Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8dNWZDN5DUyPPF7mZdQdy4dqhYA.roa
File: 8dNWZDN5DUyPPF7mZdQdy4dqhYA.roa (raw, json)
Hash identifier: AZFvWuFREIXfNeKYxNXAZNWnTIAfqgomCfsLJKNmxJQ=
Subject key identifier: F1:D3:56:64:33:79:0D:4C:8F:3C:5E:E6:65:D4:1D:CB:87:6A:85:80
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57C45280C0F6CAA105037FD86F387
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8dNWZDN5DUyPPF7mZdQdy4dqhYA.roa
Signing time: Thu 02 Jan 2025 15:49:52 +0000
ROA not before: Thu 02 Jan 2025 15:49:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5065
IP address blocks: 83.147.223.0/24 maxlen: 24
94.241.136.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7c:45:28:0c:0f:6c:aa:10:50:37:fd:86:f3:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1d3566433790d4c8f3c5ee665d41dcb876a8580
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:0a:6d:65:1f:d0:7a:9c:8d:95:a2:97:66:45:
02:d4:fb:18:d9:2e:dd:12:a7:16:41:8e:7b:8b:81:
71:36:37:1b:8d:38:5a:40:3f:32:c5:1b:5b:42:08:
fe:fc:b0:18:2b:90:a9:a0:3d:26:11:75:a0:e0:1d:
85:37:42:1a:1f:d7:69:85:10:1e:19:7b:1d:e9:cf:
04:e2:7b:58:1c:91:a8:f5:c0:42:4d:b5:3f:b7:21:
44:54:18:62:d1:b9:2a:8a:a0:4d:e9:45:4a:9e:6e:
0b:98:b4:a0:0f:6b:18:2b:a1:cd:5b:cc:c1:36:50:
b0:fd:d6:94:8f:c1:1e:f2:a8:e2:12:7a:99:b4:b7:
bc:42:78:25:f0:53:a8:e6:f7:6b:b1:ba:0f:f3:e0:
b7:9e:1a:2f:ea:b0:58:a6:be:61:d1:c8:a1:21:62:
31:74:53:5d:de:98:8e:9b:ba:ed:98:fa:1d:9e:c7:
de:ac:51:15:f0:35:d9:36:8c:8e:00:1c:be:d1:61:
b1:46:51:07:ed:3a:dc:8e:53:db:86:9d:c5:ab:15:
45:ae:19:8c:79:a4:1f:ca:68:88:04:0d:f7:2c:f4:
ac:4c:40:a7:1a:9d:5d:35:50:fd:8b:71:42:9b:e0:
38:69:98:27:2b:8e:21:78:44:f1:fe:4f:94:85:f3:
64:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:D3:56:64:33:79:0D:4C:8F:3C:5E:E6:65:D4:1D:CB:87:6A:85:80
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8dNWZDN5DUyPPF7mZdQdy4dqhYA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.223.0/24
94.241.136.0/23
Signature Algorithm: sha256WithRSAEncryption
10:2b:d4:b6:ca:ba:49:e6:11:27:29:71:83:9d:88:95:98:6a:
8a:8b:ea:fb:ad:cc:51:44:db:da:3b:54:f7:23:9d:1a:0d:f1:
40:2f:c3:be:05:56:85:17:84:e6:f0:10:48:48:98:5a:dc:cb:
e1:50:67:31:6a:cb:fb:91:e7:a5:02:1a:47:13:3a:cb:53:44:
c2:3b:21:d4:dc:ad:96:31:76:e8:09:65:54:3c:6f:f2:62:c2:
bf:c4:b2:15:d6:d8:07:35:5f:fa:5e:cc:67:80:43:fc:a4:8c:
3c:15:74:ff:e2:03:64:38:61:c5:02:63:89:8c:56:d0:b1:72:
77:e6:a0:89:cd:65:69:84:95:b8:b8:93:a2:ea:f9:50:87:2f:
75:e8:96:f9:23:c4:ab:f0:12:c2:d8:02:cd:a0:ec:45:a5:50:
db:cf:d7:02:fd:67:a3:8f:77:4c:d9:f4:23:54:2e:17:6e:f6:
9f:c7:e6:96:40:4d:13:8e:f6:77:82:1b:36:6f:cd:ca:76:2e:
22:0a:27:b1:31:9b:7c:ce:4a:38:ec:14:f2:21:d4:2f:f0:25:
08:9d:28:73:4b:23:df:b0:1f:9e:f5:72:bf:46:5e:0a:1a:8b:
e9:b8:b7:4f:cc:0c:5c:7f:fe:a4:0c:48:08:58:95:ab:1b:17:
09:0f:06:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntXxFKAwPbKoQUDf9hvOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQzNTY2NDMzNzkwZDRjOGYzYzVlZTY2NWQ0MWRjYjg3NmE4NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAptZR/QepyNlaKXZkUC1PsY2S7d
EqcWQY57i4FxNjcbjThaQD8yxRtbQgj+/LAYK5CpoD0mEXWg4B2FN0IaH9dphRAe
GXsd6c8E4ntYHJGo9cBCTbU/tyFEVBhi0bkqiqBN6UVKnm4LmLSgD2sYK6HNW8zB
NlCw/daUj8Ee8qjiEnqZtLe8Qngl8FOo5vdrsboP8+C3nhov6rBYpr5h0cihIWIx
dFNd3piOm7rtmPodnsferFEV8DXZNoyOABy+0WGxRlEH7TrcjlPbhp3FqxVFrhmM
eaQfymiIBA33LPSsTECnGp1dNVD9i3FCm+A4aZgnK44heETx/k+UhfNkIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPHTVmQzeQ1Mjzxe5mXUHcuHaoWAMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvOGROV1pETjVEVXlQUEY3bVpkUWR5NGRxaFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU5PfAwQB
XvGIMA0GCSqGSIb3DQEBCwUAA4IBAQAQK9S2yrpJ5hEnKXGDnYiVmGqKi+r7rcxR
RNvaO1T3I50aDfFAL8O+BVaFF4Tm8BBISJha3MvhUGcxasv7keelAhpHEzrLU0TC
OyHU3K2WMXboCWVUPG/yYsK/xLIV1tgHNV/6XsxngEP8pIw8FXT/4gNkOGHFAmOJ
jFbQsXJ35qCJzWVphJW4uJOi6vlQhy916Jb5I8Sr8BLC2ALNoOxFpVDbz9cC/Wej
j3dM2fQjVC4Xbvafx+aWQE0TjvZ3ghs2b83Kdi4iCiexMZt8zko47BTyIdQv8CUI
nShzSyPfsB+e9XK/Rl4KGovpuLdPzAxcf/6kDEgIWJWrGxcJDwZL
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:50:17 2025 by rpki-client