Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7caL5pkFysa_3ave8BmBMrh_8gc.roa
File: 7caL5pkFysa_3ave8BmBMrh_8gc.roa (raw, json)
Hash identifier: uqJREnGYk/hHplyOM9kwowqceX5xbdL6djgRmkMZY2A=
Subject key identifier: ED:C6:8B:E6:99:05:CA:C6:BF:DD:AB:DE:F0:19:81:32:B8:7F:F2:07
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0193B5023AFEDA73E9388AF86F443A9937EA
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7caL5pkFysa_3ave8BmBMrh_8gc.roa
Signing time: Wed 11 Dec 2024 09:17:22 +0000
ROA not before: Wed 11 Dec 2024 09:17:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.216.0/24 maxlen: 24
83.147.244.0/22 maxlen: 24
83.147.252.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:b5:02:3a:fe:da:73:e9:38:8a:f8:6f:44:3a:99:37:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 11 09:17:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=edc68be69905cac6bfddabdef0198132b87ff207
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:ed:c9:fc:c9:f8:e3:f7:12:c3:96:b1:e6:af:
8d:1f:c4:fb:6b:29:f2:7c:18:c0:fb:18:06:63:cd:
cf:40:80:f8:d0:46:78:fc:3a:28:6a:e9:2a:1d:c1:
cf:15:79:ca:5a:29:40:d1:5e:92:31:72:40:cc:f8:
14:68:4b:33:43:9a:62:5d:46:6c:27:f2:13:78:f7:
52:63:5d:c3:d7:c2:a1:1d:c6:6c:5b:a8:32:bc:00:
eb:e5:ef:79:ac:70:55:2a:7c:9a:a8:18:b3:07:75:
cd:4e:bd:33:04:c1:ef:d3:a4:ec:67:fb:5b:62:41:
92:f8:64:6c:11:f3:bf:5c:d3:10:9b:93:e0:1b:4d:
12:1c:a4:c2:fa:0c:93:36:8a:60:8e:dc:e5:7d:9d:
ea:14:d8:9a:7b:fb:96:3a:5f:60:c5:1d:43:fb:12:
26:64:b2:f5:4d:8f:b4:79:7d:58:89:7b:07:d7:2b:
c6:94:d1:71:c3:0d:47:c9:ca:14:f0:5a:cd:29:70:
98:c8:01:52:e4:f4:bb:22:d5:5c:91:ab:b3:c4:8f:
68:5f:1c:ff:9c:5b:33:c0:c9:9a:33:d3:49:f5:5b:
75:a9:ea:09:12:7d:3f:1b:13:b0:6c:5a:08:03:5a:
13:05:ed:de:13:15:e4:c9:d5:16:a9:3c:5e:b3:8f:
66:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:C6:8B:E6:99:05:CA:C6:BF:DD:AB:DE:F0:19:81:32:B8:7F:F2:07
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7caL5pkFysa_3ave8BmBMrh_8gc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.216.0/24
83.147.244.0/22
83.147.252.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
09:54:a4:21:d0:89:f1:e2:06:e5:3e:d4:fe:2f:cd:86:c5:59:
84:b1:67:7e:43:be:ba:a1:9c:96:40:29:8a:d8:5e:70:01:f0:
a6:d3:79:d1:c3:b1:3a:22:cb:9b:35:01:62:36:7d:f4:f4:16:
8a:77:4a:a2:02:c7:79:5d:7b:4c:46:90:31:f1:f4:e6:0e:49:
27:72:bb:b3:7a:f4:3a:30:b7:dc:ad:5f:33:17:56:f2:9d:88:
da:fa:7b:fb:61:a5:20:b0:39:60:74:90:7c:c4:e6:e1:fa:b5:
9b:10:29:c7:c4:bf:48:bd:89:01:70:9d:72:47:d4:13:ac:d1:
13:fb:8c:d7:15:78:96:76:b8:d8:ae:78:e5:d3:fe:ea:35:cc:
c0:85:ff:2f:a0:eb:8f:81:28:2c:5e:82:33:fd:d6:69:8e:8b:
bf:04:33:12:89:09:07:7c:71:27:5a:8e:68:19:f4:e6:4b:5d:
0f:f6:d0:78:7f:63:ec:cc:42:af:2d:56:83:a1:e3:af:07:fe:
09:02:f1:97:ef:42:e3:b1:c6:c7:ed:92:a1:16:f8:d6:6f:84:
60:89:b2:61:62:51:82:55:64:59:5d:4b:17:41:98:07:da:83:
63:c2:44:75:a8:26:71:d9:0e:e0:f9:0c:8b:e0:4d:a8:07:37:
91:f0:b5:df
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZO1Ajr+2nPpOIr4b0Q6mTfqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjExMDkxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM2OGJlNjk5MDVjYWM2YmZkZGFiZGVmMDE5ODEzMmI4N2ZmMjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO3J/Mn44/cSw5ax5q+NH8T7ayny
fBjA+xgGY83PQID40EZ4/DooaukqHcHPFXnKWilA0V6SMXJAzPgUaEszQ5piXUZs
J/ITePdSY13D18KhHcZsW6gyvADr5e95rHBVKnyaqBizB3XNTr0zBMHv06TsZ/tb
YkGS+GRsEfO/XNMQm5PgG00SHKTC+gyTNopgjtzlfZ3qFNiae/uWOl9gxR1D+xIm
ZLL1TY+0eX1YiXsH1yvGlNFxww1HycoU8FrNKXCYyAFS5PS7ItVckauzxI9oXxz/
nFszwMmaM9NJ9Vt1qeoJEn0/GxOwbFoIA1oTBe3eExXkydUWqTxes49mfwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFO3Gi+aZBcrGv92r3vAZgTK4f/IHMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvN2NhTDVwa0Z5c2FfM2F2ZThCbUJNcmhfOGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAU5PYAwQC
U5P0AwQCU5P8AwQDW7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQAJVKQh0Inx
4gblPtT+L82GxVmEsWd+Q766oZyWQCmK2F5wAfCm03nRw7E6IsubNQFiNn309BaK
d0qiAsd5XXtMRpAx8fTmDkkncruzevQ6MLfcrV8zF1bynYja+nv7YaUgsDlgdJB8
xObh+rWbECnHxL9IvYkBcJ1yR9QTrNET+4zXFXiWdrjYrnjl0/7qNczAhf8voOuP
gSgsXoIz/dZpjou/BDMSiQkHfHEnWo5oGfTmS10P9tB4f2PszEKvLVaDoeOvB/4J
AvGX70LjscbH7ZKhFvjWb4RgibJhYlGCVWRZXUsXQZgH2oNjwkR1qCZx2Q7g+QyL
4E2oBzeR8LXf
-----END CERTIFICATE-----
Generated at Wed Apr 23 05:11:50 2025 by rpki-client