Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/rdtAQWG7MTqRv-qaUn52-COJUpE.roa
File: rdtAQWG7MTqRv-qaUn52-COJUpE.roa (raw, json)
Hash identifier: XnpWt3IETG342p01/tZL2HfpTAnE29JW5qUs7grI3hc=
Subject key identifier: AD:DB:40:41:61:BB:31:3A:91:BF:EA:9A:52:7E:76:F8:23:89:52:91
Certificate issuer: /CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Certificate serial: 0194258FC99368C399087583E092ABBCE420
Authority key identifier: 65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/rdtAQWG7MTqRv-qaUn52-COJUpE.roa
Signing time: Thu 02 Jan 2025 05:49:27 +0000
ROA not before: Thu 02 Jan 2025 05:49:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56510
IP address blocks: 91.235.174.0/24 maxlen: 24
185.38.103.0/24 maxlen: 24
188.227.204.0/22 maxlen: 22
195.69.225.0/24 maxlen: 24
195.88.202.0/23 maxlen: 23
2a02:7f84::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:c9:93:68:c3:99:08:75:83:e0:92:ab:bc:e4:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Validity
Not Before: Jan 2 05:49:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=addb404161bb313a91bfea9a527e76f823895291
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:2c:90:bb:85:61:6c:4f:d9:72:63:81:31:c2:
b1:4c:17:9f:e1:00:83:f4:a5:72:7a:41:a2:8d:4f:
14:70:11:3f:ce:14:a8:e5:e0:d5:68:2c:b8:97:b7:
4a:d9:cd:61:79:6a:00:47:43:b4:7d:42:24:06:24:
8d:b0:a7:5c:35:bd:1f:85:58:18:e9:7b:d2:12:d4:
79:96:72:4c:2d:e3:87:41:c8:2d:eb:0c:aa:34:5b:
42:d9:1b:10:86:16:9b:2e:17:92:7a:db:a1:30:98:
be:9c:18:50:79:49:3d:75:d5:db:1e:60:ad:c5:c3:
a5:b6:d6:50:bd:91:f3:dc:c7:3d:da:73:b8:81:f7:
30:ce:78:34:e3:94:38:b9:8b:24:b7:6f:b0:9c:21:
e9:50:16:c8:c3:ca:b4:d6:e5:57:bc:e8:ff:ba:b0:
b0:cd:af:4c:40:0e:d8:b3:73:14:25:e4:fa:76:34:
50:07:84:4a:de:59:c4:3c:54:8b:87:8d:e0:30:20:
cc:0f:e8:fa:78:22:e9:4e:e6:c0:44:d3:69:f7:0e:
92:b0:50:40:79:04:41:78:07:5c:0a:7f:58:01:bc:
b9:5f:e9:17:ed:e9:ed:4b:28:a9:35:7c:a2:a1:2d:
35:89:62:33:3d:e9:4a:24:e7:1c:56:84:d0:a4:fa:
1b:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:DB:40:41:61:BB:31:3A:91:BF:EA:9A:52:7E:76:F8:23:89:52:91
X509v3 Authority Key Identifier:
keyid:65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/rdtAQWG7MTqRv-qaUn52-COJUpE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/ZboV1Huk9EgnZEctjZcUah67v4Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.235.174.0/24
185.38.103.0/24
188.227.204.0/22
195.69.225.0/24
195.88.202.0/23
IPv6:
