Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hQKPZRXFrS3OA31tq5eHN9PTtT8.roa
File: hQKPZRXFrS3OA31tq5eHN9PTtT8.roa (raw, json)
Hash identifier: h/hQVx61PX5kLi3Fzc1Dhgtrdz36FJRWUvLq8koIfy4=
Subject key identifier: 85:02:8F:65:15:C5:AD:2D:CE:03:7D:6D:AB:97:87:37:D3:D3:B5:3F
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 01938744736BA5A0B3CFD45F0E17343F3F5F
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hQKPZRXFrS3OA31tq5eHN9PTtT8.roa
Signing time: Mon 02 Dec 2024 12:07:10 +0000
ROA not before: Mon 02 Dec 2024 12:07:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 83.147.248.0/24 maxlen: 24
83.147.249.0/24 maxlen: 24
83.147.250.0/24 maxlen: 24
83.147.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:87:44:73:6b:a5:a0:b3:cf:d4:5f:0e:17:34:3f:3f:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 2 12:07:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85028f6515c5ad2dce037d6dab978737d3d3b53f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5d:e1:b8:e1:de:83:39:3c:21:03:d9:04:85:
73:b9:ac:78:aa:db:9a:18:2c:cb:e1:e5:db:1c:46:
b5:78:a7:c9:92:3b:97:a0:59:36:e9:f7:93:54:3c:
80:4c:33:97:14:28:dc:55:47:d5:51:60:c7:f0:4a:
16:1d:4a:76:8c:49:d5:77:76:0c:ff:29:74:11:9b:
2a:4f:1a:ca:c1:20:a1:c6:96:75:01:6a:6f:17:d0:
b9:bf:a9:28:4d:9f:99:9d:1f:8b:bd:37:5c:1a:27:
f0:56:f4:97:4c:23:06:8b:44:d2:87:1e:f1:92:95:
ba:09:47:50:1c:a1:60:1e:0e:7f:48:a5:6a:33:9c:
5a:7b:6b:27:9f:d0:81:64:2a:6c:4b:65:2f:a7:ee:
d7:f4:23:7b:8d:b9:9e:fc:54:ff:60:13:76:97:14:
f4:1a:33:77:dc:31:6b:fc:eb:2e:04:52:84:d3:f8:
65:df:39:31:84:91:a0:87:44:7d:d8:65:71:96:ef:
d4:5d:bb:de:19:f9:0e:ec:49:48:68:30:1b:51:8a:
c7:27:8a:68:4f:4d:0e:df:e8:5d:f8:5d:96:f0:7b:
1d:76:8d:7d:0f:67:c0:55:c4:0c:93:f9:64:c3:17:
fe:20:39:1c:90:9b:2a:03:c7:77:36:84:e7:11:e3:
df:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:02:8F:65:15:C5:AD:2D:CE:03:7D:6D:AB:97:87:37:D3:D3:B5:3F
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/hQKPZRXFrS3OA31tq5eHN9PTtT8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.248.0/22
Signature Algorithm: sha256WithRSAEncryption
00:74:37:ff:37:76:0e:a3:b8:e8:5c:e6:1e:ba:0d:9d:e6:09:
04:0d:4f:24:94:dd:ef:11:ba:4e:ef:c1:58:71:a6:3b:94:86:
77:e1:57:a4:c1:a2:31:aa:11:93:2c:7a:71:15:20:6d:0d:5d:
0a:b2:c6:15:21:f7:b4:eb:d0:15:5d:a1:1b:36:33:df:da:34:
a8:0f:dd:33:49:34:18:2b:2d:bc:46:28:48:d6:fc:d4:45:90:
97:4f:00:50:4f:6f:20:4e:75:2b:dc:15:c7:44:9b:3b:dc:30:
e3:9d:39:af:e7:79:e4:e4:66:3c:d5:20:b3:2e:ee:86:3d:d4:
d0:6c:d8:e5:86:8e:7c:11:98:cd:33:5a:8b:eb:a6:d7:11:2c:
f3:c5:af:30:f9:3e:4b:e3:8c:3c:97:a4:a6:fd:52:7c:a1:c7:
11:ed:57:b2:71:27:d8:db:5d:c1:ae:59:78:bf:88:d3:f8:1a:
3a:0b:fe:8f:40:55:74:f7:cd:4c:10:19:e8:59:18:14:8e:0b:
7f:ce:ef:0f:eb:05:53:0e:52:ac:fe:07:5e:77:87:bf:17:3e:
c6:8e:3d:6e:e9:5e:a8:9c:aa:0b:57:54:8a:2f:8a:ab:10:10:
65:8d:9c:f7:f3:e7:0c:af:24:49:e4:97:df:dd:fb:32:2a:5c:
8e:76:1c:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOHRHNrpaCzz9RfDhc0Pz9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjAyMTIwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTAyOGY2NTE1YzVhZDJkY2UwMzdkNmRhYjk3ODczN2QzZDNiNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo13huOHegzk8IQPZBIVzuax4qtua
GCzL4eXbHEa1eKfJkjuXoFk26feTVDyATDOXFCjcVUfVUWDH8EoWHUp2jEnVd3YM
/yl0EZsqTxrKwSChxpZ1AWpvF9C5v6koTZ+ZnR+LvTdcGifwVvSXTCMGi0TShx7x
kpW6CUdQHKFgHg5/SKVqM5xae2snn9CBZCpsS2Uvp+7X9CN7jbme/FT/YBN2lxT0
GjN33DFr/OsuBFKE0/hl3zkxhJGgh0R92GVxlu/UXbveGfkO7ElIaDAbUYrHJ4po
T00O3+hd+F2W8Hsddo19D2fAVcQMk/lkwxf+IDkckJsqA8d3NoTnEePfKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUCj2UVxa0tzgN9bauXhzfT07U/MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvaFFLUFpSWEZyUzNPQTMxdHE1ZUhOOVBUdFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5P4MA0G
CSqGSIb3DQEBCwUAA4IBAQAAdDf/N3YOo7joXOYeug2d5gkEDU8klN3vEbpO78FY
caY7lIZ34VekwaIxqhGTLHpxFSBtDV0KssYVIfe069AVXaEbNjPf2jSoD90zSTQY
Ky28RihI1vzURZCXTwBQT28gTnUr3BXHRJs73DDjnTmv53nk5GY81SCzLu6GPdTQ
bNjlho58EZjNM1qL66bXESzzxa8w+T5L44w8l6Sm/VJ8occR7VeycSfY213Brll4
v4jT+Bo6C/6PQFV0981MEBnoWRgUjgt/zu8P6wVTDlKs/gded4e/Fz7Gjj1u6V6o
nKoLV1SKL4qrEBBljZz38+cMryRJ5Jff3fsyKlyOdhxn
-----END CERTIFICATE-----
Generated at Sun Apr 20 05:04:26 2025 by rpki-client