Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/erMOI2D6hS6RCbX38mucF4N-vYo.roa
File: erMOI2D6hS6RCbX38mucF4N-vYo.roa (raw, json)
Hash identifier: 7ODVipg/s/62SH59sbMzRs57RZ4H5WQT0gG4zCOd0QA=
Subject key identifier: 7A:B3:0E:23:60:FA:85:2E:91:09:B5:F7:F2:6B:9C:17:83:7E:BD:8A
Certificate issuer: /CN=cd0932bdb61085c76dd645c1e76eb71117547b93
Certificate serial: 1D8A02
Authority key identifier: CD:09:32:BD:B6:10:85:C7:6D:D6:45:C1:E7:6E:B7:11:17:54:7B:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zQkyvbYQhcdt1kXB5263ERdUe5M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/erMOI2D6hS6RCbX38mucF4N-vYo.roa
Signing time: Sat 01 Jan 2022 00:53:48 +0000
ROA not before: Sat 01 Jan 2022 00:53:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 30779
IP address blocks: 88.135.224.0/19 maxlen: 19
193.19.74.0/23 maxlen: 23
193.34.20.0/22 maxlen: 22
176.100.160.0/19 maxlen: 19
2001:67c:203c::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1935874 (0x1d8a02)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd0932bdb61085c76dd645c1e76eb71117547b93
Validity
Not Before: Jan 1 00:53:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7ab30e2360fa852e9109b5f7f26b9c17837ebd8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c6:00:d1:f7:28:83:4a:8d:d6:95:8b:27:02:
a9:95:44:82:12:95:ac:31:46:f8:18:94:81:2a:51:
6e:1c:97:af:6f:ef:bc:c3:12:bf:a8:f0:1b:dd:e0:
06:9f:58:a5:94:1e:07:32:85:3f:06:3e:67:87:bd:
9d:86:d1:35:c8:7b:0e:44:fc:dc:59:6a:f8:d3:90:
f4:c7:c1:37:4c:8c:15:89:d3:ec:50:dc:0d:62:c0:
9b:aa:73:d3:4f:d6:15:78:2d:71:bf:ba:81:e2:0c:
74:b0:5f:0e:c6:74:ac:61:45:c0:07:f5:a9:de:1a:
01:53:8a:46:8c:4e:00:2b:b7:92:d2:2d:6a:78:4b:
9d:ac:61:58:5e:39:79:95:d8:14:d8:ff:f5:8a:17:
b1:ba:30:b8:8c:16:d0:6d:21:62:03:0d:b5:ff:c5:
1d:76:55:b0:63:8d:ae:f7:77:83:0c:1b:61:4b:cb:
6e:53:16:72:5a:85:e0:55:7e:c0:95:30:98:5b:2e:
37:7e:4e:73:5a:dd:a5:1e:2e:1d:56:ce:1a:03:36:
ae:77:4b:22:76:88:f8:44:ac:10:9f:c3:1e:74:99:
2e:15:93:27:ac:9e:fc:09:20:d8:4a:4d:f5:9f:34:
8f:b4:ab:34:a6:b2:d8:e4:fa:d3:09:9e:7f:cb:d7:
3c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:B3:0E:23:60:FA:85:2E:91:09:B5:F7:F2:6B:9C:17:83:7E:BD:8A
X509v3 Authority Key Identifier:
keyid:CD:09:32:BD:B6:10:85:C7:6D:D6:45:C1:E7:6E:B7:11:17:54:7B:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQkyvbYQhcdt1kXB5263ERdUe5M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/erMOI2D6hS6RCbX38mucF4N-vYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0a8b1f-ca72-4eda-a717-482c86db2040/1/zQkyvbYQhcdt1kXB5263ERdUe5M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.135.224.0/19
176.100.160.0/19
193.19.74.0/23
193.34.20.0/22
IPv6:
