Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/rRKNttCryCxJqaN5R9OHYQucMkw.roa
File: rRKNttCryCxJqaN5R9OHYQucMkw.roa (raw, json)
Hash identifier: dgQXPTar5MRRByylL4cR3gvkPSw1Sp94eB6iRKG0GnY=
Subject key identifier: AD:12:8D:B6:D0:AB:C8:2C:49:A9:A3:79:47:D3:87:61:0B:9C:32:4C
Certificate issuer: /CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Certificate serial: 0189F81F711276D3FB326C4B5C9FD6466E59
Authority key identifier: 35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/rRKNttCryCxJqaN5R9OHYQucMkw.roa
Signing time: Tue 15 Aug 2023 07:35:57 +0000
ROA not before: Tue 15 Aug 2023 07:35:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34513
IP address blocks: 85.198.28.0/24 maxlen: 24
85.198.29.0/24 maxlen: 24
85.198.0.0/24 maxlen: 24
85.198.1.0/24 maxlen: 24
85.198.2.0/24 maxlen: 24
85.198.3.0/24 maxlen: 24
85.198.4.0/24 maxlen: 24
85.198.7.0/24 maxlen: 24
85.198.5.0/24 maxlen: 24
85.198.6.0/24 maxlen: 24
78.110.124.0/24 maxlen: 24
78.110.125.0/24 maxlen: 24
78.110.126.0/24 maxlen: 24
78.110.127.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f8:1f:71:12:76:d3:fb:32:6c:4b:5c:9f:d6:46:6e:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Validity
Not Before: Aug 15 07:35:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ad128db6d0abc82c49a9a37947d387610b9c324c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ab:4a:df:30:4d:ef:ca:67:50:10:c3:ee:49:
81:7a:7e:e4:eb:92:eb:63:6f:8c:d5:dd:df:f3:77:
af:38:f3:22:5e:c7:bf:fc:9e:12:ad:6b:64:3f:cb:
e4:ee:de:73:23:e9:2c:31:1f:ab:06:6f:63:75:d1:
f3:dd:7d:c1:f7:b9:5a:1e:83:06:1e:84:c5:bb:b9:
53:a6:ec:12:8d:06:67:7b:ed:0b:c4:6c:a5:2a:f1:
4b:d4:1e:71:76:08:0f:e7:32:9f:16:bf:6a:9d:9a:
aa:57:c1:13:47:02:75:c4:7c:9e:22:3b:a8:82:da:
db:a1:ce:ff:d9:08:95:4f:38:67:a3:c6:00:3b:87:
2e:ad:15:79:51:9c:f0:7d:f7:06:1c:96:4b:45:f2:
cf:f4:93:8c:d5:1e:3c:a3:66:9d:76:56:c9:80:95:
bf:48:2e:16:c8:7f:2a:c8:d9:43:52:ce:1e:a8:9c:
46:6a:2e:85:c0:be:a6:d2:16:89:aa:44:9f:c1:84:
e7:c7:ac:c9:45:4f:fe:e5:98:94:11:3b:db:74:fd:
12:bb:a5:86:18:c0:0b:cf:40:66:eb:c9:63:50:39:
14:6c:11:68:02:9c:88:30:c2:53:e7:a2:86:93:ef:
ac:e9:cc:1c:60:ae:88:0e:2c:88:b2:cf:98:4f:a7:
56:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:12:8D:B6:D0:AB:C8:2C:49:A9:A3:79:47:D3:87:61:0B:9C:32:4C
X509v3 Authority Key Identifier:
keyid:35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/rRKNttCryCxJqaN5R9OHYQucMkw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/NXMLuLJiPn9lphY2BNHIX5EGKI8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.110.124.0/22
