Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/Lffo125bpHPlsWk9gIH9osjZ0Fg.roa
File: Lffo125bpHPlsWk9gIH9osjZ0Fg.roa (raw, json)
Hash identifier: DxuH4d+bgoD/4zGw/qBR+9/hm8gJNlo+nT8PyikRZvk=
Subject key identifier: 2D:F7:E8:D7:6E:5B:A4:73:E5:B1:69:3D:80:81:FD:A2:C8:D9:D0:58
Certificate issuer: /CN=535825ce8bf544170282f720a2484141568b0e7d
Certificate serial: 018570F08C1755E4C803EDDD39A86BF4996F
Authority key identifier: 53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/Lffo125bpHPlsWk9gIH9osjZ0Fg.roa
Signing time: Mon 02 Jan 2023 05:24:50 +0000
ROA not before: Mon 02 Jan 2023 05:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21177
IP address blocks: 80.84.64.0/21 maxlen: 21
80.84.72.0/21 maxlen: 21
80.84.80.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:f0:8c:17:55:e4:c8:03:ed:dd:39:a8:6b:f4:99:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=535825ce8bf544170282f720a2484141568b0e7d
Validity
Not Before: Jan 2 05:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2df7e8d76e5ba473e5b1693d8081fda2c8d9d058
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:81:2d:e2:48:bf:b3:03:94:2f:6b:ea:1a:1d:
a3:66:17:ea:23:02:83:02:8a:32:3d:2c:9b:7a:d3:
12:f6:40:59:8e:fe:25:15:90:08:57:b9:58:b5:32:
54:a0:fb:de:05:ab:ba:e2:c0:68:6c:39:31:49:9f:
02:09:c7:54:3e:ae:ca:58:04:5b:4d:43:e1:ed:02:
41:2a:9b:8b:f6:dd:0b:10:61:5c:86:7f:2f:af:b6:
09:8e:2a:47:83:96:c3:ea:ad:11:e7:f5:55:8d:b2:
39:d1:00:75:72:c3:ec:9e:39:4f:2b:83:ba:26:a0:
c2:88:6c:c6:a5:44:d2:0f:e6:40:9f:69:a1:ee:25:
2a:e6:26:b4:d4:db:2d:cb:f0:b4:79:dd:b2:19:0e:
c9:7b:4e:69:e5:ab:f2:87:df:c3:40:0f:52:f0:1e:
c0:53:66:3b:7a:3f:a9:65:c7:9b:3d:89:01:09:bb:
c1:46:eb:a2:57:a9:23:91:6d:41:d9:20:ea:20:92:
29:15:75:e4:c8:ce:bc:09:ca:b4:f6:87:1f:4e:2c:
0b:a2:19:fa:c9:ae:3c:08:e3:66:97:8f:5d:4f:19:
8c:6b:c4:2b:b7:0a:35:33:a4:1b:23:17:44:02:f3:
9d:3d:7d:46:f2:1a:93:1e:2f:31:b8:53:e0:a4:01:
bc:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:F7:E8:D7:6E:5B:A4:73:E5:B1:69:3D:80:81:FD:A2:C8:D9:D0:58
X509v3 Authority Key Identifier:
keyid:53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/Lffo125bpHPlsWk9gIH9osjZ0Fg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.84.64.0-80.84.87.255
Signature Algorithm: sha256WithRSAEncryption
ab:26:9d:57:b9:c3:1a:cf:74:95:18:3d:e5:de:47:7d:4c:66:
41:b4:e8:6f:86:5f:6e:21:b9:b0:35:75:e6:a2:99:8e:a9:b5:
19:2c:1e:0e:3c:24:3a:31:f8:a1:c6:32:35:11:62:01:92:24:
1d:21:5d:13:6c:53:22:35:93:78:c4:df:c4:b6:24:24:02:04:
6a:2f:5d:bb:f9:59:1d:1b:9f:8b:4f:36:3c:a0:ab:b7:c8:9e:
bb:89:7b:63:c7:36:57:66:d8:e8:7b:27:c2:f2:38:fb:d2:e5:
d0:8c:46:ce:32:64:b4:f2:ca:aa:7d:83:52:bf:43:23:d5:28:
7a:ed:15:df:1c:d0:2e:8c:77:3e:f2:dd:02:c6:f0:80:34:47:
e4:1d:69:02:e0:b5:6d:72:a0:56:97:76:25:a7:40:59:a5:2b:
f3:10:d9:7b:6b:e7:be:9f:3b:ec:a0:ce:d9:1d:58:15:b5:bb:
26:84:4c:fd:f6:c4:17:39:60:73:13:3d:53:d0:44:84:a2:d5:
74:27:43:d5:f7:de:0b:98:f2:17:11:08:71:bf:42:0a:f6:f9:
06:da:7c:79:6a:65:af:0e:db:10:32:8f:21:29:13:e1:84:fe:
a1:cd:f2:32:30:20:39:65:10:ac:36:a5:28:50:9e:c2:59:6b:
90:6c:14:22
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVw8IwXVeTIA+3dOahr9JlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTgyNWNlOGJmNTQ0MTcwMjgyZjcyMGEyNDg0MTQxNTY4
YjBlN2QwHhcNMjMwMTAyMDUyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY3ZThkNzZlNWJhNDczZTViMTY5M2Q4MDgxZmRhMmM4ZDlkMDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoEt4ki/swOUL2vqGh2jZhfqIwKD
AooyPSybetMS9kBZjv4lFZAIV7lYtTJUoPveBau64sBobDkxSZ8CCcdUPq7KWARb
TUPh7QJBKpuL9t0LEGFchn8vr7YJjipHg5bD6q0R5/VVjbI50QB1csPsnjlPK4O6
JqDCiGzGpUTSD+ZAn2mh7iUq5ia01Nsty/C0ed2yGQ7Je05p5avyh9/DQA9S8B7A
U2Y7ej+pZcebPYkBCbvBRuuiV6kjkW1B2SDqIJIpFXXkyM68Ccq09ocfTiwLohn6
ya48CONml49dTxmMa8Qrtwo1M6QbIxdEAvOdPX1G8hqTHi8xuFPgpAG8PQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC336NduW6Rz5bFpPYCB/aLI2dBYMB8GA1UdIwQY
MBaAFFNYJc6L9UQXAoL3IKJIQUFWiw59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUt
NTE0NmFiN2VhMDE1LzEvTGZmbzEyNWJwSFBsc1drOWdJSDlvc2paMEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUtNTE0NmFiN2VhMDE1
LzEvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAZQVEAD
BANQVFAwDQYJKoZIhvcNAQELBQADggEBAKsmnVe5wxrPdJUYPeXeR31MZkG06G+G
X24hubA1deaimY6ptRksHg48JDox+KHGMjURYgGSJB0hXRNsUyI1k3jE38S2JCQC
BGovXbv5WR0bn4tPNjygq7fInruJe2PHNldm2Oh7J8LyOPvS5dCMRs4yZLTyyqp9
g1K/QyPVKHrtFd8c0C6Mdz7y3QLG8IA0R+QdaQLgtW1yoFaXdiWnQFmlK/MQ2Xtr
576fO+ygztkdWBW1uyaETP32xBc5YHMTPVPQRISi1XQnQ9X33guY8hcRCHG/Qgr2
+QbafHlqZa8O2xAyjyEpE+GE/qHN8jIwIDllEKw2pShQnsJZa5BsFCI=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:01 2025 by rpki-client