Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/3jJbVD898qj_PRhhbDuMbNzghBo.roa
File: 3jJbVD898qj_PRhhbDuMbNzghBo.roa (raw, json)
Hash identifier: xYC3+/4EQL+5s2lWGuVbOux88XGBy1TwL1l1lnyS/8g=
Subject key identifier: DE:32:5B:54:3F:3D:F2:A8:FF:3D:18:61:6C:3B:8C:6C:DC:E0:84:1A
Certificate issuer: /CN=6987d47935e1137d544426db5288e12a9c025ac2
Certificate serial: 01857039A7A0E5169F6F97C4CD8BB3E1C199
Authority key identifier: 69:87:D4:79:35:E1:13:7D:54:44:26:DB:52:88:E1:2A:9C:02:5A:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aYfUeTXhE31URCbbUojhKpwCWsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/3jJbVD898qj_PRhhbDuMbNzghBo.roa
Signing time: Mon 02 Jan 2023 02:05:04 +0000
ROA not before: Mon 02 Jan 2023 02:05:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16509
IP address blocks: 185.44.176.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:a7:a0:e5:16:9f:6f:97:c4:cd:8b:b3:e1:c1:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6987d47935e1137d544426db5288e12a9c025ac2
Validity
Not Before: Jan 2 02:05:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=de325b543f3df2a8ff3d18616c3b8c6cdce0841a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:8a:89:06:79:f5:85:c5:8a:4e:4f:28:f4:39:
b5:e0:94:2f:66:bb:68:08:78:d0:df:d2:98:66:99:
94:d4:50:f7:94:d6:c6:0c:d3:6e:a0:94:99:1f:64:
10:96:a0:98:4a:da:85:5a:3e:01:b4:1a:76:ed:45:
51:8f:cd:0f:87:d9:55:ce:41:7e:e9:70:63:0d:66:
35:57:b0:5e:ca:e2:db:d9:b2:97:94:9f:bd:19:a8:
7e:be:59:d7:69:22:6c:c4:4c:f4:26:5b:f0:ba:3d:
2a:41:98:0f:ae:4e:a5:99:96:13:c0:b6:e1:3c:ad:
d5:03:18:8b:6f:49:ea:a3:8c:c9:81:27:9d:d6:f1:
8c:25:60:bb:22:d2:45:31:a5:71:88:2c:5d:0b:15:
1c:b9:78:5b:85:b6:a1:fe:7c:28:bd:6b:7a:23:0c:
95:82:04:0d:5a:5c:c6:a1:64:8b:ac:d8:d1:58:32:
ed:50:ae:d9:d8:bc:e9:ff:34:65:9f:3a:78:5e:01:
42:2b:bb:9a:fb:10:27:4b:9d:db:b3:2e:ac:bb:29:
53:07:5e:6a:28:3c:58:c9:a8:89:0f:19:ac:8d:5c:
1e:00:8c:a3:e1:3d:71:d7:e8:18:50:13:3a:2a:28:
25:d4:36:38:e4:af:3c:fb:17:38:9c:e5:92:3d:fb:
97:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:32:5B:54:3F:3D:F2:A8:FF:3D:18:61:6C:3B:8C:6C:DC:E0:84:1A
X509v3 Authority Key Identifier:
keyid:69:87:D4:79:35:E1:13:7D:54:44:26:DB:52:88:E1:2A:9C:02:5A:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYfUeTXhE31URCbbUojhKpwCWsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/3jJbVD898qj_PRhhbDuMbNzghBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/aYfUeTXhE31URCbbUojhKpwCWsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.176.0/24
