Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/VIAzIZubQu6Tlx4Qv89ZfZBmwCg.roa
File: VIAzIZubQu6Tlx4Qv89ZfZBmwCg.roa (raw, json)
Hash identifier: 64wu6pYQuxHAKgERgOmhEvfpZOd0JE2b83GRj8884yo=
Subject key identifier: 54:80:33:21:9B:9B:42:EE:93:97:1E:10:BF:CF:59:7D:90:66:C0:28
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 0182B1421AA6C3C07F6EB2A894578CDEC7DE
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/VIAzIZubQu6Tlx4Qv89ZfZBmwCg.roa
Signing time: Thu 18 Aug 2022 14:01:15 +0000
ROA not before: Thu 18 Aug 2022 14:01:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 210000
IP address blocks: 176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
2a12:3fc0::/44 maxlen: 44
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:b1:42:1a:a6:c3:c0:7f:6e:b2:a8:94:57:8c:de:c7:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Aug 18 14:01:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=548033219b9b42ee93971e10bfcf597d9066c028
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:53:ea:f8:c3:d5:3d:ee:da:5b:8b:72:4c:1c:
53:e6:1e:1d:83:4b:57:0f:e6:40:87:41:8c:42:79:
a9:ea:7e:62:e3:23:f0:71:66:8b:0f:13:74:fd:1a:
c0:64:df:35:27:b0:ef:b0:34:d0:50:39:a6:d9:2d:
7d:3a:9a:b2:8b:c1:23:e3:ba:f5:aa:d3:ad:f1:39:
32:41:c8:c8:1f:28:a1:e7:bc:3c:21:e2:ee:f3:21:
c3:0e:f4:cc:73:03:c0:7c:b4:8c:ce:8c:61:bb:2b:
fa:6c:a1:8d:e7:73:89:c3:6d:df:bc:b4:f4:fe:f8:
d3:47:39:9e:0c:86:5a:e1:50:80:58:cc:0e:a6:ce:
f4:2c:9b:23:b4:0a:00:8d:db:42:44:8f:df:29:d1:
f4:f2:f2:7e:fc:89:00:cc:8b:cf:94:23:9f:5e:00:
de:54:8f:56:e5:73:6c:78:cd:f7:ba:22:3a:41:af:
ea:e6:49:8a:94:7c:d7:49:4b:d9:c4:6f:78:87:47:
38:1b:72:02:38:bb:7a:c9:f9:b3:c9:ac:f2:6e:15:
f3:3b:b3:af:55:dc:2e:84:d7:c2:9b:1c:34:87:86:
7f:ad:64:e9:55:53:fe:25:d9:77:6b:dd:8a:a4:45:
34:23:be:eb:86:70:65:70:b1:aa:c9:5e:4b:e5:61:
d5:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:80:33:21:9B:9B:42:EE:93:97:1E:10:BF:CF:59:7D:90:66:C0:28
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/VIAzIZubQu6Tlx4Qv89ZfZBmwCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.223.0/24
194.156.188.0/24
IPv6:
2a12:3fc0::/44
Signature Algorithm: sha256WithRSAEncryption
1e:fc:28:f4:1f:b2:9f:d0:42:f8:df:c4:25:e3:3e:24:22:c5:
6d:b2:bd:47:56:b8:73:c3:2e:6b:d1:47:e8:b3:37:f1:96:bf:
99:a0:01:18:38:89:2f:be:d4:b0:dc:d7:7d:39:76:3d:fc:28:
75:96:4e:b1:c3:60:04:49:62:98:26:fe:dd:3a:b2:3b:57:9c:
1e:ff:d0:a9:66:e6:bf:e5:4e:9a:d4:9b:9c:97:1e:df:5f:7e:
01:b0:a9:4c:01:85:54:34:08:02:ac:e8:db:82:ed:d8:6c:3c:
82:c1:03:bb:ee:01:56:c1:8f:62:0e:df:3f:b3:b2:e8:82:8d:
ee:95:c3:5b:83:a2:24:74:60:2b:87:a8:4a:d2:c4:b3:d2:a1:
d1:59:9d:8f:f8:e3:2b:33:1d:20:7d:39:f6:00:5e:0d:c6:43:
06:63:b0:23:80:d9:be:7c:f4:ee:da:26:b3:58:05:1d:79:02:
0a:41:14:ba:54:4a:7f:53:c3:6a:a9:cf:f2:02:e6:e7:a6:7b:
79:08:ee:a2:db:cc:b6:04:04:41:0d:b4:52:69:3d:74:4a:04:
39:54:7d:b5:30:fb:11:00:10:11:7b:c1:33:5b:d9:9b:9a:ca:
ad:f2:e5:3b:be:6a:9f:c5:e2:93:34:18:18:8f:35:86:97:78:
d5:cf:4d:ce
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYKxQhqmw8B/brKolFeM3sfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjIwODE4MTQwMTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgwMzMyMTliOWI0MmVlOTM5NzFlMTBiZmNmNTk3ZDkwNjZjMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylPq+MPVPe7aW4tyTBxT5h4dg0tX
D+ZAh0GMQnmp6n5i4yPwcWaLDxN0/RrAZN81J7DvsDTQUDmm2S19Opqyi8Ej47r1
qtOt8TkyQcjIHyih57w8IeLu8yHDDvTMcwPAfLSMzoxhuyv6bKGN53OJw23fvLT0
/vjTRzmeDIZa4VCAWMwOps70LJsjtAoAjdtCRI/fKdH08vJ+/IkAzIvPlCOfXgDe
VI9W5XNseM33uiI6Qa/q5kmKlHzXSUvZxG94h0c4G3ICOLt6yfmzyazybhXzO7Ov
VdwuhNfCmxw0h4Z/rWTpVVP+Jdl3a92KpEU0I77rhnBlcLGqyV5L5WHV6wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFSAMyGbm0Luk5ceEL/PWX2QZsAoMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvVklBekladWJRdTZUbHg0UXY4OVpmWkJtd0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsHffAwQA
wpy8MA8EAgACMAkDBwQqEj/AAAAwDQYJKoZIhvcNAQELBQADggEBAB78KPQfsp/Q
QvjfxCXjPiQixW2yvUdWuHPDLmvRR+izN/GWv5mgARg4iS++1LDc1305dj38KHWW
TrHDYARJYpgm/t06sjtXnB7/0Klm5r/lTprUm5yXHt9ffgGwqUwBhVQ0CAKs6NuC
7dhsPILBA7vuAVbBj2IO3z+zsuiCje6Vw1uDoiR0YCuHqErSxLPSodFZnY/44ysz
HSB9OfYAXg3GQwZjsCOA2b589O7aJrNYBR15AgpBFLpUSn9Tw2qpz/IC5ueme3kI
7qLbzLYEBEENtFJpPXRKBDlUfbUw+xEAEBF7wTNb2Zuayq3y5Tu+ap/F4pM0GBiP
NYaXeNXPTc4=
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:23 2025 by rpki-client