Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/P60qFGOtfekj3PcVAhU9WkszDxs.roa
File: P60qFGOtfekj3PcVAhU9WkszDxs.roa (raw, json)
Hash identifier: 33YvYrM/CsMcKQmrAr7BhQSQFeJrAanZuMsD+LPg4wA=
Subject key identifier: 3F:AD:2A:14:63:AD:7D:E9:23:DC:F7:15:02:15:3D:5A:4B:33:0F:1B
Certificate issuer: /CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
Certificate serial: 01856D9D1187682378C6E8E8FA2AB950DAB2
Authority key identifier: 7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/P60qFGOtfekj3PcVAhU9WkszDxs.roa
Signing time: Sun 01 Jan 2023 13:54:48 +0000
ROA not before: Sun 01 Jan 2023 13:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201032
IP address blocks: 185.77.88.0/24 maxlen: 24
185.77.91.0/24 maxlen: 24
185.77.90.0/24 maxlen: 24
185.77.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:9d:11:87:68:23:78:c6:e8:e8:fa:2a:b9:50:da:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
Validity
Not Before: Jan 1 13:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fad2a1463ad7de923dcf71502153d5a4b330f1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:72:02:c4:ad:7f:bf:86:99:9d:74:f6:cc:bb:
33:90:4a:fc:0f:6a:a7:a7:b6:78:f0:06:55:03:8f:
c6:ca:1e:f4:8f:57:0c:db:85:ee:ef:cf:fe:54:5f:
4a:d9:75:b0:6b:77:4d:e9:d5:67:b2:f7:c3:10:e8:
94:2f:e1:7d:25:06:97:e4:e7:5a:b0:08:e5:94:2a:
9d:a8:1d:f5:7e:e5:d4:b1:65:08:db:29:46:17:3c:
ab:80:9a:05:bc:d9:d0:a7:d0:26:ac:b4:e1:b8:d6:
4e:b9:67:6c:af:59:aa:be:f1:60:3a:09:55:fe:20:
cc:e9:b7:d4:9e:0a:69:59:f3:b2:62:89:17:4b:86:
6e:da:50:77:e1:21:c0:0d:79:a2:ec:e0:a6:70:65:
a6:85:8d:02:dd:8b:2a:70:de:ae:ad:45:03:58:c6:
26:7b:b3:c5:fb:be:e7:d3:18:a4:e3:6a:8d:af:cf:
76:9a:35:7b:64:79:c9:e6:f8:02:ce:e3:d6:c7:50:
d5:31:a5:29:7e:87:d3:1f:90:e4:ad:01:ce:4f:0f:
b4:9b:ca:34:7d:20:f1:5d:28:eb:8c:68:f9:87:34:
23:59:8c:cd:3b:92:bb:ab:8e:08:36:81:3d:d0:c2:
94:26:fb:72:1a:35:31:67:2b:d4:12:5e:5d:d4:48:
3e:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:AD:2A:14:63:AD:7D:E9:23:DC:F7:15:02:15:3D:5A:4B:33:0F:1B
X509v3 Authority Key Identifier:
keyid:7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/P60qFGOtfekj3PcVAhU9WkszDxs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/fruIjyuZ3ply4kRuugWKuOLNez8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.77.88.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:c8:4f:12:e2:c3:6c:3e:00:2b:0d:bd:56:e0:bb:9c:e8:48:
f6:1c:a5:8a:ed:0d:58:cc:2a:cd:be:78:9b:f5:ab:eb:90:93:
66:21:fc:c0:a1:8d:02:eb:a5:cf:c7:3f:04:da:a5:71:22:e7:
67:35:97:c5:19:cc:01:cf:78:76:9a:42:46:e1:d7:fa:5b:73:
ed:d9:1f:eb:74:29:bc:ce:c2:6a:35:95:eb:fd:a6:e7:c0:c5:
87:08:89:e0:dd:43:95:11:6b:8f:fe:1c:af:e9:f3:00:3a:26:
d0:03:5f:71:14:b2:81:ad:c8:03:2e:15:5c:e4:a9:ee:7f:e9:
ac:a4:ee:5a:7e:48:85:da:c3:30:6d:6c:fd:ba:61:16:28:c7:
d9:71:96:d9:fd:5f:9d:c2:af:80:e5:58:5e:00:81:dd:1c:6c:
27:62:48:44:fc:59:a9:8c:6f:0e:9a:18:5d:d0:1a:c5:66:72:
55:64:3b:6e:a8:80:bd:4b:61:6b:83:2d:0e:cc:fd:82:8b:55:
a1:19:85:86:96:9f:00:f4:7f:fd:93:7a:b1:c6:a5:74:dd:8a:
c1:4d:48:79:10:bf:4d:e6:71:b9:e8:6d:5e:87:b1:83:3c:02:
b1:c2:01:59:3e:d4:9a:36:1e:cb:c6:77:6c:55:77:59:0f:27:
1a:e9:61:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtnRGHaCN4xujo+iq5UNqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYmI4ODhmMmI5OWRlOTk3MmUyNDQ2ZWJhMDU4YWI4ZTJj
ZDdiM2YwHhcNMjMwMTAxMTM1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFkMmExNDYzYWQ3ZGU5MjNkY2Y3MTUwMjE1M2Q1YTRiMzMwZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXICxK1/v4aZnXT2zLszkEr8D2qn
p7Z48AZVA4/Gyh70j1cM24Xu78/+VF9K2XWwa3dN6dVnsvfDEOiUL+F9JQaX5Oda
sAjllCqdqB31fuXUsWUI2ylGFzyrgJoFvNnQp9AmrLThuNZOuWdsr1mqvvFgOglV
/iDM6bfUngppWfOyYokXS4Zu2lB34SHADXmi7OCmcGWmhY0C3YsqcN6urUUDWMYm
e7PF+77n0xik42qNr892mjV7ZHnJ5vgCzuPWx1DVMaUpfofTH5DkrQHOTw+0m8o0
fSDxXSjrjGj5hzQjWYzNO5K7q44INoE90MKUJvtyGjUxZyvUEl5d1Eg+zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+tKhRjrX3pI9z3FQIVPVpLMw8bMB8GA1UdIwQY
MBaAFH67iI8rmd6ZcuJEbroFirjizXs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2Qt
ZTFjMGE0ZDA0OTE3LzEvUDYwcUZHT3RmZWtqM1BjVkFoVTlXa3N6RHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2QtZTFjMGE0ZDA0OTE3
LzEvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU1YMA0G
CSqGSIb3DQEBCwUAA4IBAQAPyE8S4sNsPgArDb1W4Luc6Ej2HKWK7Q1YzCrNvnib
9avrkJNmIfzAoY0C66XPxz8E2qVxIudnNZfFGcwBz3h2mkJG4df6W3Pt2R/rdCm8
zsJqNZXr/abnwMWHCIng3UOVEWuP/hyv6fMAOibQA19xFLKBrcgDLhVc5Knuf+ms
pO5afkiF2sMwbWz9umEWKMfZcZbZ/V+dwq+A5VheAIHdHGwnYkhE/FmpjG8Omhhd
0BrFZnJVZDtuqIC9S2Frgy0OzP2Ci1WhGYWGlp8A9H/9k3qxxqV03YrBTUh5EL9N
5nG56G1eh7GDPAKxwgFZPtSaNh7LxndsVXdZDyca6WEs
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:37:14 2025 by rpki-client