Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/8eAQJgeZnHYTZPuuZtisYxRE7H0.roa
File: 8eAQJgeZnHYTZPuuZtisYxRE7H0.roa (raw, json)
Hash identifier: gBhkebFQ1/Xbidaj+WyEFsfkU4Rm4AD/iSThrbvCHOM=
Subject key identifier: F1:E0:10:26:07:99:9C:76:13:64:FB:AE:66:D8:AC:63:14:44:EC:7D
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 018C68C280D155D9326ADC117B408EE6D4D3
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/8eAQJgeZnHYTZPuuZtisYxRE7H0.roa
Signing time: Thu 14 Dec 2023 14:37:06 +0000
ROA not before: Thu 14 Dec 2023 14:37:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20668
IP address blocks: 193.3.55.0/24 maxlen: 24
193.56.144.0/24 maxlen: 24
62.3.28.0/24 maxlen: 24
93.190.122.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:68:c2:80:d1:55:d9:32:6a:dc:11:7b:40:8e:e6:d4:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Dec 14 14:37:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f1e0102607999c761364fbae66d8ac631444ec7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:d4:8c:16:38:d9:8f:dd:8f:98:1a:6d:84:ea:
67:69:36:a1:ac:c8:37:0f:4d:db:a8:dc:c9:c2:86:
45:09:40:79:bb:ce:98:01:e9:ba:b4:81:79:67:97:
bc:15:f7:60:be:08:c6:24:68:4b:e6:b2:8d:56:20:
56:53:a6:ee:6c:ca:b4:54:00:a8:75:d6:bf:67:ba:
db:aa:4b:f0:f1:23:c7:07:96:be:c5:63:75:15:72:
80:d4:83:6a:a7:72:1c:3e:b9:40:0a:f6:7d:2c:64:
75:1e:8c:c7:2c:29:ee:f1:4e:5d:56:1c:25:8a:d1:
e7:9a:0b:c1:b5:5c:0b:27:bc:43:bb:c7:ca:6d:3a:
3e:a1:b5:93:71:52:c4:59:6e:83:0e:70:f8:a5:9c:
cb:83:cf:05:3a:8f:59:f5:b3:15:f3:34:76:51:96:
fc:fa:8f:f0:9f:bc:88:06:d2:34:77:97:e6:ea:2d:
a0:e2:e3:6d:87:ef:00:d5:b2:7d:60:54:23:d1:98:
f8:7b:69:25:60:e4:c9:3b:ef:b1:30:65:95:70:c6:
d7:da:c7:5c:e5:42:8b:9d:15:f5:d9:84:71:e4:78:
46:ae:25:27:de:8f:57:f5:b0:60:fb:78:00:46:0e:
e3:b2:38:9a:e1:cc:4c:24:25:98:f8:28:a1:e9:5c:
59:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:E0:10:26:07:99:9C:76:13:64:FB:AE:66:D8:AC:63:14:44:EC:7D
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/8eAQJgeZnHYTZPuuZtisYxRE7H0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.3.28.0/24
93.190.122.0/24
193.3.55.0/24
193.56.144.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:14:b8:60:40:c8:da:b1:58:1f:c8:ab:43:56:bf:e3:29:25:
ac:1f:2e:02:71:67:0b:1e:8f:db:d6:0e:88:80:0f:16:10:8a:
a1:62:16:9f:23:07:ac:11:c6:6c:d5:04:d1:9d:19:2d:94:eb:
44:1b:4d:90:e2:06:8b:df:f0:19:a4:1a:4e:1a:18:2e:b8:71:
83:41:cb:a6:09:5f:21:cf:2f:aa:cf:f3:87:ee:ee:e1:3f:a7:
97:09:24:f2:c6:d4:92:9c:e0:f0:84:80:b8:3a:c1:f4:a8:93:
cc:0a:e3:47:8f:c3:8f:bc:c1:53:8b:2d:9e:b1:8f:48:21:bd:
69:5f:d7:ef:b2:e7:e2:50:e1:1d:4a:3c:b8:99:08:20:eb:70:
4c:87:29:39:d9:82:43:22:01:e1:77:c7:64:ff:22:f4:48:11:
0e:8f:d5:2d:ca:0e:b6:4a:00:3c:9c:1c:0c:a2:8b:5e:4c:b7:
6f:04:c4:ff:42:18:e8:a8:19:cc:77:08:ce:42:2c:d1:ca:8a:
df:5a:51:3e:74:d4:1b:99:85:39:98:d0:63:ed:90:0b:51:c1:
66:d2:13:11:26:de:64:a3:1f:96:1b:41:a8:55:f2:dd:89:60:
3b:2b:93:e2:50:3b:9d:84:21:ca:0d:e0:56:2b:2b:da:7f:9e:
35:de:e6:5d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYxowoDRVdkyatwRe0CO5tTTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjMxMjE0MTQzNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWUwMTAyNjA3OTk5Yzc2MTM2NGZiYWU2NmQ4YWM2MzE0NDRlYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtSMFjjZj92PmBpthOpnaTahrMg3
D03bqNzJwoZFCUB5u86YAem6tIF5Z5e8FfdgvgjGJGhL5rKNViBWU6bubMq0VACo
dda/Z7rbqkvw8SPHB5a+xWN1FXKA1INqp3IcPrlACvZ9LGR1HozHLCnu8U5dVhwl
itHnmgvBtVwLJ7xDu8fKbTo+obWTcVLEWW6DDnD4pZzLg88FOo9Z9bMV8zR2UZb8
+o/wn7yIBtI0d5fm6i2g4uNth+8A1bJ9YFQj0Zj4e2klYOTJO++xMGWVcMbX2sdc
5UKLnRX12YRx5HhGriUn3o9X9bBg+3gARg7jsjia4cxMJCWY+Cih6VxZuwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPHgECYHmZx2E2T7rmbYrGMUROx9MB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvOGVBUUpnZVpuSFlUWlB1dVp0aXNZeFJFN0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAPgMcAwQA
Xb56AwQAwQM3AwQAwTiQMA0GCSqGSIb3DQEBCwUAA4IBAQB+FLhgQMjasVgfyKtD
Vr/jKSWsHy4CcWcLHo/b1g6IgA8WEIqhYhafIwesEcZs1QTRnRktlOtEG02Q4gaL
3/AZpBpOGhguuHGDQcumCV8hzy+qz/OH7u7hP6eXCSTyxtSSnODwhIC4OsH0qJPM
CuNHj8OPvMFTiy2esY9IIb1pX9fvsufiUOEdSjy4mQgg63BMhyk52YJDIgHhd8dk
/yL0SBEOj9Utyg62SgA8nBwMooteTLdvBMT/QhjoqBnMdwjOQizRyorfWlE+dNQb
mYU5mNBj7ZALUcFm0hMRJt5kox+WG0GoVfLdiWA7K5PiUDudhCHKDeBWKyvaf541
3uZd
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:40:45 2025 by rpki-client