2001:67c:203c::/48
Signature Algorithm: sha256WithRSAEncryption
bd:c0:22:64:cb:57:64:44:77:14:ae:2b:09:80:60:86:d7:fe:
6f:b0:e7:0c:0c:15:d7:eb:da:d2:56:ff:a4:be:ba:86:5f:a6:
43:de:56:5c:ef:80:c4:01:41:0c:54:8e:6d:7f:fb:74:4f:d6:
b4:4c:22:fb:29:c2:79:ea:6f:65:e5:88:7d:01:ac:c3:27:da:
04:bd:16:fc:e1:e7:4f:59:8d:b7:82:26:79:f9:68:76:bc:41:
72:c2:ee:b9:90:b1:34:39:f7:f9:78:11:5e:66:07:d5:a6:36:
69:19:e4:4b:56:d5:a6:0c:a8:97:24:b4:f9:c9:e7:2f:ce:f8:
62:85:15:d8:f4:24:b1:99:6d:57:ec:34:83:ed:9a:2e:e8:70:
aa:1c:0d:4d:3e:a2:08:1c:c8:38:c4:e7:23:c7:78:04:6e:51:
e7:34:95:1d:6f:4f:9f:8d:bb:fd:75:ee:2f:7b:6c:dd:94:2d:
30:da:53:2b:2b:59:b0:02:c2:8f:e3:c5:49:5e:76:39:62:98:
fe:d2:1c:2f:39:09:ff:65:b2:67:71:65:80:00:5c:fd:b2:e8:
3d:f8:88:b4:08:a6:25:52:c6:a7:0c:64:94:1e:76:f4:65:33:
ee:07:17:b1:97:fb:29:07:84:0c:82:c9:5d:88:c9:fa:c6:45:
19:1b:d2:c0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIDHYoCMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNk
MDkzMmJkYjYxMDg1Yzc2ZGQ2NDVjMWU3NmViNzExMTc1NDdiOTMwHhcNMjIwMTAx
MDA1MzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3YWIzMGUyMzYwZmE4
NTJlOTEwOWI1ZjdmMjZiOWMxNzgzN2ViZDhhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmMYA0fcog0qN1pWLJwKplUSCEpWsMUb4GJSBKlFuHJevb++8
wxK/qPAb3eAGn1illB4HMoU/Bj5nh72dhtE1yHsORPzcWWr405D0x8E3TIwVidPs
UNwNYsCbqnPTT9YVeC1xv7qB4gx0sF8OxnSsYUXAB/Wp3hoBU4pGjE4AK7eS0i1q
eEudrGFYXjl5ldgU2P/1ihexujC4jBbQbSFiAw21/8UddlWwY42u93eDDBthS8tu
UxZyWoXgVX7AlTCYWy43fk5zWt2lHi4dVs4aAzaud0sidoj4RKwQn8MedJkuFZMn
rJ78CSDYSk31nzSPtKs0prLY5PrTCZ5/y9c8MQIDAQABo4ICLDCCAigwHQYDVR0O
BBYEFHqzDiNg+oUukQm19/JrnBeDfr2KMB8GA1UdIwQYMBaAFM0JMr22EIXHbdZF
wedutxEXVHuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
elFreXZiWVFoY2R0MWtYQjUyNjNFUmRVZTVNLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC85MS8wYThiMWYtY2E3Mi00ZWRhLWE3MTctNDgyYzg2ZGIyMDQwLzEv
ZXJNT0kyRDZoUzZSQ2JYMzhtdWNGNE4tdllvLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8w
YThiMWYtY2E3Mi00ZWRhLWE3MTctNDgyYzg2ZGIyMDQwLzEvelFreXZiWVFoY2R0
MWtYQjUyNjNFUmRVZTVNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEIG
CCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQFWIfgAwQFsGSgAwQBwRNKAwQCwSIU
MA8EAgACMAkDBwAgAQZ8IDwwDQYJKoZIhvcNAQELBQADggEBAL3AImTLV2REdxSu
KwmAYIbX/m+w5wwMFdfr2tJW/6S+uoZfpkPeVlzvgMQBQQxUjm1/+3RP1rRMIvsp
wnnqb2XliH0BrMMn2gS9Fvzh509ZjbeCJnn5aHa8QXLC7rmQsTQ59/l4EV5mB9Wm
NmkZ5EtW1aYMqJcktPnJ5y/O+GKFFdj0JLGZbVfsNIPtmi7ocKocDU0+oggcyDjE
5yPHeARuUec0lR1vT5+Nu/117i97bN2ULTDaUysrWbACwo/jxUledjlimP7SHC85
Cf9lsmdxZYAAXP2y6D34iLQIpiVSxqcMZJQedvRlM+4HF7GX+ykHhAyCyV2IyfrG
RRkb0sA=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:03:52 2025 by rpki-client