85.198.0.0/21
85.198.28.0/23
Signature Algorithm: sha256WithRSAEncryption
a8:6d:87:85:00:d2:cf:93:cf:f0:7c:6c:eb:3f:02:07:db:95:
65:35:ca:52:4c:19:d9:f2:0a:2b:b8:b4:8a:b4:4b:5a:36:f6:
70:c9:84:32:05:fb:b5:3e:c0:d8:05:24:55:5c:8d:40:7f:11:
e4:10:1e:74:22:32:a6:0b:69:51:1b:95:55:14:1a:bc:da:c2:
a4:9d:1a:49:e3:7c:67:63:66:e4:2c:4f:07:3f:ad:33:76:c8:
0b:a0:2b:22:96:0d:19:1f:d6:f2:e0:df:50:e3:26:7e:e2:19:
19:ed:cb:0a:71:1f:00:07:f0:3b:fe:0e:e3:6f:eb:76:78:a0:
92:85:e8:54:a1:d7:f9:95:44:1b:f8:dc:d5:83:80:a0:0f:ac:
ad:ad:d0:c4:8b:49:41:f9:0b:9a:96:8a:a9:fc:35:fe:29:ff:
8a:d6:fc:e8:f7:58:8f:b7:c0:32:c3:02:a8:28:8c:30:fa:06:
d8:5b:2a:a8:ec:d4:ef:3c:c6:c1:99:77:87:e4:e1:c4:1c:07:
e3:0d:f8:bb:8a:d8:0f:4e:9b:59:79:77:f3:9b:fa:52:0b:cb:
b4:11:7e:4a:df:3a:a5:97:0d:a6:45:7e:f7:2c:41:17:6b:51:
9b:3b:2f:2b:d9:64:df:da:9e:13:80:ec:5a:6a:e4:7e:7c:41:
f3:08:89:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYn4H3ESdtP7MmxLXJ/WRm5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NzMwYmI4YjI2MjNlN2Y2NWE2MTYzNjA0ZDFjODVmOTEw
NjI4OGYwHhcNMjMwODE1MDczNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDEyOGRiNmQwYWJjODJjNDlhOWEzNzk0N2QzODc2MTBiOWMzMjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6tK3zBN78pnUBDD7kmBen7k65Lr
Y2+M1d3f83evOPMiXse//J4SrWtkP8vk7t5zI+ksMR+rBm9jddHz3X3B97laHoMG
HoTFu7lTpuwSjQZne+0LxGylKvFL1B5xdggP5zKfFr9qnZqqV8ETRwJ1xHyeIjuo
gtrboc7/2QiVTzhno8YAO4curRV5UZzwffcGHJZLRfLP9JOM1R48o2addlbJgJW/
SC4WyH8qyNlDUs4eqJxGai6FwL6m0haJqkSfwYTnx6zJRU/+5ZiUETvbdP0Su6WG
GMALz0Bm68ljUDkUbBFoApyIMMJT56KGk++s6cwcYK6IDiyIss+YT6dWDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK0SjbbQq8gsSamjeUfTh2ELnDJMMB8GA1UdIwQY
MBaAFDVzC7iyYj5/ZaYWNgTRyF+RBiiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2Mt
M2E0ZGZmOGU4ZGVkLzEvclJLTnR0Q3J5Q3hKcWFONVI5T0hZUXVjTWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2MtM2E0ZGZmOGU4ZGVk
LzEvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCTm58AwQD
VcYAAwQBVcYcMA0GCSqGSIb3DQEBCwUAA4IBAQCobYeFANLPk8/wfGzrPwIH25Vl
NcpSTBnZ8goruLSKtEtaNvZwyYQyBfu1PsDYBSRVXI1AfxHkEB50IjKmC2lRG5VV
FBq82sKknRpJ43xnY2bkLE8HP60zdsgLoCsilg0ZH9by4N9Q4yZ+4hkZ7csKcR8A
B/A7/g7jb+t2eKCShehUodf5lUQb+NzVg4CgD6ytrdDEi0lB+Qualoqp/DX+Kf+K
1vzo91iPt8AywwKoKIww+gbYWyqo7NTvPMbBmXeH5OHEHAfjDfi7itgPTptZeXfz
m/pSC8u0EX5K3zqllw2mRX73LEEXa1GbOy8r2WTf2p4TgOxaauR+fEHzCIlO
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:18 2025 by rpki-client