Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/uuOkqC7MkLuQ_SMOmS2t_0gfh50.roa
File: uuOkqC7MkLuQ_SMOmS2t_0gfh50.roa (raw, json)
Hash identifier: 3K9qW8QqqHSE+VSPmNwq+qAsJ6x0HUsqnsmxI0wtzDo=
Subject key identifier: BA:E3:A4:A8:2E:CC:90:BB:90:FD:23:0E:99:2D:AD:FF:48:1F:87:9D
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 0187996E650A442B96CA8632F16B777B358D
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/uuOkqC7MkLuQ_SMOmS2t_0gfh50.roa
Signing time: Wed 19 Apr 2023 12:12:41 +0000
ROA not before: Wed 19 Apr 2023 12:12:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16154
IP address blocks: 88.213.192.0/22 maxlen: 24
88.213.200.0/21 maxlen: 24
80.95.24.0/21 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:99:6e:65:0a:44:2b:96:ca:86:32:f1:6b:77:7b:35:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Apr 19 12:12:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bae3a4a82ecc90bb90fd230e992dadff481f879d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:97:22:05:0e:64:a2:a0:7d:e6:14:83:96:b2:
2c:a2:3f:25:d3:cf:05:58:53:49:ef:b2:74:63:1f:
df:92:fd:e2:ab:c0:ee:34:c4:ec:c7:69:ea:00:38:
2d:5d:5d:ee:c0:13:33:e2:ca:c3:22:b6:cf:1b:6b:
c3:db:71:84:29:ea:39:91:d1:bd:41:0d:14:c8:05:
91:e1:7d:14:84:b0:b9:02:3c:1e:71:ba:be:53:94:
3a:0e:17:79:04:21:1d:f3:6a:2e:e4:5b:0a:d9:f1:
da:19:c1:9c:d7:0b:54:1e:61:34:94:d9:4c:18:43:
72:30:4c:39:43:cd:82:a9:1d:43:f6:6c:e9:78:a9:
4c:26:71:dd:9e:e8:42:37:25:1a:e6:1a:07:4d:d9:
19:f0:88:c2:68:f7:d8:94:e3:b1:8f:d3:0a:54:e1:
c5:7d:0d:f8:a8:ac:0b:1a:f7:a2:68:2d:82:7b:65:
d9:61:10:e2:75:28:f9:69:e3:21:a6:d5:66:1e:36:
2a:dc:55:43:88:6c:9f:c4:4f:0a:d1:6f:bf:60:66:
98:34:54:0d:e0:f8:eb:2b:1a:d8:1f:cb:62:93:59:
ca:39:be:65:c0:14:41:82:b5:27:af:f9:c6:92:cc:
24:95:05:40:36:d1:2d:59:16:8b:1e:3b:44:61:cb:
62:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:E3:A4:A8:2E:CC:90:BB:90:FD:23:0E:99:2D:AD:FF:48:1F:87:9D
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/uuOkqC7MkLuQ_SMOmS2t_0gfh50.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.192.0/22
88.213.200.0/21
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
68:55:31:16:36:8d:2a:d3:e6:a0:6f:b8:eb:e0:b7:58:e9:c0:
4f:2c:e0:3f:1c:41:03:a8:7e:4a:62:95:b6:0f:ae:63:14:b5:
2f:9f:aa:82:c8:6d:e1:55:43:dd:3b:a4:eb:73:aa:99:4c:22:
99:f2:80:65:37:fe:9c:14:3a:6b:b9:e5:e0:d7:67:ee:d0:15:
ba:c0:27:be:a7:2e:93:db:5e:9d:f2:9b:b6:5f:60:a4:1b:97:
e5:a6:af:5c:14:c9:92:d6:b9:87:aa:8d:ff:9a:0d:00:3c:fb:
48:5b:ac:fd:19:76:83:e1:09:14:52:18:e1:a5:65:09:68:b3:
5a:61:7b:95:e7:36:28:61:84:52:85:60:52:b3:81:af:1b:a0:
1b:0b:4f:5e:ed:ad:f5:da:b0:00:0f:d0:16:20:a6:0f:94:3d:
5d:e7:ed:ec:53:9c:30:47:88:4d:72:16:76:f8:40:80:93:e4:
89:53:89:21:d5:ce:48:fb:ed:81:0c:2e:2d:68:18:3a:58:c6:
9f:10:ee:b6:27:ac:9f:6e:f9:d7:a3:c1:a7:56:1b:97:56:8d:
56:a8:b5:e6:21:07:d8:88:fb:a4:19:59:10:7f:96:97:62:7e:
14:49:60:91:44:d7:c8:1f:57:94:d5:a1:e1:1a:23:4f:6e:84:
c8:1a:11:5c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYeZbmUKRCuWyoYy8Wt3ezWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjQxZGQ4M2Q4YWMwODBiNjY1MDRiZjkzNzQ1OWZmY2Vj
NGNjYzQwHhcNMjMwNDE5MTIxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWUzYTRhODJlY2M5MGJiOTBmZDIzMGU5OTJkYWRmZjQ4MWY4NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5ciBQ5koqB95hSDlrIsoj8l088F
WFNJ77J0Yx/fkv3iq8DuNMTsx2nqADgtXV3uwBMz4srDIrbPG2vD23GEKeo5kdG9
QQ0UyAWR4X0UhLC5Ajwecbq+U5Q6Dhd5BCEd82ou5FsK2fHaGcGc1wtUHmE0lNlM
GENyMEw5Q82CqR1D9mzpeKlMJnHdnuhCNyUa5hoHTdkZ8IjCaPfYlOOxj9MKVOHF
fQ34qKwLGveiaC2Ce2XZYRDidSj5aeMhptVmHjYq3FVDiGyfxE8K0W+/YGaYNFQN
4PjrKxrYH8tik1nKOb5lwBRBgrUnr/nGkswklQVANtEtWRaLHjtEYctiVwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLrjpKguzJC7kP0jDpktrf9IH4edMB8GA1UdIwQY
MBaAFBYkHdg9isCAtmUEv5N0Wf/OxMzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWIt
NWU3NDlmNDM0MWE0LzEvdXVPa3FDN01rTHVRX1NNT21TMnRfMGdmaDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTAwNjAtNWFhYS00M2VhLWJjZWItNWU3NDlmNDM0MWE0
LzEvRmlRZDJEMkt3SUMyWlFTX2szUlpfODdFek1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDUF8YAwQC
WNXAAwQDWNXIAwQF2U9AMA0EAgACMAcDBQAqAnkAMA0GCSqGSIb3DQEBCwUAA4IB
AQBoVTEWNo0q0+agb7jr4LdY6cBPLOA/HEEDqH5KYpW2D65jFLUvn6qCyG3hVUPd
O6Trc6qZTCKZ8oBlN/6cFDprueXg12fu0BW6wCe+py6T216d8pu2X2CkG5flpq9c
FMmS1rmHqo3/mg0APPtIW6z9GXaD4QkUUhjhpWUJaLNaYXuV5zYoYYRShWBSs4Gv
G6AbC09e7a312rAAD9AWIKYPlD1d5+3sU5wwR4hNchZ2+ECAk+SJU4kh1c5I++2B
DC4taBg6WMafEO62J6yfbvnXo8GnVhuXVo1WqLXmIQfYiPukGVkQf5aXYn4USWCR
RNfIH1eU1aHhGiNPboTIGhFc
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:02:05 2025 by rpki-client