Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7y9lPWYbVTiAvIVJpSfK4FQuPos.roa
File: 7y9lPWYbVTiAvIVJpSfK4FQuPos.roa (raw, json)
Hash identifier: uCeBIGWU2aM2ubwvZZsvbF1Iywu/k4GAHd20Jw603pY=
Subject key identifier: EF:2F:65:3D:66:1B:55:38:80:BC:85:49:A5:27:CA:E0:54:2E:3E:8B
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0194179A59CCA21DECBE3460C5A1A10B35EC
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7y9lPWYbVTiAvIVJpSfK4FQuPos.roa
Signing time: Mon 30 Dec 2024 12:46:18 +0000
ROA not before: Mon 30 Dec 2024 12:46:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.232.0/22 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:17:9a:59:cc:a2:1d:ec:be:34:60:c5:a1:a1:0b:35:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 30 12:46:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ef2f653d661b553880bc8549a527cae0542e3e8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:91:6e:bc:9e:9a:21:bc:b5:3d:74:4c:33:7b:
0c:c6:b6:ec:00:22:1b:54:43:d5:d5:98:20:f4:2a:
1b:42:9e:98:d2:64:94:a8:0a:8e:ab:32:49:a7:6a:
23:96:c4:09:63:d2:5c:62:a3:18:04:fc:df:1b:92:
79:24:ad:68:82:ab:74:78:37:76:29:de:f7:8c:cc:
70:a1:11:a3:10:2b:e8:72:fa:6d:cc:ab:ab:8b:0c:
4c:9c:8c:78:58:07:7e:d0:54:a4:88:08:5d:56:1b:
d6:45:74:52:91:64:1b:9f:74:3f:c1:b4:8b:1f:3b:
da:de:76:3c:f6:f7:42:dd:61:98:91:ad:db:df:e5:
3c:44:71:9c:66:c2:34:7d:7f:58:94:6b:76:8c:f6:
ee:84:0f:79:5e:d9:35:6e:26:49:fa:b9:93:4b:95:
4f:df:bf:40:13:77:c9:99:b3:4d:3a:25:e4:9f:46:
98:c2:90:c5:f1:26:16:0d:95:a2:f3:7e:62:20:c9:
06:e2:a0:85:08:26:24:5d:15:18:d0:5d:37:56:33:
2f:88:53:5c:48:ba:55:0f:3d:94:e3:29:2f:ee:9f:
ea:be:db:98:07:4a:28:a5:8e:96:4b:b2:ef:c0:af:
67:36:26:30:0c:16:d8:bb:65:74:23:cd:75:6e:3b:
d9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:2F:65:3D:66:1B:55:38:80:BC:85:49:A5:27:CA:E0:54:2E:3E:8B
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/7y9lPWYbVTiAvIVJpSfK4FQuPos.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.232.0/22
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
47:dc:04:ca:a4:85:66:f9:09:f2:c4:79:3c:5f:24:92:52:43:
dd:31:5f:e6:a9:c9:d8:dd:8f:43:c9:cc:fb:47:a9:ca:67:50:
52:d9:db:a3:eb:c6:6e:3e:fc:21:4e:6e:1f:96:89:22:d6:c6:
a5:e5:30:69:fa:aa:e2:e1:a5:31:54:e6:ea:d1:2b:25:4e:53:
f2:1d:85:81:2d:7f:7f:49:3d:db:9e:18:50:46:03:3a:2c:49:
6a:bd:8d:33:57:a9:0e:32:60:4c:4a:b9:b2:52:00:64:5a:4b:
1d:97:be:e9:4c:cc:d2:1d:c3:f9:7c:84:cc:b4:22:25:51:e0:
d6:06:66:c0:2f:66:04:cb:c2:a4:30:7a:fb:4e:87:78:47:24:
e5:6c:c3:94:23:62:69:25:65:91:10:7a:19:13:3e:5e:30:ea:
ed:19:93:cd:9e:52:9c:f3:4d:59:86:64:ea:f9:4a:4a:b9:9e:
bd:e3:d1:8f:16:cc:7b:f3:d9:46:43:7f:16:be:95:06:f3:37:
4c:ec:b3:6c:dd:a3:a0:70:04:85:6b:83:99:6d:a8:64:93:43:
a1:cc:dd:28:f9:45:df:ba:c4:f9:92:61:e8:b5:e6:0c:cb:f2:
3f:d7:bd:cd:15:a4:3f:4c:33:9c:cb:78:31:6d:33:c4:3e:bd:
0a:13:d5:db
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQXmlnMoh3svjRgxaGhCzXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjMwMTI0NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjJmNjUzZDY2MWI1NTM4ODBiYzg1NDlhNTI3Y2FlMDU0MmUzZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZFuvJ6aIby1PXRMM3sMxrbsACIb
VEPV1Zgg9CobQp6Y0mSUqAqOqzJJp2ojlsQJY9JcYqMYBPzfG5J5JK1ogqt0eDd2
Kd73jMxwoRGjECvocvptzKuriwxMnIx4WAd+0FSkiAhdVhvWRXRSkWQbn3Q/wbSL
Hzva3nY89vdC3WGYka3b3+U8RHGcZsI0fX9YlGt2jPbuhA95Xtk1biZJ+rmTS5VP
379AE3fJmbNNOiXkn0aYwpDF8SYWDZWi835iIMkG4qCFCCYkXRUY0F03VjMviFNc
SLpVDz2U4ykv7p/qvtuYB0oopY6WS7LvwK9nNiYwDBbYu2V0I811bjvZeQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFO8vZT1mG1U4gLyFSaUnyuBULj6LMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvN3k5bFBXWWJWVGlBdklWSnBTZks0RlF1UG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCU5PoAwQC
U5P0AwQDW7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQBH3ATKpIVm+QnyxHk8
XySSUkPdMV/mqcnY3Y9Dycz7R6nKZ1BS2duj68ZuPvwhTm4floki1sal5TBp+qri
4aUxVObq0SslTlPyHYWBLX9/ST3bnhhQRgM6LElqvY0zV6kOMmBMSrmyUgBkWksd
l77pTMzSHcP5fITMtCIlUeDWBmbAL2YEy8KkMHr7Tod4RyTlbMOUI2JpJWWREHoZ
Ez5eMOrtGZPNnlKc801ZhmTq+UpKuZ6949GPFsx789lGQ38WvpUG8zdM7LNs3aOg
cASFa4OZbahkk0OhzN0o+UXfusT5kmHoteYMy/I/173NFaQ/TDOcy3gxbTPEPr0K
E9Xb
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:28:54 2025 by rpki-client