Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/3s6QVuDDVYZAXGMs3jQjJCpTOM4.roa
File: 3s6QVuDDVYZAXGMs3jQjJCpTOM4.roa (raw, json)
Hash identifier: S8hu2uT3dm+6T5y8xlGcjeM+UFnt2QzYCcnfUUEfX5c=
Subject key identifier: DE:CE:90:56:E0:C3:55:86:40:5C:63:2C:DE:34:23:24:2A:53:38:CE
Certificate issuer: /CN=e94978779e930e01fbfe7e0c5fcb41611129d4e8
Certificate serial: 0C9B25A3
Authority key identifier: E9:49:78:77:9E:93:0E:01:FB:FE:7E:0C:5F:CB:41:61:11:29:D4:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6Ul4d56TDgH7_n4MX8tBYREp1Og.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/3s6QVuDDVYZAXGMs3jQjJCpTOM4.roa
Signing time: Sun 13 Mar 2022 17:48:20 +0000
ROA not before: Sun 13 Mar 2022 17:48:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49801
IP address blocks: 78.111.0.0/21 maxlen: 21
87.247.172.0/23 maxlen: 23
87.247.168.0/21 maxlen: 21
87.247.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 211494307 (0xc9b25a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e94978779e930e01fbfe7e0c5fcb41611129d4e8
Validity
Not Before: Mar 13 17:48:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dece9056e0c35586405c632cde3423242a5338ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:ee:42:24:6d:55:99:ae:ed:b7:3c:4b:d7:0a:
fc:a1:27:ae:82:8e:56:33:a2:31:f2:a8:7a:c7:dc:
fa:37:d3:e6:af:41:21:51:96:b2:6f:59:3a:35:73:
54:68:57:b1:07:12:98:4d:96:13:70:b1:3b:66:23:
1d:f4:cd:0a:52:79:f3:56:c6:44:3b:a1:96:d4:61:
86:bb:27:f5:33:b8:84:81:67:4f:41:58:17:ff:36:
f6:7c:ed:21:96:35:5b:7c:4c:a7:d2:b5:fb:80:c2:
52:bd:20:04:74:30:ef:ba:db:e7:1d:d7:70:fa:67:
6b:79:38:23:29:35:19:ad:57:bb:f0:16:b7:d0:02:
b5:39:c1:93:ae:95:b7:75:26:85:81:86:f4:04:20:
31:7e:23:78:d6:66:4a:3f:04:72:a5:dd:a5:1f:cd:
af:df:e3:1e:cf:56:77:cc:6f:85:3e:a6:e4:8e:56:
50:b6:34:d4:ee:e2:7d:1f:6c:e3:58:02:2a:99:d4:
72:97:99:42:5f:2e:54:02:ed:f9:16:73:c6:35:da:
b7:a8:05:57:f0:b2:1a:5f:45:cd:2c:e0:d1:75:39:
57:8c:50:16:00:d0:b1:7c:25:e1:18:63:8c:d3:22:
c8:1d:f0:e5:76:e8:a8:50:8e:dc:da:43:83:dd:70:
7b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:CE:90:56:E0:C3:55:86:40:5C:63:2C:DE:34:23:24:2A:53:38:CE
X509v3 Authority Key Identifier:
keyid:E9:49:78:77:9E:93:0E:01:FB:FE:7E:0C:5F:CB:41:61:11:29:D4:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Ul4d56TDgH7_n4MX8tBYREp1Og.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/3s6QVuDDVYZAXGMs3jQjJCpTOM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/6Ul4d56TDgH7_n4MX8tBYREp1Og.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.111.0.0/21
87.247.168.0/21
