Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/z8MQTdcjXwQoPtG4hhtzk_tvoO8.roa
File: z8MQTdcjXwQoPtG4hhtzk_tvoO8.roa (raw, json)
Hash identifier: 2t97KkXOc9ciW8WAc+N2bSG/4SKMXyF8s89Qy69Shl8=
Subject key identifier: CF:C3:10:4D:D7:23:5F:04:28:3E:D1:B8:86:1B:73:93:FB:6F:A0:EF
Certificate issuer: /CN=d50ca5213413c70a9e83b47a82a7c4579dd4c196
Certificate serial: 0193EED55A2C8D509D936E949C80F929FCD6
Authority key identifier: D5:0C:A5:21:34:13:C7:0A:9E:83:B4:7A:82:A7:C4:57:9D:D4:C1:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1QylITQTxwqeg7R6gqfEV53UwZY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/z8MQTdcjXwQoPtG4hhtzk_tvoO8.roa
Signing time: Sun 22 Dec 2024 14:46:19 +0000
ROA not before: Sun 22 Dec 2024 14:46:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43293
IP address blocks: 77.93.64.0/19 maxlen: 19
77.93.64.0/20 maxlen: 20
2a01:350::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:ee:d5:5a:2c:8d:50:9d:93:6e:94:9c:80:f9:29:fc:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d50ca5213413c70a9e83b47a82a7c4579dd4c196
Validity
Not Before: Dec 22 14:46:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cfc3104dd7235f04283ed1b8861b7393fb6fa0ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:cf:38:d6:13:45:76:f5:c9:67:1a:40:22:cb:
5d:6e:29:e8:7f:21:00:2a:cb:2b:10:bb:05:02:a9:
43:ed:c8:a5:bb:7c:92:11:a2:a1:f0:93:96:fb:1a:
b0:cb:6c:11:3b:34:ba:e5:8b:6c:98:a5:ac:81:11:
2d:5f:0e:04:ed:56:30:fe:d7:18:3a:5e:f1:e7:7f:
26:54:09:8d:d7:04:fe:f1:19:cb:47:60:c3:e2:79:
d7:48:48:d9:23:b7:65:9b:96:8a:2e:0a:3e:86:9a:
e9:6b:f5:11:53:9f:af:26:f5:45:9e:bb:2b:62:fa:
7d:a8:ed:2d:6c:19:e8:17:bb:88:c4:4f:ad:b5:27:
41:dc:4e:dc:c5:b9:57:26:67:b1:13:77:ac:2c:1e:
02:4c:8c:54:ab:b8:c0:ea:72:3d:37:a0:61:6f:f1:
33:21:d1:94:ea:44:40:d6:d6:75:23:de:07:a1:2d:
74:f4:b8:94:30:58:3d:c3:88:79:8f:f6:2f:a6:89:
71:e2:2d:12:4e:88:65:3d:12:f4:ed:90:bb:fd:08:
20:dd:e8:9b:e6:45:f2:93:75:f8:af:b6:4b:d8:91:
d7:77:ec:91:0d:dd:c1:7d:8a:72:91:d1:7f:0b:e5:
be:f3:83:74:30:ab:41:39:d6:2b:20:12:e4:c8:31:
8f:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:C3:10:4D:D7:23:5F:04:28:3E:D1:B8:86:1B:73:93:FB:6F:A0:EF
X509v3 Authority Key Identifier:
keyid:D5:0C:A5:21:34:13:C7:0A:9E:83:B4:7A:82:A7:C4:57:9D:D4:C1:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QylITQTxwqeg7R6gqfEV53UwZY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/z8MQTdcjXwQoPtG4hhtzk_tvoO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/1QylITQTxwqeg7R6gqfEV53UwZY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.64.0/19
IPv6:
