Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/86a426-56ee-46dd-9425-7f92c34eb07c/1/0kKX53y6VzouxIcpcVRWV5QDugs.roa
File: 0kKX53y6VzouxIcpcVRWV5QDugs.roa (raw, json)
Hash identifier: lz25ZW5IHD4tYR5/fJd+h7HwQA0w3HVlcg9Sa22idpo=
Subject key identifier: D2:42:97:E7:7C:BA:57:3A:2E:C4:87:29:71:54:56:57:94:03:BA:0B
Certificate issuer: /CN=9c2cb7f9ca0efd72be258a4a09358806374b4662
Certificate serial: 01856D01C8C463EAB3B60CD0BF184743BA84
Authority key identifier: 9C:2C:B7:F9:CA:0E:FD:72:BE:25:8A:4A:09:35:88:06:37:4B:46:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nCy3-coO_XK-JYpKCTWIBjdLRmI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/86a426-56ee-46dd-9425-7f92c34eb07c/1/0kKX53y6VzouxIcpcVRWV5QDugs.roa
Signing time: Sun 01 Jan 2023 11:05:11 +0000
ROA not before: Sun 01 Jan 2023 11:05:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28716
IP address blocks: 82.145.96.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:01:c8:c4:63:ea:b3:b6:0c:d0:bf:18:47:43:ba:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c2cb7f9ca0efd72be258a4a09358806374b4662
Validity
Not Before: Jan 1 11:05:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d24297e77cba573a2ec48729715456579403ba0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:5a:f1:f7:89:39:de:52:0d:da:ec:6c:c7:06:
d6:91:63:cd:53:2a:d6:df:e9:3d:5c:da:6f:05:94:
fd:5e:e6:5f:70:ae:d7:28:00:1c:8e:87:ac:18:f8:
76:72:e7:a5:ed:7f:68:5e:b9:eb:78:24:ae:e2:8e:
33:16:0d:0f:e4:42:84:90:ac:98:a7:59:96:b3:bd:
a5:28:f6:eb:92:c0:63:b9:cb:71:cc:57:ed:0e:c0:
1d:ec:77:54:95:91:a6:59:97:57:50:0f:20:a1:b3:
8a:10:66:9e:cb:87:a5:00:41:fd:4f:54:5c:b6:43:
ca:eb:22:87:d4:f8:a1:e5:36:88:63:78:af:38:13:
a2:dd:8d:b4:7d:55:84:53:a2:04:b0:9a:9f:56:37:
f2:2a:81:35:d9:bd:bf:d0:d1:59:62:2b:6c:19:4b:
9b:64:71:38:4a:1a:37:fd:ab:65:b4:8a:e4:66:a7:
00:45:c7:ab:5b:60:c7:c8:17:d1:d8:b2:2b:60:70:
75:9e:e7:f8:4d:05:65:e0:e9:d7:93:44:12:5e:1a:
d9:59:96:b2:d4:d2:b0:60:cb:16:ee:81:6d:14:8f:
cd:17:96:58:9c:65:b4:51:a5:3f:8a:ab:7d:ae:4b:
5d:62:12:dc:fb:47:16:02:95:0d:9c:1d:ed:3f:b3:
7d:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:42:97:E7:7C:BA:57:3A:2E:C4:87:29:71:54:56:57:94:03:BA:0B
X509v3 Authority Key Identifier:
keyid:9C:2C:B7:F9:CA:0E:FD:72:BE:25:8A:4A:09:35:88:06:37:4B:46:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nCy3-coO_XK-JYpKCTWIBjdLRmI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/86a426-56ee-46dd-9425-7f92c34eb07c/1/0kKX53y6VzouxIcpcVRWV5QDugs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/86a426-56ee-46dd-9425-7f92c34eb07c/1/nCy3-coO_XK-JYpKCTWIBjdLRmI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.145.96.0/19
