Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/1VFWCGe0F6x_QlOsXDtDofTJBeU.roa
File: 1VFWCGe0F6x_QlOsXDtDofTJBeU.roa (raw, json)
Hash identifier: J7GQjUfMh5GsRyg+ktJpOtaktY/McF56U4WqyHlakLg=
Subject key identifier: D5:51:56:08:67:B4:17:AC:7F:42:53:AC:5C:3B:43:A1:F4:C9:05:E5
Certificate issuer: /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial: 01856FC294299BF134D12F3A870EBDB709E2
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/1VFWCGe0F6x_QlOsXDtDofTJBeU.roa
Signing time: Sun 01 Jan 2023 23:55:00 +0000
ROA not before: Sun 01 Jan 2023 23:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57269
IP address blocks: 188.26.192.0/19 maxlen: 19
188.26.192.0/21 maxlen: 24
79.116.0.0/16 maxlen: 24
188.26.200.0/21 maxlen: 24
79.116.0.0/15 maxlen: 24
188.26.208.0/21 maxlen: 24
86.127.224.0/19 maxlen: 24
188.26.216.0/21 maxlen: 24
188.26.218.0/24 maxlen: 24
79.117.0.0/16 maxlen: 24
194.55.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:c2:94:29:9b:f1:34:d1:2f:3a:87:0e:bd:b7:09:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Validity
Not Before: Jan 1 23:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d551560867b417ac7f4253ac5c3b43a1f4c905e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:ce:14:e1:6c:27:46:68:e2:f9:25:29:06:00:
47:eb:74:92:dc:30:e6:43:91:94:96:d6:75:57:9a:
b3:f9:af:0b:d8:c4:c6:1b:e8:48:94:9f:f1:f4:59:
17:2c:cd:4d:47:7b:8a:b5:aa:4d:05:77:9a:d3:fe:
f3:79:94:46:8a:a2:c1:d6:2c:b5:76:f3:f0:a8:56:
0a:8c:96:24:8a:9b:12:52:3c:5d:14:02:9b:80:be:
11:df:b0:9d:63:b8:17:ee:35:da:69:58:be:99:c0:
46:b1:19:59:7c:81:35:a0:33:2d:6a:30:6e:5b:68:
bf:6a:f7:d3:12:17:52:db:cf:ff:61:21:0a:04:24:
90:ca:43:a1:45:e0:57:c9:0e:0d:6b:c3:fe:21:e1:
63:d8:a9:23:9a:f9:96:50:af:9a:70:d7:9d:67:c2:
48:cd:b2:ee:88:fd:a8:a6:6a:a0:8c:a1:42:68:4b:
bb:67:3a:b0:90:5c:b4:e4:a7:eb:c9:21:9c:4c:eb:
e0:79:5d:73:e1:db:c1:9b:43:30:61:ab:d2:2e:ca:
63:a2:e9:97:ab:34:64:62:7a:ba:06:55:85:3b:03:
9c:a6:f3:9c:4f:ec:6f:3d:f6:99:9d:f6:f2:52:1a:
9b:22:80:c7:3a:43:91:ca:99:f9:3d:a0:db:a0:85:
24:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:51:56:08:67:B4:17:AC:7F:42:53:AC:5C:3B:43:A1:F4:C9:05:E5
X509v3 Authority Key Identifier:
keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/1VFWCGe0F6x_QlOsXDtDofTJBeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.116.0.0/15
86.127.224.0/19
188.26.192.0/19
194.55.169.0/24
Signature Algorithm: sha256WithRSAEncryption
66:cc:b3:0c:4a:db:65:01:dc:9c:d5:c2:29:8d:1c:9f:88:c4:
7c:79:2d:6a:07:04:d9:84:ff:7d:5f:2e:e6:9c:43:92:e0:87:
f3:16:78:f2:5f:de:63:e2:eb:df:ca:15:9d:ce:2e:38:3e:2e:
a5:11:ac:4a:7b:7c:2c:70:07:3d:9e:85:4a:cf:dd:b3:1f:3f:
7a:e1:06:3a:33:3b:36:21:00:74:ef:34:60:d4:44:df:b7:f4:
49:ed:51:26:87:03:e5:51:e6:9b:dc:ca:63:f2:a0:f9:0a:f3:
e8:d0:d7:47:75:17:61:88:62:1b:bb:86:d8:31:09:e0:12:0f:
60:38:e7:cb:80:d8:06:36:3e:32:96:ea:7c:f9:dd:c0:ae:9a:
35:2d:fe:3b:ea:1d:24:25:e8:52:0e:45:28:e9:97:0b:7e:a7:
fb:83:ca:67:48:9b:37:94:01:82:16:01:de:bd:d0:2a:23:3a:
36:60:8c:a9:03:42:67:7d:30:e3:58:16:b5:09:62:bb:1a:1a:
6e:55:83:54:a6:12:48:c9:21:55:a6:8b:eb:b6:70:c1:77:b3:
43:cd:f2:fb:32:04:af:24:9b:6a:0b:c9:f7:3a:94:16:f4:2a:
7b:62:f5:00:4d:fe:e3:bb:c4:36:c2:83:b2:c9:f6:d9:cc:aa:
bb:b7:36:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVvwpQpm/E00S86hw69twniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjMwMTAxMjM1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUxNTYwODY3YjQxN2FjN2Y0MjUzYWM1YzNiNDNhMWY0YzkwNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs4U4WwnRmji+SUpBgBH63SS3DDm
Q5GUltZ1V5qz+a8L2MTGG+hIlJ/x9FkXLM1NR3uKtapNBXea0/7zeZRGiqLB1iy1
dvPwqFYKjJYkipsSUjxdFAKbgL4R37CdY7gX7jXaaVi+mcBGsRlZfIE1oDMtajBu
W2i/avfTEhdS28//YSEKBCSQykOhReBXyQ4Na8P+IeFj2KkjmvmWUK+acNedZ8JI
zbLuiP2opmqgjKFCaEu7ZzqwkFy05KfrySGcTOvgeV1z4dvBm0MwYavSLspjoumX
qzRkYnq6BlWFOwOcpvOcT+xvPfaZnfbyUhqbIoDHOkORypn5PaDboIUk7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNVRVghntBesf0JTrFw7Q6H0yQXlMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvMVZGV0NHZTBGNnhfUWxPc1hEdERvZlRKQmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwMBT3QDBAVW
f+ADBAW8GsADBADCN6kwDQYJKoZIhvcNAQELBQADggEBAGbMswxK22UB3JzVwimN
HJ+IxHx5LWoHBNmE/31fLuacQ5Lgh/MWePJf3mPi69/KFZ3OLjg+LqURrEp7fCxw
Bz2ehUrP3bMfP3rhBjozOzYhAHTvNGDURN+39EntUSaHA+VR5pvcymPyoPkK8+jQ
10d1F2GIYhu7htgxCeASD2A458uA2AY2PjKW6nz53cCumjUt/jvqHSQl6FIORSjp
lwt+p/uDymdImzeUAYIWAd690CojOjZgjKkDQmd9MONYFrUJYrsaGm5Vg1SmEkjJ
IVWmi+u2cMF3s0PN8vsyBK8km2oLyfc6lBb0Knti9QBN/uO7xDbCg7LJ9tnMqru3
NpE=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:41 2025 by rpki-client