Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0vp2TciTShUeN3C0Jp9TsA1TptA.roa
File: 0vp2TciTShUeN3C0Jp9TsA1TptA.roa (raw, json)
Hash identifier: 46bgGatYnFhzVQhKq+O+VGSsNSKvpYaXaDWdfG1mreg=
Subject key identifier: D2:FA:76:4D:C8:93:4A:15:1E:37:70:B4:26:9F:53:B0:0D:53:A6:D0
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 018CC802CC3EB4517489E76BC4908CCD861E
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0vp2TciTShUeN3C0Jp9TsA1TptA.roa
Signing time: Tue 02 Jan 2024 02:31:15 +0000
ROA not before: Tue 02 Jan 2024 02:31:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50527
IP address blocks: 93.114.98.0/24 maxlen: 24
89.35.162.0/24 maxlen: 24
93.114.56.0/24 maxlen: 24
86.106.169.0/24 maxlen: 24
89.36.88.0/24 maxlen: 24
93.114.68.0/24 maxlen: 24
188.241.6.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:02:cc:3e:b4:51:74:89:e7:6b:c4:90:8c:cd:86:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 2 02:31:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d2fa764dc8934a151e3770b4269f53b00d53a6d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:cb:c2:76:e6:f4:32:24:f5:fa:0c:4e:51:76:
b6:cc:09:60:c7:9a:26:c2:58:bc:a6:e7:61:d1:08:
73:18:6e:7f:66:34:88:e9:10:af:3a:74:7d:23:3c:
aa:1a:be:58:67:11:b4:2a:01:34:8f:36:f3:75:d3:
a4:bf:0f:c3:0f:87:46:d8:54:39:ce:39:00:c9:d7:
2d:82:19:02:78:76:fe:9f:da:9a:51:0e:da:83:e5:
25:5a:d8:82:de:dd:19:9d:4a:2e:39:33:49:56:ea:
cd:cf:b5:48:0f:f4:47:8d:0c:d9:1b:d9:40:75:12:
5e:a9:45:7d:1a:5a:c6:4a:d6:01:d0:53:0c:6f:6e:
a2:75:ea:83:08:7d:81:a4:60:7d:ee:24:af:d2:51:
67:f4:a2:70:0a:bf:12:bd:c2:94:ec:0f:6f:d3:1d:
a5:78:8d:df:d4:6a:9e:03:f2:8c:7f:27:a7:dd:05:
16:41:32:d7:45:3b:96:dd:38:7e:3d:7b:b1:31:a7:
5f:69:99:f0:e9:28:7b:84:28:6c:47:54:ea:c7:c8:
1a:76:f7:05:44:5c:f1:6d:b1:25:6a:97:f1:5a:b0:
87:9e:6b:76:b8:8f:7b:31:96:1a:4f:1a:01:5f:2c:
d9:1d:18:8a:35:a4:35:37:f4:41:c9:82:53:0c:ea:
46:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:FA:76:4D:C8:93:4A:15:1E:37:70:B4:26:9F:53:B0:0D:53:A6:D0
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/0vp2TciTShUeN3C0Jp9TsA1TptA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.106.169.0/24
89.35.162.0/24
89.36.88.0/24
93.114.56.0/24
93.114.68.0/24
93.114.98.0/24
188.241.6.0/24
Signature Algorithm: sha256WithRSAEncryption
51:55:7b:b5:0e:e9:df:7a:2f:68:ca:f0:95:cc:60:29:00:a8:
f1:ff:84:98:b8:72:30:7c:99:31:2e:f3:a6:92:69:49:1d:bd:
10:f6:67:60:2f:c0:4f:4c:30:b6:98:53:cd:6b:93:ef:c7:a2:
98:8c:ae:ca:32:a2:c0:69:8d:75:d4:20:6c:7b:37:7b:1f:86:
68:e0:2a:45:77:d0:c0:a7:76:d9:fe:8d:5c:8e:d8:60:29:8d:
d3:67:82:90:88:5d:09:52:cb:d7:99:0a:b1:8c:3e:bc:44:b1:
35:2a:eb:74:14:8a:53:80:eb:77:7a:8e:63:ea:c3:bc:82:e0:
c5:52:c4:f3:b2:72:17:64:80:44:3c:e4:9b:97:8a:6f:b2:a2:
f9:8e:6d:76:c0:e0:bf:32:5c:91:ac:10:ce:e6:d0:7e:68:fb:
cd:2b:5c:e5:8c:73:bf:62:e0:dd:74:10:ea:89:a8:92:7b:f4:
ea:87:51:11:fa:bf:95:a7:df:c5:56:11:5f:18:57:3e:29:7e:
c1:3e:d9:1f:d4:2d:01:a5:a3:d0:07:9d:25:87:da:31:75:95:
48:96:f9:d4:00:f4:d1:88:55:1b:97:f1:b3:3e:da:5a:f8:f6:
3f:6d:f9:b9:2e:cc:35:bb:9f:f2:37:d4:33:16:2a:24:f4:4a:
18:ba:16:7e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzIAsw+tFF0iedrxJCMzYYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZhNzY0ZGM4OTM0YTE1MWUzNzcwYjQyNjlmNTNiMDBkNTNhNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8vCdub0MiT1+gxOUXa2zAlgx5om
wli8pudh0QhzGG5/ZjSI6RCvOnR9IzyqGr5YZxG0KgE0jzbzddOkvw/DD4dG2FQ5
zjkAydctghkCeHb+n9qaUQ7ag+UlWtiC3t0ZnUouOTNJVurNz7VID/RHjQzZG9lA
dRJeqUV9GlrGStYB0FMMb26ideqDCH2BpGB97iSv0lFn9KJwCr8SvcKU7A9v0x2l
eI3f1GqeA/KMfyen3QUWQTLXRTuW3Th+PXuxMadfaZnw6Sh7hChsR1Tqx8gadvcF
RFzxbbElapfxWrCHnmt2uI97MZYaTxoBXyzZHRiKNaQ1N/RByYJTDOpGowIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNL6dk3Ik0oVHjdwtCafU7ANU6bQMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvMHZwMlRjaVRTaFVlTjNDMEpwOVRzQTFUcHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVmqpAwQA
WSOiAwQAWSRYAwQAXXI4AwQAXXJEAwQAXXJiAwQAvPEGMA0GCSqGSIb3DQEBCwUA
A4IBAQBRVXu1Dunfei9oyvCVzGApAKjx/4SYuHIwfJkxLvOmkmlJHb0Q9mdgL8BP
TDC2mFPNa5Pvx6KYjK7KMqLAaY111CBsezd7H4Zo4CpFd9DAp3bZ/o1cjthgKY3T
Z4KQiF0JUsvXmQqxjD68RLE1Kut0FIpTgOt3eo5j6sO8guDFUsTzsnIXZIBEPOSb
l4pvsqL5jm12wOC/MlyRrBDO5tB+aPvNK1zljHO/YuDddBDqiaiSe/Tqh1ER+r+V
p9/FVhFfGFc+KX7BPtkf1C0BpaPQB50lh9oxdZVIlvnUAPTRiFUbl/GzPtpa+PY/
bfm5Lsw1u5/yN9QzFiok9EoYuhZ+
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:35:07 2025 by rpki-client