Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-DRFp3eJMePM36jaJZJ06HM_qCs.roa
File: 1-DRFp3eJMePM36jaJZJ06HM_qCs.roa (raw, json)
Hash identifier: zCjYXHbEgjUlmg18iTqjiqGyd8d0qb3jQZo/fT9m3Hk=
Subject key identifier: F8:34:45:A7:77:89:31:E3:CC:DF:A8:DA:25:92:74:E8:73:3F:A8:2B
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0193FD60C9FAE5571CAC3851B945AB83B010
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-DRFp3eJMePM36jaJZJ06HM_qCs.roa
Signing time: Wed 25 Dec 2024 10:33:19 +0000
ROA not before: Wed 25 Dec 2024 10:33:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.216.0/24 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:fd:60:c9:fa:e5:57:1c:ac:38:51:b9:45:ab:83:b0:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 25 10:33:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f83445a7778931e3ccdfa8da259274e8733fa82b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:f7:bb:6e:02:f7:e1:00:70:91:79:f0:03:bf:
25:f0:6d:5f:30:b8:c5:86:8c:d1:a6:c5:13:80:88:
71:a2:6e:4c:eb:dd:3b:1a:f1:e6:02:9b:05:fc:c5:
e4:36:b8:50:98:10:53:e2:69:62:95:47:34:e4:ed:
0b:1d:72:4f:fd:9c:7d:45:9b:55:0d:70:6f:6e:21:
be:cc:3f:fe:5a:cb:71:99:d6:2c:76:3e:68:08:0d:
2c:82:49:4e:aa:25:d1:fc:f8:f5:32:1e:3e:08:ad:
9e:98:55:4b:69:2b:62:49:3a:38:36:0a:72:21:38:
09:b2:64:a9:c8:e7:c2:00:e1:5c:7b:16:1e:f1:6e:
fc:34:5c:d4:be:66:f0:26:a3:5d:bf:75:b9:9e:17:
50:8f:80:bb:6c:d9:19:f7:be:c6:ea:b1:89:e7:87:
42:c8:a8:b5:ce:fd:ca:85:ac:21:99:d9:76:93:dd:
f2:89:91:b8:83:67:56:2d:29:4e:ac:53:d1:b6:be:
52:0b:56:8c:7d:27:88:26:75:c6:fd:46:10:9c:3d:
9c:56:a7:a4:eb:4e:4f:ad:0b:d8:68:8b:cb:a3:70:
c6:21:e7:34:95:82:29:9e:1d:2e:c3:1b:66:55:30:
27:5a:ff:76:4f:e8:8a:57:df:82:5f:42:2a:f7:51:
4b:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:34:45:A7:77:89:31:E3:CC:DF:A8:DA:25:92:74:E8:73:3F:A8:2B
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-DRFp3eJMePM36jaJZJ06HM_qCs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.216.0/24
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
39:66:f4:25:f3:8f:aa:ee:2a:76:91:02:c8:9b:e5:39:0b:a1:
3b:26:74:c1:6a:8c:b4:c1:4a:24:aa:b9:73:cb:20:ff:10:ce:
21:99:ed:2c:41:78:e2:67:7c:27:f4:9b:bb:27:29:dd:6e:78:
43:f9:bd:63:04:e3:74:7f:62:ce:ca:7f:12:b6:64:fd:1e:2f:
ca:25:0d:f9:57:52:d6:e9:25:26:51:f6:93:cc:d2:c1:1c:6f:
6b:3b:27:89:ce:5c:be:83:5a:25:60:68:0f:7c:7d:45:10:83:
30:c3:97:7d:b2:0a:df:65:8a:c0:d3:83:e3:47:af:b4:8d:a9:
20:6f:d4:16:0a:f7:10:db:34:37:3b:ee:72:28:6b:00:76:d8:
15:1a:93:8d:95:ec:ba:9a:ee:f8:5c:b1:87:7c:17:e8:b5:11:
4a:9b:5d:a8:42:52:39:be:c0:f2:9e:44:37:fc:65:f8:59:a7:
c2:93:0b:40:6e:f4:8b:0b:ce:6b:42:6c:2f:5d:be:dc:92:15:
73:ca:22:aa:ef:1c:b2:ef:f7:4d:b3:05:d0:16:a8:e6:db:c9:
68:03:81:72:96:df:ed:00:e6:5a:0e:09:34:63:82:8c:26:2d:
15:82:0a:e2:98:f4:5e:33:51:ce:98:ad:fa:3c:88:6a:50:da:
22:1e:ba:55
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZP9YMn65VccrDhRuUWrg7AQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjI1MTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM0NDVhNzc3ODkzMWUzY2NkZmE4ZGEyNTkyNzRlODczM2ZhODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pe7bgL34QBwkXnwA78l8G1fMLjF
hozRpsUTgIhxom5M6907GvHmApsF/MXkNrhQmBBT4mlilUc05O0LHXJP/Zx9RZtV
DXBvbiG+zD/+WstxmdYsdj5oCA0sgklOqiXR/Pj1Mh4+CK2emFVLaStiSTo4Ngpy
ITgJsmSpyOfCAOFcexYe8W78NFzUvmbwJqNdv3W5nhdQj4C7bNkZ977G6rGJ54dC
yKi1zv3Khawhmdl2k93yiZG4g2dWLSlOrFPRtr5SC1aMfSeIJnXG/UYQnD2cVqek
605PrQvYaIvLo3DGIec0lYIpnh0uwxtmVTAnWv92T+iKV9+CX0Iq91FLUQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPg0Rad3iTHjzN+o2iWSdOhzP6grMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvMS1EUkZwM2VKTWVQTTM2amFKWkowNkhNX3FDcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQz
NC8xL3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFOT2AME
AlOT9AMEA1u6yAMEA17xqDANBgkqhkiG9w0BAQsFAAOCAQEAOWb0JfOPqu4qdpEC
yJvlOQuhOyZ0wWqMtMFKJKq5c8sg/xDOIZntLEF44md8J/Sbuycp3W54Q/m9YwTj
dH9izsp/ErZk/R4vyiUN+VdS1uklJlH2k8zSwRxvazsnic5cvoNaJWBoD3x9RRCD
MMOXfbIK32WKwNOD40evtI2pIG/UFgr3ENs0NzvucihrAHbYFRqTjZXsupru+Fyx
h3wX6LURSptdqEJSOb7A8p5EN/xl+FmnwpMLQG70iwvOa0JsL12+3JIVc8oiqu8c
su/3TbMF0Bao5tvJaAOBcpbf7QDmWg4JNGOCjCYtFYIK4pj0XjNRzpit+jyIalDa
Ih66VQ==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:16:54 2025 by rpki-client