Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/dtC6oBO-Opk2K8GOBFeeuAxuKQE.roa
File: dtC6oBO-Opk2K8GOBFeeuAxuKQE.roa (raw, json)
Hash identifier: IHLkLHxK0AKCKq8Vy4t0HuEGFrWDhdQ2EAAt+x4AIe0=
Subject key identifier: 76:D0:BA:A0:13:BE:3A:99:36:2B:C1:8E:04:57:9E:B8:0C:6E:29:01
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 0181D3F9221CA3877B94FD904D823A699D82
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/dtC6oBO-Opk2K8GOBFeeuAxuKQE.roa
Signing time: Wed 06 Jul 2022 14:45:28 +0000
ROA not before: Wed 06 Jul 2022 14:45:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 83.172.63.0/24 maxlen: 24
83.172.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:d3:f9:22:1c:a3:87:7b:94:fd:90:4d:82:3a:69:9d:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jul 6 14:45:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=76d0baa013be3a99362bc18e04579eb80c6e2901
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:55:7f:98:7b:3b:99:5b:25:a9:bf:f6:1b:44:
27:09:7b:02:58:fa:76:9b:ef:ce:1d:c2:0d:95:db:
34:68:59:6b:de:d2:3c:05:c8:75:ad:1b:18:81:4c:
da:e6:66:96:83:bb:99:5b:c4:0a:40:ed:39:1f:e1:
6c:e9:6d:3d:0c:83:fb:5a:4d:18:d2:88:be:6d:cc:
bc:18:05:8e:a9:76:57:72:ef:03:44:e3:c6:76:83:
78:c1:56:b3:d4:25:6d:5b:b1:9e:41:04:15:ee:32:
d9:34:5a:3b:55:81:c3:c2:4e:d2:7c:55:e1:ab:e8:
53:54:69:b4:09:ab:80:41:6d:00:83:85:8b:5a:e5:
8b:67:06:90:04:8e:b5:f5:33:95:b6:ad:01:e0:87:
7c:68:b5:18:4c:ad:c9:1d:72:da:18:20:21:67:cd:
7d:48:24:bd:6f:a6:97:50:70:db:f8:25:58:5d:6b:
03:b1:80:51:c8:e0:f4:0c:38:f4:0f:35:e8:2e:94:
13:3f:ab:0c:8d:56:bd:92:7b:fa:c6:63:9b:6b:85:
d0:4c:2b:21:73:de:86:8e:54:a6:e1:99:7a:54:15:
46:9f:69:1e:cd:98:2e:8f:56:bd:a4:8d:46:8e:70:
f3:85:17:e0:d3:fe:73:87:02:70:64:f7:f1:3b:38:
09:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:D0:BA:A0:13:BE:3A:99:36:2B:C1:8E:04:57:9E:B8:0C:6E:29:01
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/dtC6oBO-Opk2K8GOBFeeuAxuKQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.172.60.0/24
83.172.63.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:0b:cd:91:97:90:9c:07:75:d0:ff:fb:67:b4:2f:d2:97:63:
2c:8c:43:9c:3e:d4:3a:ef:68:2b:03:74:f3:03:ac:1b:7f:2f:
ef:3c:c7:c7:25:7d:78:8b:be:83:88:a6:1b:9a:81:75:1e:1d:
56:c2:75:16:5f:48:a5:f0:94:87:7f:e0:c1:1a:a0:fe:98:39:
d9:75:e9:4c:eb:06:04:23:01:bf:3c:2a:cb:ba:2b:9e:29:02:
08:e8:9d:69:26:42:59:a3:63:bf:ad:cc:45:25:dc:f3:5c:7e:
03:bb:ed:ad:90:ba:a1:19:14:31:a4:8f:84:b6:c4:69:56:00:
92:56:54:25:49:25:17:8f:74:5c:b1:a7:93:22:38:6d:06:13:
4e:2d:c6:1d:81:d7:85:d7:40:e1:47:b5:32:17:d6:0f:1a:97:
2b:23:fd:b4:48:98:9d:c8:61:39:dc:3f:93:0d:ec:4f:0b:6d:
65:e2:8c:33:af:b3:1a:ad:96:9a:1a:ec:a2:4d:ca:d0:88:81:
dc:f8:15:c0:50:50:29:4a:63:7e:f2:47:32:56:12:05:b3:0a:
00:df:31:84:68:c7:e7:a4:a0:10:98:f0:c4:22:98:77:25:ec:
b2:11:0b:c7:24:8a:ee:16:01:70:1a:de:10:ad:9f:e9:14:fa:
76:32:e9:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYHT+SIco4d7lP2QTYI6aZ2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjIwNzA2MTQ0NTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQwYmFhMDEzYmUzYTk5MzYyYmMxOGUwNDU3OWViODBjNmUyOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFV/mHs7mVslqb/2G0QnCXsCWPp2
m+/OHcINlds0aFlr3tI8Bch1rRsYgUza5maWg7uZW8QKQO05H+Fs6W09DIP7Wk0Y
0oi+bcy8GAWOqXZXcu8DROPGdoN4wVaz1CVtW7GeQQQV7jLZNFo7VYHDwk7SfFXh
q+hTVGm0CauAQW0Ag4WLWuWLZwaQBI619TOVtq0B4Id8aLUYTK3JHXLaGCAhZ819
SCS9b6aXUHDb+CVYXWsDsYBRyOD0DDj0DzXoLpQTP6sMjVa9knv6xmOba4XQTCsh
c96GjlSm4Zl6VBVGn2kezZguj1a9pI1GjnDzhRfg0/5zhwJwZPfxOzgJLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHbQuqATvjqZNivBjgRXnrgMbikBMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvZHRDNm9CTy1PcGsySzhHT0JGZWV1QXh1S1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU6w8AwQA
U6w/MA0GCSqGSIb3DQEBCwUAA4IBAQAsC82Rl5CcB3XQ//tntC/Sl2MsjEOcPtQ6
72grA3TzA6wbfy/vPMfHJX14i76DiKYbmoF1Hh1WwnUWX0il8JSHf+DBGqD+mDnZ
delM6wYEIwG/PCrLuiueKQII6J1pJkJZo2O/rcxFJdzzXH4Du+2tkLqhGRQxpI+E
tsRpVgCSVlQlSSUXj3RcsaeTIjhtBhNOLcYdgdeF10DhR7UyF9YPGpcrI/20SJid
yGE53D+TDexPC21l4owzr7MarZaaGuyiTcrQiIHc+BXAUFApSmN+8kcyVhIFswoA
3zGEaMfnpKAQmPDEIph3JeyyEQvHJIruFgFwGt4QrZ/pFPp2Mumo
-----END CERTIFICATE-----
Generated at Tue Apr 22 01:27:52 2025 by rpki-client