Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/kz76Xle-TBVDlQ-BDMmmPBzWLxg.roa
File: kz76Xle-TBVDlQ-BDMmmPBzWLxg.roa (raw, json)
Hash identifier: xos8KyVI3FZSkWwV9TicNYe9n0f1FxUrLL3XBO4jsuo=
Subject key identifier: 93:3E:FA:5E:57:BE:4C:15:43:95:0F:81:0C:C9:A6:3C:1C:D6:2F:18
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 018570B08A40CB5B8230EC0DA81927764C30
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/kz76Xle-TBVDlQ-BDMmmPBzWLxg.roa
Signing time: Mon 02 Jan 2023 04:14:55 +0000
ROA not before: Mon 02 Jan 2023 04:14:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16154
IP address blocks: 88.213.192.0/20 maxlen: 24
88.213.192.0/21 maxlen: 24
80.95.24.0/21 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b0:8a:40:cb:5b:82:30:ec:0d:a8:19:27:76:4c:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Jan 2 04:14:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=933efa5e57be4c1543950f810cc9a63c1cd62f18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3c:3b:9f:36:89:ed:39:26:b8:7b:79:c0:ed:
0f:b6:4e:49:97:8c:42:45:df:9f:c1:0b:7e:df:34:
19:ae:42:50:ce:e8:8e:a9:40:a8:78:51:3d:d7:49:
a3:59:52:dc:64:8f:00:b6:8e:b7:3c:3f:60:3c:48:
b5:4c:9e:94:7b:da:1a:26:46:c6:82:df:45:d4:70:
f9:ef:cb:75:0a:e7:cf:99:dd:bf:c5:ba:56:5b:56:
99:39:99:89:63:35:d8:02:5b:80:e1:17:49:81:d0:
db:74:db:b9:5f:ff:b8:92:8e:fb:a8:8b:7e:ac:4c:
69:f2:9b:4f:9a:df:34:f7:9f:ff:15:90:28:59:6d:
50:e2:99:00:e6:45:c0:ef:ef:2d:de:10:ef:6e:7d:
81:81:23:96:39:11:d0:cc:5c:b6:1b:6b:5b:bd:be:
f0:02:d2:1c:55:ae:ac:7c:82:82:1e:b0:e9:ff:8b:
51:cd:b3:de:08:19:5e:51:7d:35:c6:17:bf:1a:4b:
8b:fc:03:ec:27:81:ac:c5:21:19:21:cb:d5:56:98:
80:94:2d:60:62:a0:64:78:2e:52:f0:1e:45:3b:09:
dc:e9:65:04:3a:2d:d8:97:79:3a:c9:e0:d4:2c:ad:
09:0c:b2:f0:dc:94:bd:73:7a:33:7f:82:e3:78:68:
ab:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:3E:FA:5E:57:BE:4C:15:43:95:0F:81:0C:C9:A6:3C:1C:D6:2F:18
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/kz76Xle-TBVDlQ-BDMmmPBzWLxg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.192.0/20
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
78:09:a0:17:41:b1:52:68:b6:7e:8e:e4:44:5b:17:f2:32:e4:
63:74:ea:c5:d6:7f:09:97:c0:d8:d0:f5:f1:91:a5:25:c1:27:
a9:2e:65:b4:b7:ac:a1:0a:09:61:5d:90:68:1a:73:06:0b:64:
83:84:2c:32:f0:ae:6e:62:ad:b5:f0:24:f9:30:78:ec:a1:18:
d6:26:92:91:ab:4b:9f:55:a1:b3:e7:bf:6c:47:ba:bb:d2:84:
bc:a3:55:91:60:37:b3:fb:b0:91:df:a0:61:7c:0e:2a:f9:a5:
11:9c:3e:65:41:48:25:a6:8f:d8:6e:0e:29:58:2a:e8:49:aa:
23:5e:8a:5a:80:84:a4:30:1a:09:7e:5b:d8:68:2b:48:41:cb:
e8:b5:5d:b7:ea:18:e3:4d:47:e0:ca:bb:c1:99:42:27:e4:d5:
86:09:6a:98:49:a7:3a:87:21:10:2a:5c:41:4b:15:4e:33:e2:
83:57:cf:b5:a6:97:c5:45:09:5e:cf:fc:5d:bd:0e:9f:35:01:
28:f7:01:ac:2d:84:49:8f:a6:56:6a:98:f6:ea:27:50:24:17:
26:e9:ea:b3:a8:92:b4:56:e5:77:54:df:8c:be:8d:c5:c2:a9:
4d:0f:09:47:52:36:0f:6d:89:79:a4:28:2a:be:f3:fa:d1:ab:
73:d5:be:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwsIpAy1uCMOwNqBkndkwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjMwMTAyMDQxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzNlZmE1ZTU3YmU0YzE1NDM5NTBmODEwY2M5YTYzYzFjZDYyZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDw7nzaJ7TkmuHt5wO0Ptk5Jl4xC
Rd+fwQt+3zQZrkJQzuiOqUCoeFE910mjWVLcZI8Ato63PD9gPEi1TJ6Ue9oaJkbG
gt9F1HD578t1CufPmd2/xbpWW1aZOZmJYzXYAluA4RdJgdDbdNu5X/+4ko77qIt+
rExp8ptPmt8095//FZAoWW1Q4pkA5kXA7+8t3hDvbn2BgSOWORHQzFy2G2tbvb7w
AtIcVa6sfIKCHrDp/4tRzbPeCBleUX01xhe/GkuL/APsJ4GsxSEZIcvVVpiAlC1g
YqBkeC5S8B5FOwnc6WUEOi3Yl3k6yeDULK0JDLLw3JS9c3ozf4LjeGirEQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJM++l5XvkwVQ5UPgQzJpjwc1i8YMB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEva3o3NlhsZS1UQlZEbFEtQkRNbW1QQnpXTHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDUF8YAwQE
WNXAAwQF2U9AMA0EAgACMAcDBQAqAnkAMA0GCSqGSIb3DQEBCwUAA4IBAQB4CaAX
QbFSaLZ+juREWxfyMuRjdOrF1n8Jl8DY0PXxkaUlwSepLmW0t6yhCglhXZBoGnMG
C2SDhCwy8K5uYq218CT5MHjsoRjWJpKRq0ufVaGz579sR7q70oS8o1WRYDez+7CR
36BhfA4q+aURnD5lQUglpo/Ybg4pWCroSaojXopagISkMBoJflvYaCtIQcvotV23
6hjjTUfgyrvBmUIn5NWGCWqYSac6hyEQKlxBSxVOM+KDV8+1ppfFRQlez/xdvQ6f
NQEo9wGsLYRJj6ZWapj26idQJBcm6eqzqJK0VuV3VN+Mvo3FwqlNDwlHUjYPbYl5
pCgqvvP60atz1b7C
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:31:24 2025 by rpki-client