Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/b0J7oskuIerwR_ZfuqcHVx9Ggxs.roa
File: b0J7oskuIerwR_ZfuqcHVx9Ggxs.roa (raw, json)
Hash identifier: CctlkWrqJT42T/qza0qtgwK09uTfLrFpha1iG830Dpw=
Subject key identifier: 6F:42:7B:A2:C9:2E:21:EA:F0:47:F6:5F:BA:A7:07:57:1F:46:83:1B
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019416DEAC4FBEB74BDF6BCFBF44B8ADBC6D
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/b0J7oskuIerwR_ZfuqcHVx9Ggxs.roa
Signing time: Mon 30 Dec 2024 09:21:19 +0000
ROA not before: Mon 30 Dec 2024 09:21:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 83.147.252.0/24 maxlen: 24
83.147.253.0/24 maxlen: 24
83.147.254.0/24 maxlen: 24
91.186.216.0/24 maxlen: 24
91.186.217.0/24 maxlen: 24
91.186.218.0/24 maxlen: 24
91.186.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:16:de:ac:4f:be:b7:4b:df:6b:cf:bf:44:b8:ad:bc:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 30 09:21:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6f427ba2c92e21eaf047f65fbaa707571f46831b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:94:fe:13:93:bf:5c:48:55:a0:0d:f3:64:78:
8a:96:fe:c5:0f:4a:38:87:4e:3e:0c:9a:c4:0c:70:
a5:66:b0:59:75:df:32:ef:23:11:b5:af:c2:8f:86:
2d:34:57:61:3a:a2:9c:67:c2:51:10:33:06:3f:5b:
ed:c1:c7:0b:64:f1:db:2d:87:be:2b:42:f6:ff:60:
a6:87:ab:52:32:64:9f:ea:ec:16:7a:c1:04:ab:a4:
ae:f4:d1:38:da:a8:e8:3b:bf:bd:c8:a5:6f:76:79:
11:ed:b4:7f:95:a2:83:6d:89:aa:bd:75:39:e4:d2:
5b:f4:25:f7:8c:b7:bd:b1:09:9d:d3:04:5b:a5:6e:
dd:04:eb:f5:e3:d0:b4:c7:2c:c4:59:2f:ab:89:49:
48:a5:f5:e2:d9:3c:50:c1:72:7b:49:ad:92:80:1b:
89:8a:7a:2b:86:2e:0a:4b:64:e8:c4:ed:a9:d7:95:
da:e1:84:f5:45:d6:3f:b6:1f:fd:e0:26:aa:69:7b:
6c:f5:b3:f4:4a:2a:0a:a1:ef:7f:21:9f:b6:3f:85:
dc:6a:d9:73:8f:a5:a0:ee:f1:c6:d5:c3:74:07:ca:
7f:72:bf:6d:5d:3b:5f:62:5b:d8:ea:25:cd:f9:77:
1f:17:af:48:81:11:ca:a7:89:b1:4c:f5:2d:40:02:
1f:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:42:7B:A2:C9:2E:21:EA:F0:47:F6:5F:BA:A7:07:57:1F:46:83:1B
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/b0J7oskuIerwR_ZfuqcHVx9Ggxs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.252.0-83.147.254.255
91.186.216.0/22
Signature Algorithm: sha256WithRSAEncryption
8e:fe:62:d9:be:d8:58:76:a3:0f:a2:71:62:94:16:fb:76:6b:
f8:c4:95:02:67:bb:67:ce:5b:6e:dc:fd:20:5a:2e:14:34:52:
b0:a1:7a:11:60:6a:aa:2a:b5:80:61:d6:4d:f8:a5:e8:85:73:
bd:c8:45:32:96:88:82:4a:c4:95:80:c8:25:be:67:0d:4b:1d:
eb:a3:18:ff:e0:df:2b:a1:bd:f9:0d:cb:81:3c:2b:38:48:da:
1b:f1:91:ad:ba:7f:87:82:9c:12:25:1a:5e:0e:99:d6:57:b9:
9b:38:26:ef:c6:83:a0:c0:34:61:2b:b2:d3:1b:7b:b1:04:fd:
8b:6b:8c:69:4f:07:48:26:a4:03:dd:8e:a6:c2:b6:e5:65:ba:
85:f8:72:8c:5b:40:3d:88:89:09:a5:95:7d:c2:4b:10:be:01:
2b:df:c6:95:a8:21:2a:a1:be:47:f3:a4:94:38:68:64:82:26:
c7:9f:a3:3c:7f:f2:39:fc:23:bb:41:98:60:43:f4:38:e8:63:
28:21:64:2f:99:08:b1:c3:67:4c:38:02:12:7a:20:d8:93:1f:
28:7f:b9:b3:d9:70:ec:68:e2:2a:ae:62:7a:bb:e5:48:f1:eb:
9b:42:e6:20:f7:cd:7d:eb:89:76:d2:cf:4a:f6:47:86:be:8c:
80:34:79:03
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQW3qxPvrdL32vPv0S4rbxtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjMwMDkyMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjQyN2JhMmM5MmUyMWVhZjA0N2Y2NWZiYWE3MDc1NzFmNDY4MzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5T+E5O/XEhVoA3zZHiKlv7FD0o4
h04+DJrEDHClZrBZdd8y7yMRta/Cj4YtNFdhOqKcZ8JREDMGP1vtwccLZPHbLYe+
K0L2/2Cmh6tSMmSf6uwWesEEq6Su9NE42qjoO7+9yKVvdnkR7bR/laKDbYmqvXU5
5NJb9CX3jLe9sQmd0wRbpW7dBOv149C0xyzEWS+riUlIpfXi2TxQwXJ7Sa2SgBuJ
inorhi4KS2ToxO2p15Xa4YT1RdY/th/94CaqaXts9bP0SioKoe9/IZ+2P4Xcatlz
j6Wg7vHG1cN0B8p/cr9tXTtfYlvY6iXN+XcfF69IgRHKp4mxTPUtQAIfzwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG9Ce6LJLiHq8Ef2X7qnB1cfRoMbMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvYjBKN29za3VJZXJ3Ul9aZnVxY0hWeDlHZ3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJTk/wD
BABTk/4DBAJbutgwDQYJKoZIhvcNAQELBQADggEBAI7+Ytm+2Fh2ow+icWKUFvt2
a/jElQJnu2fOW27c/SBaLhQ0UrChehFgaqoqtYBh1k34peiFc73IRTKWiIJKxJWA
yCW+Zw1LHeujGP/g3yuhvfkNy4E8KzhI2hvxka26f4eCnBIlGl4OmdZXuZs4Ju/G
g6DANGErstMbe7EE/YtrjGlPB0gmpAPdjqbCtuVluoX4coxbQD2IiQmllX3CSxC+
ASvfxpWoISqhvkfzpJQ4aGSCJsefozx/8jn8I7tBmGBD9DjoYyghZC+ZCLHDZ0w4
AhJ6INiTHyh/ubPZcOxo4iquYnq75Ujx65tC5iD3zX3riXbSz0r2R4a+jIA0eQM=
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:48:34 2025 by rpki-client