Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/7jDI3dpnUW38S8OzxqqCXeCushw.roa
File: 7jDI3dpnUW38S8OzxqqCXeCushw.roa (raw, json)
Hash identifier: y6E3GRenpasJQeEjC6PWnonUGjZG9NqESOphR1pOf3U=
Subject key identifier: EE:30:C8:DD:DA:67:51:6D:FC:4B:C3:B3:C6:AA:82:5D:E0:AE:B2:1C
Certificate issuer: /CN=8fb620a4838ef6e21bcc26ad351262d7566eb275
Certificate serial: 01830D6B3C823EBEAA64F7F6D0AACC7B5D32
Authority key identifier: 8F:B6:20:A4:83:8E:F6:E2:1B:CC:26:AD:35:12:62:D7:56:6E:B2:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j7YgpIOO9uIbzCatNRJi11ZusnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/7jDI3dpnUW38S8OzxqqCXeCushw.roa
Signing time: Mon 05 Sep 2022 11:31:15 +0000
ROA not before: Mon 05 Sep 2022 11:31:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43708
IP address blocks: 95.85.192.0/18 maxlen: 18
78.110.208.0/20 maxlen: 20
185.24.20.0/22 maxlen: 22
31.41.200.0/21 maxlen: 21
2a01:510::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:0d:6b:3c:82:3e:be:aa:64:f7:f6:d0:aa:cc:7b:5d:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8fb620a4838ef6e21bcc26ad351262d7566eb275
Validity
Not Before: Sep 5 11:31:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ee30c8ddda67516dfc4bc3b3c6aa825de0aeb21c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:28:79:45:d1:44:3c:bc:f9:5a:e4:65:56:27:
a0:f1:cd:04:23:4e:b8:4d:5c:f5:a1:62:ba:cb:5f:
b2:a8:6e:0a:bf:63:a7:63:aa:e3:6a:4a:3b:52:91:
22:d2:15:49:b6:e0:5a:a5:53:f4:2b:31:a6:98:8f:
70:0d:bb:df:7f:b2:4f:e4:cc:1b:8f:2b:e7:89:2d:
1f:45:95:ee:e3:36:ac:92:41:0b:b4:6c:47:5d:7a:
b7:52:fa:1a:45:46:af:38:92:9c:aa:a7:29:49:6b:
53:7b:6a:fb:e2:6e:3d:4d:7a:dd:59:06:d1:01:cc:
2e:44:e4:7d:37:ef:43:c5:01:9e:b1:0d:c3:0d:16:
3d:f9:33:4c:23:db:65:6c:51:54:14:f7:5a:43:a1:
91:ef:53:97:6a:71:b1:ed:53:d4:d8:54:0a:96:2c:
33:65:78:7a:c5:3b:c0:46:59:d7:b8:dd:5a:12:25:
b7:af:15:5f:1a:73:28:ae:28:6b:d0:10:72:c6:56:
06:68:ee:50:05:7b:88:00:2f:d3:31:6c:cc:fe:f8:
95:0b:1d:15:84:78:7f:78:a0:32:86:0d:72:6a:b2:
91:0c:12:d9:19:08:6f:42:18:c6:ca:06:6f:3b:5f:
b3:e4:36:e1:3c:2d:bc:9b:e4:25:03:e7:ef:b3:e6:
93:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:30:C8:DD:DA:67:51:6D:FC:4B:C3:B3:C6:AA:82:5D:E0:AE:B2:1C
X509v3 Authority Key Identifier:
keyid:8F:B6:20:A4:83:8E:F6:E2:1B:CC:26:AD:35:12:62:D7:56:6E:B2:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7YgpIOO9uIbzCatNRJi11ZusnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/7jDI3dpnUW38S8OzxqqCXeCushw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/j7YgpIOO9uIbzCatNRJi11ZusnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.200.0/21
78.110.208.0/20
95.85.192.0/18
