW53TzRTdGtqVVppYVNiYzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDUF8YAwQB
WNXCAwQDWNXIAwQF2U9AMA0EAgACMAcDBQAqAnkAMA0GCSqGSIb3DQEBCwUAA4IB
AQCQJxF1k30fu7ojNaKv/HMTHvyjUDr+xJBnWj4NLidON187Glx1hNergU1PZrJf
IEAjUfRrANgRrh6hnD1KJREH+8O4OWeojiJ197h+PaFxlPec+Sfmg9QoeOr1zCZW
f4BEhdeZ6y3jQnfn8ihsUJctps9s9tcaYp8d7FPaYsWl+y0KBdPvZNbvZXqD6xW9
uk18LiF/CymcLyToBVFk8LkgzPe/lRIxg57RuRzNPi2RR1PJ3l+fECHHI0mprzfn
RsXPbJeFL2leQ0GEDY5QD18mxEIMWJRcPR8qtM4DRBFbxRYGqkgQ5zlJRaSnyH/N
zSWWzPDSBbM1MS+XVzPAiRKy
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:24 2025 by rpki-client