2a02:7f84::/30
Signature Algorithm: sha256WithRSAEncryption
cb:3f:9a:e9:6e:99:83:8d:3d:f3:e3:4a:95:2d:cd:1f:03:d9:
cb:21:77:ea:b4:62:07:5f:48:d0:e1:93:0c:03:66:c9:76:4e:
0e:84:3a:7a:21:70:e3:06:6c:b4:07:6f:88:e8:40:a3:65:0d:
c4:ca:a7:d6:fe:40:ea:2c:aa:64:40:2e:23:75:bf:85:7d:d5:
9c:98:72:6e:dd:5c:4a:91:a2:e5:b4:20:92:86:cd:a0:a2:ca:
c0:d8:56:7e:23:98:94:f9:bf:68:77:37:fa:aa:d5:37:a3:f9:
fe:5d:74:9b:75:ca:49:65:90:55:3e:c6:91:97:4a:86:1f:cc:
f8:b0:01:b9:47:c5:9a:b4:8b:75:c6:30:53:b7:41:a5:d2:4f:
7a:37:32:76:bf:7e:88:98:c3:91:7a:83:99:cb:38:ae:e1:26:
54:31:17:5a:bd:23:d2:df:65:e2:9d:a5:d2:51:72:e2:db:f3:
3a:27:ea:52:6c:04:87:23:d0:11:4e:53:c1:c0:e6:98:f9:f6:
04:21:ad:f0:f0:d1:e8:64:3a:b9:5b:61:d6:e4:df:20:67:d4:
1e:a9:a7:73:0c:0b:b8:64:1f:e4:78:70:a1:41:2f:8b:8e:5b:
58:bd:3a:bb:46:6d:14:07:9a:e1:71:5c:07:67:d9:23:18:fa:
66:5f:65:74
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQlj8mTaMOZCHWD4JKrvOQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmExNWQ0N2JhNGY0NDgyNzY0NDcyZDhkOTcxNDZhMWVi
YmJmODYwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGRiNDA0MTYxYmIzMTNhOTFiZmVhOWE1MjdlNzZmODIzODk1MjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSyQu4VhbE/ZcmOBMcKxTBef4QCD
9KVyekGijU8UcBE/zhSo5eDVaCy4l7dK2c1heWoAR0O0fUIkBiSNsKdcNb0fhVgY
6XvSEtR5lnJMLeOHQcgt6wyqNFtC2RsQhhabLheSetuhMJi+nBhQeUk9ddXbHmCt
xcOlttZQvZHz3Mc92nO4gfcwzng045Q4uYskt2+wnCHpUBbIw8q01uVXvOj/urCw
za9MQA7Ys3MUJeT6djRQB4RK3lnEPFSLh43gMCDMD+j6eCLpTubARNNp9w6SsFBA
eQRBeAdcCn9YAby5X+kX7entSyipNXyioS01iWIzPelKJOccVoTQpPobawIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFK3bQEFhuzE6kb/qmlJ+dvgjiVKRMB8GA1UdIwQY
MBaAFGW6FdR7pPRIJ2RHLY2XFGoeu7+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAt
ZmUzYjkxOGMzMDk3LzEvcmR0QVFXRzdNVHFSdi1xYVVuNTItQ09KVXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAtZmUzYjkxOGMzMDk3
LzEvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW+uuAwQA
uSZnAwQCvOPMAwQAw0XhAwQBw1jKMA0EAgACMAcDBQIqAn+EMA0GCSqGSIb3DQEB
CwUAA4IBAQDLP5rpbpmDjT3z40qVLc0fA9nLIXfqtGIHX0jQ4ZMMA2bJdk4OhDp6
IXDjBmy0B2+I6ECjZQ3EyqfW/kDqLKpkQC4jdb+FfdWcmHJu3VxKkaLltCCShs2g
osrA2FZ+I5iU+b9odzf6qtU3o/n+XXSbdcpJZZBVPsaRl0qGH8z4sAG5R8WatIt1
xjBTt0Gl0k96NzJ2v36ImMOReoOZyziu4SZUMRdavSPS32XinaXSUXLi2/M6J+pS
bASHI9ARTlPBwOaY+fYEIa3w8NHoZDq5W2HW5N8gZ9QeqadzDAu4ZB/keHChQS+L
jltYvTq7Rm0UB5rhcVwHZ9kjGPpmX2V0
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:38:00 2025 by rpki-client