Signature Algorithm: sha256WithRSAEncryption
58:ec:c5:9a:23:b7:43:e9:a6:e0:69:8a:87:09:2f:a9:4c:f4:
0b:62:28:09:7e:c9:24:25:f7:dd:fb:c4:8f:0c:7f:ca:43:cc:
69:74:5c:62:ce:fa:8c:d9:17:26:88:79:b1:a3:03:6b:4b:58:
b9:55:d4:f9:51:39:5b:82:d4:03:57:38:7a:a3:5a:0d:b4:25:
5d:bd:c2:81:54:a5:78:5e:0c:33:f9:9d:a1:5c:16:bd:3d:7f:
24:5f:60:95:75:8f:41:dd:8f:60:9d:11:ba:d0:e0:0d:3e:c8:
6c:76:dc:6e:1b:d4:4d:51:8f:9b:aa:f5:c2:9d:ff:bd:3e:cf:
88:4e:9e:09:39:88:34:b9:7d:5c:92:47:bd:f2:f3:65:21:de:
63:47:27:4d:54:57:49:e5:97:d1:21:ce:85:a6:82:b5:48:6d:
ec:62:a2:99:b3:44:b4:96:94:90:f2:ac:6b:45:ce:90:17:c5:
0d:a3:a4:da:6b:8f:5d:99:c7:90:85:68:7f:51:12:b0:47:f9:
fb:ed:75:df:da:83:57:ae:97:6a:66:a3:a7:3a:25:33:6a:02:
9d:5c:83:f7:27:cd:12:da:e9:3a:8a:61:74:51:4a:af:c9:02:
b9:68:ca:60:6a:9f:79:c8:0f:fa:27:86:72:82:69:8c:f6:02:
d6:74:d1:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwOaeg5Rafb5fEzYuz4cGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODdkNDc5MzVlMTEzN2Q1NDQ0MjZkYjUyODhlMTJhOWMw
MjVhYzIwHhcNMjMwMTAyMDIwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTMyNWI1NDNmM2RmMmE4ZmYzZDE4NjE2YzNiOGM2Y2RjZTA4NDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIqJBnn1hcWKTk8o9Dm14JQvZrto
CHjQ39KYZpmU1FD3lNbGDNNuoJSZH2QQlqCYStqFWj4BtBp27UVRj80Ph9lVzkF+
6XBjDWY1V7BeyuLb2bKXlJ+9Gah+vlnXaSJsxEz0Jlvwuj0qQZgPrk6lmZYTwLbh
PK3VAxiLb0nqo4zJgSed1vGMJWC7ItJFMaVxiCxdCxUcuXhbhbah/nwovWt6IwyV
ggQNWlzGoWSLrNjRWDLtUK7Z2Lzp/zRlnzp4XgFCK7ua+xAnS53bsy6suylTB15q
KDxYyaiJDxmsjVweAIyj4T1x1+gYUBM6Kigl1DY45K88+xc4nOWSPfuXmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4yW1Q/PfKo/z0YYWw7jGzc4IQaMB8GA1UdIwQY
MBaAFGmH1Hk14RN9VEQm21KI4SqcAlrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlmVWVUWGhFMzFVUkNiYlVvamhLcHdDV3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8zMmQ3YWQtOGJmOS00Mjc0LTk1Zjgt
OWM5NTM1OTRkNmIxLzEvM2pKYlZEODk4cWpfUFJoaGJEdU1iTnpnaEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8zMmQ3YWQtOGJmOS00Mjc0LTk1ZjgtOWM5NTM1OTRkNmIx
LzEvYVlmVWVUWGhFMzFVUkNiYlVvamhLcHdDV3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSywMA0G
CSqGSIb3DQEBCwUAA4IBAQBY7MWaI7dD6abgaYqHCS+pTPQLYigJfskkJffd+8SP
DH/KQ8xpdFxizvqM2RcmiHmxowNrS1i5VdT5UTlbgtQDVzh6o1oNtCVdvcKBVKV4
Xgwz+Z2hXBa9PX8kX2CVdY9B3Y9gnRG60OANPshsdtxuG9RNUY+bqvXCnf+9Ps+I
Tp4JOYg0uX1ckke98vNlId5jRydNVFdJ5ZfRIc6FpoK1SG3sYqKZs0S0lpSQ8qxr
Rc6QF8UNo6Taa49dmceQhWh/URKwR/n77XXf2oNXrpdqZqOnOiUzagKdXIP3J80S
2uk6imF0UUqvyQK5aMpgap95yA/6J4ZygmmM9gLWdNGi
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:28:13 2025 by rpki-client