Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GR0s1EnNL2qtlTmDmyVpHfp0Xmo.roa
File: GR0s1EnNL2qtlTmDmyVpHfp0Xmo.roa (raw, json)
Hash identifier: cI561RAaHrIZAxnuYiZ24JCwQMH3bO0kXA3ua35eSsc=
Subject key identifier: 19:1D:2C:D4:49:CD:2F:6A:AD:95:39:83:9B:25:69:1D:FA:74:5E:6A
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0194465CDF8B1D6CCE1B3B326D7F6C0842D1
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GR0s1EnNL2qtlTmDmyVpHfp0Xmo.roa
Signing time: Wed 08 Jan 2025 14:41:19 +0000
ROA not before: Wed 08 Jan 2025 14:41:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 83.147.192.0/24 maxlen: 24
83.147.232.0/22 maxlen: 24
83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:46:5c:df:8b:1d:6c:ce:1b:3b:32:6d:7f:6c:08:42:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 8 14:41:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=191d2cd449cd2f6aad9539839b25691dfa745e6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:bb:8c:b2:53:83:61:88:d5:ab:5b:3b:14:13:
a6:74:86:71:20:78:25:b5:5a:b7:26:fb:fc:47:73:
f4:f6:c1:e1:7e:2e:17:e6:b6:1d:f6:ab:3b:82:b8:
2d:31:94:fd:69:2a:3a:b8:08:98:5d:fb:70:89:6f:
2a:64:22:c2:cf:47:bd:f1:06:47:d1:e9:17:c1:69:
ac:49:f6:9e:e3:5f:d9:99:12:95:4f:b6:e3:c7:f0:
1c:e2:99:b6:00:34:0f:8c:41:39:ef:cf:20:13:ec:
c0:09:37:b1:71:b5:60:30:ff:87:b5:fc:f5:bc:9c:
35:e8:c0:9a:d9:61:6c:a0:f0:e5:76:cb:86:ce:58:
68:e0:6a:df:05:e8:42:c7:c5:89:f4:04:93:6a:d9:
b1:c0:72:92:13:7a:31:9b:43:f0:09:eb:a4:f9:46:
0d:f5:01:e1:ae:da:e9:f4:7a:a1:d3:74:69:8a:3a:
43:95:ab:90:70:8b:a0:70:eb:3d:02:3e:c2:d9:66:
fb:d9:8f:74:e7:dd:ac:67:5a:be:dd:c5:e9:14:c8:
df:28:77:de:11:1f:0f:f0:d2:eb:d5:fb:e4:8d:55:
a4:b7:21:e9:b0:91:02:5b:7a:90:09:e0:5e:85:70:
64:68:49:63:cd:98:c2:95:60:36:90:78:d3:97:69:
53:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:1D:2C:D4:49:CD:2F:6A:AD:95:39:83:9B:25:69:1D:FA:74:5E:6A
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GR0s1EnNL2qtlTmDmyVpHfp0Xmo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.192.0/24
83.147.232.0/22
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
7d:2b:db:bb:98:3e:30:5e:a2:da:3b:2f:1e:b1:d8:db:6a:83:
6c:08:56:1e:86:27:da:91:96:e8:4f:eb:c1:48:f2:f6:eb:1f:
1d:44:39:42:b7:34:54:35:d3:fa:03:09:5b:f7:91:22:ac:36:
62:a7:54:e4:7c:4d:2b:7e:a6:03:03:41:de:72:b6:e6:d7:d4:
67:37:27:6b:40:ea:13:f5:f4:1d:ce:83:2f:50:b4:be:82:e1:
42:05:e0:0c:1e:44:84:32:59:52:ea:4d:29:6f:56:3c:2a:e7:
b4:80:12:01:4c:20:2b:0f:b0:5a:d1:51:bc:7a:78:85:50:bb:
c7:73:be:47:14:82:96:2a:4c:8d:c3:a6:a1:50:e3:3a:a3:e3:
de:e8:60:c0:7c:04:01:fa:ec:18:d7:c6:a8:6a:f6:bc:b3:7b:
97:71:9c:b1:3e:5c:ba:31:cc:08:51:b8:9b:d2:ab:9d:9f:0b:
56:ea:33:ae:30:fd:6a:6e:ef:f9:a8:8f:a2:79:5b:70:ae:dd:
2d:48:27:59:74:4f:6a:ad:d9:3e:b4:46:54:7d:61:ff:85:c3:
11:27:0e:18:77:35:ad:11:d5:f5:b4:de:d1:c9:b1:99:48:a1:
00:5a:1b:a2:3a:2c:57:14:3f:f4:53:2e:77:50:2f:08:7b:d2:
9f:df:50:a0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZRGXN+LHWzOGzsybX9sCELRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTA4MTQ0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFkMmNkNDQ5Y2QyZjZhYWQ5NTM5ODM5YjI1NjkxZGZhNzQ1ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobuMslODYYjVq1s7FBOmdIZxIHgl
tVq3Jvv8R3P09sHhfi4X5rYd9qs7grgtMZT9aSo6uAiYXftwiW8qZCLCz0e98QZH
0ekXwWmsSfae41/ZmRKVT7bjx/Ac4pm2ADQPjEE5788gE+zACTexcbVgMP+Htfz1
vJw16MCa2WFsoPDldsuGzlho4GrfBehCx8WJ9ASTatmxwHKSE3oxm0PwCeuk+UYN
9QHhrtrp9Hqh03RpijpDlauQcIugcOs9Aj7C2Wb72Y90592sZ1q+3cXpFMjfKHfe
ER8P8NLr1fvkjVWktyHpsJECW3qQCeBehXBkaEljzZjClWA2kHjTl2lTJwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBkdLNRJzS9qrZU5g5slaR36dF5qMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvR1IwczFFbk5MMnF0bFRtRG15VnBIZnAwWG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAU5PAAwQC
U5PoAwQCU5P0AwQDW7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQB9K9u7mD4w
XqLaOy8esdjbaoNsCFYehifakZboT+vBSPL26x8dRDlCtzRUNdP6Awlb95EirDZi
p1TkfE0rfqYDA0Hecrbm19RnNydrQOoT9fQdzoMvULS+guFCBeAMHkSEMllS6k0p
b1Y8Kue0gBIBTCArD7Ba0VG8eniFULvHc75HFIKWKkyNw6ahUOM6o+Pe6GDAfAQB
+uwY18aoava8s3uXcZyxPly6McwIUbib0qudnwtW6jOuMP1qbu/5qI+ieVtwrt0t
SCdZdE9qrdk+tEZUfWH/hcMRJw4YdzWtEdX1tN7RybGZSKEAWhuiOixXFD/0Uy53
UC8Ie9Kf31Cg
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:57:15 2025 by rpki-client