185.24.20.0/22
IPv6:
2a01:510::/32
Signature Algorithm: sha256WithRSAEncryption
6a:27:2c:da:9f:70:e2:c2:24:53:2e:75:f1:d2:c5:7a:e9:de:
61:e0:e1:fd:67:1f:22:f5:11:09:52:c1:5c:26:c1:e2:2b:0a:
4b:a5:5b:42:ea:e7:4e:50:3c:0a:8f:a1:af:9e:e9:3a:ab:df:
a8:05:41:cb:23:e2:ef:ad:e2:cb:22:6c:a7:16:bb:8a:51:81:
3c:55:04:fb:7d:f9:ec:96:5f:07:78:a7:bd:59:7f:1d:59:f7:
e4:2d:85:b8:e4:56:88:ac:5c:5b:ba:10:5b:eb:74:92:24:2a:
e9:b2:1a:48:d5:74:af:69:d9:71:8d:31:2c:bd:d4:f1:14:5d:
44:30:db:5c:52:2c:cd:99:80:fd:d5:57:8b:1d:ab:fb:ba:f0:
93:4f:cc:c7:95:40:e9:8b:fa:70:30:4b:3c:c8:4d:77:c0:8c:
e3:22:d7:54:93:0f:d7:8a:56:ad:7d:aa:46:c6:c3:04:23:74:
33:f4:36:58:18:e2:f9:0d:a4:a4:a8:5a:37:a9:52:1b:36:e6:
1e:a7:e4:6b:25:90:c1:fc:9d:84:37:59:ad:2d:9f:cb:ab:99:
5b:4d:2d:30:47:e3:a0:07:d5:64:06:d4:c3:17:81:55:59:4d:
0a:30:87:4c:63:0b:8f:0d:4e:42:e9:ff:24:d3:07:81:46:a2:
82:ed:e1:fc
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYMNazyCPr6qZPf20KrMe10yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYjYyMGE0ODM4ZWY2ZTIxYmNjMjZhZDM1MTI2MmQ3NTY2
ZWIyNzUwHhcNMjIwOTA1MTEzMTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTMwYzhkZGRhNjc1MTZkZmM0YmMzYjNjNmFhODI1ZGUwYWViMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSh5RdFEPLz5WuRlVieg8c0EI064
TVz1oWK6y1+yqG4Kv2OnY6rjako7UpEi0hVJtuBapVP0KzGmmI9wDbvff7JP5Mwb
jyvniS0fRZXu4zaskkELtGxHXXq3UvoaRUavOJKcqqcpSWtTe2r74m49TXrdWQbR
AcwuROR9N+9DxQGesQ3DDRY9+TNMI9tlbFFUFPdaQ6GR71OXanGx7VPU2FQKliwz
ZXh6xTvARlnXuN1aEiW3rxVfGnMorihr0BByxlYGaO5QBXuIAC/TMWzM/viVCx0V
hHh/eKAyhg1yarKRDBLZGQhvQhjGygZvO1+z5DbhPC28m+QlA+fvs+aTqQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFO4wyN3aZ1Ft/EvDs8aqgl3grrIcMB8GA1UdIwQY
MBaAFI+2IKSDjvbiG8wmrTUSYtdWbrJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajdZZ3BJT085dUliekNhdE5SSmkxMVp1c25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lYzM1MTItNzFiYS00NDFlLWJmZTEt
ZGE3ZDQ1YjczMmZhLzEvN2pESTNkcG5VVzM4UzhPenhxcUNYZUN1c2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lYzM1MTItNzFiYS00NDFlLWJmZTEtZGE3ZDQ1YjczMmZh
LzEvajdZZ3BJT085dUliekNhdE5SSmkxMVp1c25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDHynIAwQE
Tm7QAwQGX1XAAwQCuRgUMA0EAgACMAcDBQAqAQUQMA0GCSqGSIb3DQEBCwUAA4IB
AQBqJyzan3DiwiRTLnXx0sV66d5h4OH9Zx8i9REJUsFcJsHiKwpLpVtC6udOUDwK
j6Gvnuk6q9+oBUHLI+LvreLLImynFruKUYE8VQT7ffnsll8HeKe9WX8dWffkLYW4
5FaIrFxbuhBb63SSJCrpshpI1XSvadlxjTEsvdTxFF1EMNtcUizNmYD91VeLHav7
uvCTT8zHlUDpi/pwMEs8yE13wIzjItdUkw/XilatfapGxsMEI3Qz9DZYGOL5DaSk
qFo3qVIbNuYep+RrJZDB/J2EN1mtLZ/Lq5lbTS0wR+OgB9VkBtTDF4FVWU0KMIdM
YwuPDU5C6f8k0weBRqKC7eH8
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:48:54 2025 by rpki-client