Signature Algorithm: sha256WithRSAEncryption
1f:50:10:94:73:74:c2:b8:1b:26:20:4f:6b:0d:82:4b:19:4f:
5e:ce:7f:85:e1:23:53:86:56:be:60:49:12:a1:b2:18:de:98:
49:26:c0:7b:17:20:d1:04:e1:e4:c1:53:bb:ed:62:33:54:ee:
34:30:2c:1d:ee:b2:f5:91:3f:9e:cd:a6:6a:21:b2:ad:13:c5:
31:46:27:c7:76:60:31:4b:e0:3d:b0:67:26:0a:84:01:c1:8c:
8c:8f:6d:9e:ff:a3:66:3c:a8:4a:b7:7a:e5:33:7d:a6:ef:c2:
1c:3f:27:79:9c:c5:14:65:60:a3:08:ba:4e:5a:22:d3:b7:1a:
8f:5d:3e:38:dc:23:2d:0a:34:cf:f9:0d:74:5f:a0:82:ac:fc:
b1:ac:c5:15:f9:a0:7f:75:63:24:27:2d:3a:03:d9:5d:77:9a:
af:c2:36:fd:e3:ce:25:af:f6:59:49:17:56:2b:98:e5:7c:1d:
92:15:ac:70:11:c5:95:c3:02:ae:8e:a3:89:66:af:d6:e1:30:
aa:e1:84:19:74:82:ff:51:5d:0f:a7:6e:97:ef:18:81:9e:a1:
dc:94:c8:ae:1c:fb:09:a0:1d:d2:22:e5:06:bd:54:09:b4:71:
22:03:f1:73:8a:88:06:86:23:29:ba:f5:4e:d8:1f:2c:15:cb:
f9:d2:57:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtAcjEY+qztgzQvxhHQ7qEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMmNiN2Y5Y2EwZWZkNzJiZTI1OGE0YTA5MzU4ODA2Mzc0
YjQ2NjIwHhcNMjMwMTAxMTEwNTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQyOTdlNzdjYmE1NzNhMmVjNDg3Mjk3MTU0NTY1Nzk0MDNiYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31rx94k53lIN2uxsxwbWkWPNUyrW
3+k9XNpvBZT9XuZfcK7XKAAcjoesGPh2cuel7X9oXrnreCSu4o4zFg0P5EKEkKyY
p1mWs72lKPbrksBjuctxzFftDsAd7HdUlZGmWZdXUA8gobOKEGaey4elAEH9T1Rc
tkPK6yKH1Pih5TaIY3ivOBOi3Y20fVWEU6IEsJqfVjfyKoE12b2/0NFZYitsGUub
ZHE4Sho3/atltIrkZqcARcerW2DHyBfR2LIrYHB1nuf4TQVl4OnXk0QSXhrZWZay
1NKwYMsW7oFtFI/NF5ZYnGW0UaU/iqt9rktdYhLc+0cWApUNnB3tP7N9IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJCl+d8ulc6LsSHKXFUVleUA7oLMB8GA1UdIwQY
MBaAFJwst/nKDv1yviWKSgk1iAY3S0ZiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkN5My1jb09fWEstSllwS0NUV0lCamRMUm1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84NmE0MjYtNTZlZS00NmRkLTk0MjUt
N2Y5MmMzNGViMDdjLzEvMGtLWDUzeTZWem91eEljcGNWUldWNVFEdWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84NmE0MjYtNTZlZS00NmRkLTk0MjUtN2Y5MmMzNGViMDdj
LzEvbkN5My1jb09fWEstSllwS0NUV0lCamRMUm1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFUpFgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfUBCUc3TCuBsmIE9rDYJLGU9ezn+F4SNThla+YEkS
obIY3phJJsB7FyDRBOHkwVO77WIzVO40MCwd7rL1kT+ezaZqIbKtE8UxRifHdmAx
S+A9sGcmCoQBwYyMj22e/6NmPKhKt3rlM32m78IcPyd5nMUUZWCjCLpOWiLTtxqP
XT443CMtCjTP+Q10X6CCrPyxrMUV+aB/dWMkJy06A9ldd5qvwjb9484lr/ZZSRdW
K5jlfB2SFaxwEcWVwwKujqOJZq/W4TCq4YQZdIL/UV0Pp26X7xiBnqHclMiuHPsJ
oB3SIuUGvVQJtHEiA/FziogGhiMpuvVO2B8sFcv50lca
-----END CERTIFICATE-----
Generated at Sun Apr 20 15:07:03 2025 by rpki-client