2a01:350::/32
Signature Algorithm: sha256WithRSAEncryption
8b:5c:69:70:2a:26:13:d1:e0:81:db:f5:f0:a3:71:ac:c9:bb:
fd:2a:c7:4e:a4:90:cb:93:4c:ca:17:cd:5a:76:84:4f:fc:7d:
f3:f1:26:84:85:46:1d:27:d8:40:7b:0b:96:54:29:56:9d:00:
c8:71:24:29:ef:48:3d:a0:35:8a:75:7b:c7:d0:aa:ba:3e:00:
81:6c:63:66:f7:c5:0a:ec:04:37:87:4d:ec:49:9a:5c:bb:e5:
04:7c:25:39:31:27:17:34:47:0f:d0:65:42:01:6e:8d:ff:92:
76:7f:5f:bd:87:51:fe:ab:96:79:dc:2e:4b:da:3b:b3:d6:f2:
26:97:bb:cd:15:73:32:c6:b0:c6:ed:a1:9e:ad:13:99:b9:31:
21:21:b0:99:c5:da:99:2f:ce:30:51:23:b4:a8:b1:f5:a7:2a:
1a:97:22:08:07:84:25:09:3b:63:92:c8:e8:ce:d9:e4:0c:3e:
b4:28:fe:60:77:9b:c6:fa:1f:8d:e8:b7:76:51:1d:50:56:74:
32:3a:d2:a0:a3:99:da:48:8f:5a:43:d6:ab:eb:c7:bf:a6:0b:
d7:3d:7a:26:d1:db:97:56:dd:b7:1a:b4:0b:b8:73:7e:05:05:
3a:0c:14:6f:8f:2a:3e:3d:17:58:46:35:7f:2b:75:3d:00:d4:
58:76:15:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZPu1VosjVCdk26UnID5KfzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MGNhNTIxMzQxM2M3MGE5ZTgzYjQ3YTgyYTdjNDU3OWRk
NGMxOTYwHhcNMjQxMjIyMTQ0NjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMzMTA0ZGQ3MjM1ZjA0MjgzZWQxYjg4NjFiNzM5M2ZiNmZhMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus841hNFdvXJZxpAIstdbinofyEA
KssrELsFAqlD7cilu3ySEaKh8JOW+xqwy2wROzS65YtsmKWsgREtXw4E7VYw/tcY
Ol7x538mVAmN1wT+8RnLR2DD4nnXSEjZI7dlm5aKLgo+hprpa/URU5+vJvVFnrsr
Yvp9qO0tbBnoF7uIxE+ttSdB3E7cxblXJmexE3esLB4CTIxUq7jA6nI9N6Bhb/Ez
IdGU6kRA1tZ1I94HoS109LiUMFg9w4h5j/Yvpolx4i0STohlPRL07ZC7/Qgg3eib
5kXyk3X4r7ZL2JHXd+yRDd3BfYpykdF/C+W+84N0MKtBOdYrIBLkyDGPYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM/DEE3XI18EKD7RuIYbc5P7b6DvMB8GA1UdIwQY
MBaAFNUMpSE0E8cKnoO0eoKnxFed1MGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVF5bElUUVR4d3FlZzdSNmdxZkVWNTNVd1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8yMmY4MGYtM2EwOC00OWM2LWI0MDUt
MzU0YjExYWYyMzNlLzEvejhNUVRkY2pYd1FvUHRHNGhodHprX3R2b084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8yMmY4MGYtM2EwOC00OWM2LWI0MDUtMzU0YjExYWYyMzNl
LzEvMVF5bElUUVR4d3FlZzdSNmdxZkVWNTNVd1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTV1AMA0E
AgACMAcDBQAqAQNQMA0GCSqGSIb3DQEBCwUAA4IBAQCLXGlwKiYT0eCB2/Xwo3Gs
ybv9KsdOpJDLk0zKF81adoRP/H3z8SaEhUYdJ9hAewuWVClWnQDIcSQp70g9oDWK
dXvH0Kq6PgCBbGNm98UK7AQ3h03sSZpcu+UEfCU5MScXNEcP0GVCAW6N/5J2f1+9
h1H+q5Z53C5L2juz1vIml7vNFXMyxrDG7aGerROZuTEhIbCZxdqZL84wUSO0qLH1
pyoalyIIB4QlCTtjksjoztnkDD60KP5gd5vG+h+N6Ld2UR1QVnQyOtKgo5naSI9a
Q9ar68e/pgvXPXom0duXVt23GrQLuHN+BQU6DBRvjyo+PRdYRjV/K3U9ANRYdhWI
-----END CERTIFICATE-----
Generated at Fri Apr 18 12:38:44 2025 by rpki-client