Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/riDAd63NnKLDO_dTeI3yzDewC1I.roa
File: riDAd63NnKLDO_dTeI3yzDewC1I.roa (raw, json)
Hash identifier: HwNcNVeHLaGtXS6qVyc0lDnn4Hk0Fqc0604dHfwkdBU=
Subject key identifier: AE:20:C0:77:AD:CD:9C:A2:C3:3B:F7:53:78:8D:F2:CC:37:B0:0B:52
Certificate issuer: /CN=b59be6ee549f335c728497a79f1441034e852c35
Certificate serial: 018CC3B692A0816E55DFBF0EA9C81C4E9015
Authority key identifier: B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/riDAd63NnKLDO_dTeI3yzDewC1I.roa
Signing time: Mon 01 Jan 2024 06:29:31 +0000
ROA not before: Mon 01 Jan 2024 06:29:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15576
IP address blocks: 195.137.172.0/24 maxlen: 24
185.109.164.0/22 maxlen: 22
2a06:5100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:92:a0:81:6e:55:df:bf:0e:a9:c8:1c:4e:90:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b59be6ee549f335c728497a79f1441034e852c35
Validity
Not Before: Jan 1 06:29:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ae20c077adcd9ca2c33bf753788df2cc37b00b52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:30:e5:68:af:34:e6:9b:51:20:9d:d0:27:5f:
03:45:81:72:68:a8:f4:5f:11:8f:fe:35:4e:db:5c:
5d:5f:d4:26:2d:97:89:fd:6c:da:c9:29:9a:9c:23:
3c:2a:1b:a9:84:e8:62:ff:bf:08:b4:40:68:fb:c6:
98:6f:9f:36:95:fb:88:86:b0:d6:9b:e3:13:78:24:
5b:0f:a3:df:0a:92:1a:5a:1d:68:f4:02:19:3f:3f:
ef:32:48:0c:44:aa:67:22:39:bd:4c:e8:87:ee:e4:
30:59:67:a8:3d:e6:3a:68:71:d9:c5:3d:81:b0:f9:
98:22:06:a2:6f:b5:92:6e:c1:7d:dd:fe:29:b5:f2:
21:62:b3:1b:11:2c:28:b6:b6:82:4a:32:22:81:8e:
5b:49:61:ad:ef:11:ae:3b:72:ac:d0:38:59:5f:d6:
d3:0f:49:18:04:68:22:89:7a:3d:99:56:bf:70:f2:
38:81:43:49:19:db:a9:50:0b:96:0b:08:cc:54:aa:
68:ce:54:39:a2:c5:5b:ba:b5:08:0e:aa:19:7b:11:
95:37:3c:a9:90:83:6d:31:98:28:43:07:2d:15:e4:
5f:11:49:d6:9d:a6:42:de:d7:62:c1:5b:1a:90:18:
e6:25:20:18:b6:3a:af:25:36:c0:32:33:e8:78:06:
33:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:20:C0:77:AD:CD:9C:A2:C3:3B:F7:53:78:8D:F2:CC:37:B0:0B:52
X509v3 Authority Key Identifier:
keyid:B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/riDAd63NnKLDO_dTeI3yzDewC1I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/tZvm7lSfM1xyhJennxRBA06FLDU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.109.164.0/22
195.137.172.0/24
IPv6:
2a06:5100::/29
Signature Algorithm: sha256WithRSAEncryption
26:71:d0:92:0b:76:ed:b8:44:4c:d8:61:1e:a3:85:eb:6c:53:
98:eb:68:fe:c9:d3:11:30:da:fa:e7:69:87:29:ec:6a:7e:1c:
f7:ce:4a:f0:1f:87:9a:93:ed:56:bf:49:e3:b1:d9:5f:2d:b9:
b3:5f:f5:ac:10:18:4d:39:ad:88:2e:86:e0:9f:f4:07:c1:b5:
b8:82:32:38:62:1f:74:35:ba:55:b8:4b:04:aa:6c:ee:9b:56:
ad:3b:a4:00:d4:b1:92:5f:dc:c9:cb:96:f7:52:6f:25:b0:88:
fb:07:7d:9d:a0:fa:54:2b:20:43:67:21:80:70:ab:8b:ff:b3:
67:a0:ed:03:54:df:31:5c:b9:b2:f6:7f:87:34:82:3e:36:45:
6e:01:4a:56:f4:f1:ad:1d:60:5e:ee:19:ac:7a:9c:9f:a9:5c:
a4:d3:a4:6e:f6:b9:57:53:40:b6:5c:95:18:51:47:4c:26:0d:
23:13:92:af:f7:42:2f:ae:e9:32:de:48:20:f3:d5:d3:4b:08:
67:5f:4b:de:b4:da:37:ce:bd:b1:7c:2f:e3:04:1d:40:c4:41:
4b:3c:38:57:5d:f4:5c:94:8b:ff:b2:c0:01:d5:df:ab:1d:ee:
28:dd:40:39:97:31:c4:a3:13:47:65:7b:54:60:94:3d:8f:3a:
40:c0:ff:4a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtpKggW5V378OqcgcTpAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OWJlNmVlNTQ5ZjMzNWM3Mjg0OTdhNzlmMTQ0MTAzNGU4
NTJjMzUwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTIwYzA3N2FkY2Q5Y2EyYzMzYmY3NTM3ODhkZjJjYzM3YjAwYjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzDlaK805ptRIJ3QJ18DRYFyaKj0
XxGP/jVO21xdX9QmLZeJ/WzaySmanCM8KhuphOhi/78ItEBo+8aYb582lfuIhrDW
m+MTeCRbD6PfCpIaWh1o9AIZPz/vMkgMRKpnIjm9TOiH7uQwWWeoPeY6aHHZxT2B
sPmYIgaib7WSbsF93f4ptfIhYrMbESwotraCSjIigY5bSWGt7xGuO3Ks0DhZX9bT
D0kYBGgiiXo9mVa/cPI4gUNJGdupUAuWCwjMVKpozlQ5osVburUIDqoZexGVNzyp
kINtMZgoQwctFeRfEUnWnaZC3tdiwVsakBjmJSAYtjqvJTbAMjPoeAYz6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK4gwHetzZyiwzv3U3iN8sw3sAtSMB8GA1UdIwQY
MBaAFLWb5u5UnzNccoSXp58UQQNOhSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTct
ZjNjODg3MjgxZWJhLzEvcmlEQWQ2M05uS0xET19kVGVJM3l6RGV3QzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTctZjNjODg3MjgxZWJh
LzEvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuW2kAwQA
w4msMA0EAgACMAcDBQMqBlEAMA0GCSqGSIb3DQEBCwUAA4IBAQAmcdCSC3btuERM
2GEeo4XrbFOY62j+ydMRMNr652mHKexqfhz3zkrwH4eak+1Wv0njsdlfLbmzX/Ws
EBhNOa2ILobgn/QHwbW4gjI4Yh90NbpVuEsEqmzum1atO6QA1LGSX9zJy5b3Um8l
sIj7B32doPpUKyBDZyGAcKuL/7NnoO0DVN8xXLmy9n+HNII+NkVuAUpW9PGtHWBe
7hmsepyfqVyk06Ru9rlXU0C2XJUYUUdMJg0jE5Kv90Ivruky3kgg89XTSwhnX0ve
tNo3zr2xfC/jBB1AxEFLPDhXXfRclIv/ssAB1d+rHe4o3UA5lzHEoxNHZXtUYJQ9
jzpAwP9K
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:36 2025 by rpki-client