Signature Algorithm: sha256WithRSAEncryption
72:51:09:71:bf:fc:83:db:76:87:4e:d9:fb:65:e4:7c:f1:92:
e6:45:44:8c:04:f4:84:59:bc:3d:d9:38:de:56:84:f0:ca:cb:
32:b8:84:cb:71:63:e7:dc:0d:70:e0:6b:58:01:bf:69:bb:3f:
7f:2e:96:da:1d:66:ae:5c:f1:f1:b5:45:2e:d6:8e:8d:1b:ed:
6c:5d:e9:a4:97:23:d7:3a:b8:a3:8e:14:ba:19:83:7f:8a:74:
c2:2c:f0:3f:ba:76:5c:06:f5:27:5f:84:a2:aa:2f:3f:fc:97:
f1:57:34:5e:b7:bf:8b:5b:ee:dd:7c:25:20:b2:e0:42:00:a8:
d7:c4:2b:02:08:e3:2a:db:72:81:65:cf:88:b8:90:39:88:2b:
85:f3:16:20:4e:d3:5d:03:7f:14:0d:bd:08:50:09:c6:82:18:
c1:be:ea:c8:40:0a:dc:34:6c:7d:70:a9:0f:02:4d:fc:57:d9:
c5:57:4b:5a:e9:3a:21:77:b8:d5:b4:ff:83:e2:d9:0c:44:64:
e6:20:2d:fa:17:79:bd:45:2e:63:bb:4e:9a:4d:03:a1:6c:28:
b2:f2:f2:ed:9e:0d:dd:3d:f5:db:dd:d9:77:94:0f:96:a8:2c:
37:e1:2b:1b:37:fb:9e:ac:fd:14:bd:75:63:6c:9c:d5:9d:b4:
97:f1:55:a5
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEDJslozANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
OTQ5Nzg3NzllOTMwZTAxZmJmZTdlMGM1ZmNiNDE2MTExMjlkNGU4MB4XDTIyMDMx
MzE3NDgyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGVjZTkwNTZlMGMz
NTU4NjQwNWM2MzJjZGUzNDIzMjQyYTUzMzhjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPTuQiRtVZmu7bc8S9cK/KEnroKOVjOiMfKoesfc+jfT5q9B
IVGWsm9ZOjVzVGhXsQcSmE2WE3CxO2YjHfTNClJ581bGRDuhltRhhrsn9TO4hIFn
T0FYF/829nztIZY1W3xMp9K1+4DCUr0gBHQw77rb5x3XcPpna3k4Iyk1Ga1Xu/AW
t9ACtTnBk66Vt3UmhYGG9AQgMX4jeNZmSj8EcqXdpR/Nr9/jHs9Wd8xvhT6m5I5W
ULY01O7ifR9s41gCKpnUcpeZQl8uVALt+RZzxjXat6gFV/CyGl9FzSzg0XU5V4xQ
FgDQsXwl4RhjjNMiyB3w5XboqFCO3NpDg91wewUCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTezpBW4MNVhkBcYyzeNCMkKlM4zjAfBgNVHSMEGDAWgBTpSXh3npMOAfv+
fgxfy0FhESnU6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZVbDRkNTZURGdIN19uNE1YOHRCWVJFcDFPZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNzhkYjI5LWU0NmQtNDFmNC04N2M3LTk1YzQyZTRhODRjMC8x
LzNzNlFWdUREVllaQVhHTXMzalFqSkNwVE9NNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NzhkYjI5LWU0NmQtNDFmNC04N2M3LTk1YzQyZTRhODRjMC8xLzZVbDRkNTZURGdI
N19uNE1YOHRCWVJFcDFPZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEA05vAAMEA1f3qDANBgkqhkiG9w0B
AQsFAAOCAQEAclEJcb/8g9t2h07Z+2XkfPGS5kVEjAT0hFm8Pdk43laE8MrLMriE
y3Fj59wNcOBrWAG/abs/fy6W2h1mrlzx8bVFLtaOjRvtbF3ppJcj1zq4o44UuhmD
f4p0wizwP7p2XAb1J1+EoqovP/yX8Vc0Xre/i1vu3XwlILLgQgCo18QrAgjjKtty
gWXPiLiQOYgrhfMWIE7TXQN/FA29CFAJxoIYwb7qyEAK3DRsfXCpDwJN/FfZxVdL
Wuk6IXe41bT/g+LZDERk5iAt+hd5vUUuY7tOmk0DoWwosvLy7Z4N3T31293Zd5QP
lqgsN+ErGzf7nqz9FL11Y2yc1Z20l/FVpQ==
-----END CERTIFICATE-----
Generated at Sun Apr 13 02:50:38 2025 by rpki-client