Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/7a26e6-f7ae-4df0-9ecb-d879f7e709d6/1/_djOUl5tP-O9MoZdnJ8KPwvUesk.roa
File: _djOUl5tP-O9MoZdnJ8KPwvUesk.roa (raw, json)
Hash identifier: Z80xzdeoHg2eD9GRo0p2TSFbj4DY4bROvBmpSSsaxok=
Subject key identifier: FD:D8:CE:52:5E:6D:3F:E3:BD:32:86:5D:9C:9F:0A:3F:0B:D4:7A:C9
Certificate issuer: /CN=1ab634dc74f6037ba47311d127420e76f296be54
Certificate serial: 01928A77AD45E5DC633A4F4C5B63C6FF8A60
Authority key identifier: 1A:B6:34:DC:74:F6:03:7B:A4:73:11:D1:27:42:0E:76:F2:96:BE:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GrY03HT2A3ukcxHRJ0IOdvKWvlQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/7a26e6-f7ae-4df0-9ecb-d879f7e709d6/1/_djOUl5tP-O9MoZdnJ8KPwvUesk.roa
Signing time: Mon 14 Oct 2024 09:59:11 +0000
ROA not before: Mon 14 Oct 2024 09:59:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21215
IP address blocks: 94.127.0.0/21 maxlen: 24
176.109.136.0/21 maxlen: 24
185.13.8.0/22 maxlen: 24
185.18.12.0/22 maxlen: 24
213.244.208.0/20 maxlen: 24
217.26.208.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:8a:77:ad:45:e5:dc:63:3a:4f:4c:5b:63:c6:ff:8a:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ab634dc74f6037ba47311d127420e76f296be54
Validity
Not Before: Oct 14 09:59:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fdd8ce525e6d3fe3bd32865d9c9f0a3f0bd47ac9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:63:4c:5e:ce:7c:9a:ec:0d:8b:5f:f1:06:c3:
cc:42:be:f4:1b:be:fb:05:c8:48:c1:16:f0:b4:26:
39:ce:c6:8a:55:c8:b1:92:09:8c:f5:eb:9a:92:c8:
cf:8c:10:53:e4:e7:89:46:e0:ba:4f:05:b3:b3:d1:
2c:13:c1:67:ad:db:c6:b7:57:0c:be:6a:4c:7b:93:
b3:62:d4:0f:01:a2:33:04:f0:37:ed:e7:3d:2c:6e:
ec:e3:cc:b8:47:3e:80:d3:bd:83:0b:4c:6b:12:44:
f7:00:61:81:b3:7d:95:05:65:64:b6:8a:d2:2d:84:
8f:df:c1:62:6e:1e:d4:7d:ac:d3:e3:63:4b:33:4f:
8e:24:f7:4a:55:cf:5c:9c:29:ca:12:77:4e:d5:83:
57:b0:6c:5d:8e:92:c6:fa:4b:6e:73:02:b0:b7:b8:
e0:dd:c9:55:62:10:45:f5:60:ef:4b:ad:82:ef:44:
7a:f4:05:bf:a4:23:f7:75:dc:58:bf:24:3a:02:5e:
33:c9:35:09:86:a0:dc:ff:4d:2a:87:01:8e:0b:22:
dc:74:02:32:f7:69:1b:eb:fb:10:c3:fb:22:49:4f:
6a:fd:2a:33:89:ea:7b:1d:24:7e:f5:49:ae:e7:84:
01:5d:f6:cb:7a:5b:06:ef:0a:77:7e:84:2f:98:00:
96:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:D8:CE:52:5E:6D:3F:E3:BD:32:86:5D:9C:9F:0A:3F:0B:D4:7A:C9
X509v3 Authority Key Identifier:
keyid:1A:B6:34:DC:74:F6:03:7B:A4:73:11:D1:27:42:0E:76:F2:96:BE:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GrY03HT2A3ukcxHRJ0IOdvKWvlQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/7a26e6-f7ae-4df0-9ecb-d879f7e709d6/1/_djOUl5tP-O9MoZdnJ8KPwvUesk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/7a26e6-f7ae-4df0-9ecb-d879f7e709d6/1/GrY03HT2A3ukcxHRJ0IOdvKWvlQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.127.0.0/21
176.109.136.0/21
185.13.8.0/22
185.18.12.0/22
213.244.208.0/20
217.26.208.0/21
Signature Algorithm: sha256WithRSAEncryption
67:d4:75:a5:00:08:93:de:f0:c0:9a:dc:2b:86:c8:19:5d:b4:
e9:9e:1f:d1:ab:c1:4e:86:a1:90:4d:3a:76:08:10:15:6d:8b:
d8:de:50:5c:e0:e3:3f:34:cb:99:69:d6:b8:30:74:e1:92:35:
ff:56:26:8f:bc:13:66:03:7e:f7:a2:94:ee:67:44:e5:23:32:
37:7a:f1:7e:f4:ff:b0:16:a4:38:03:e9:12:f0:94:56:24:01:
f3:d3:c4:20:90:82:6d:4a:3b:71:07:30:c7:e4:5c:15:a4:0c:
88:f9:dd:80:e3:35:df:ac:43:54:75:e3:e1:9f:6e:73:c4:3f:
77:18:ea:98:89:4b:4c:14:f2:50:7f:02:6e:a2:0d:01:89:6d:
b6:72:1c:d4:c3:c1:ff:95:46:91:b5:23:ff:e5:a4:11:30:70:
9b:4c:d5:e8:54:89:c8:27:c8:71:61:9e:1e:ff:60:10:a7:aa:
69:a6:9e:35:0e:8f:e4:5f:6c:16:8b:0e:00:a9:d3:7c:59:7c:
f5:16:83:07:f2:5a:0a:40:4f:57:3d:73:03:5d:87:3d:24:61:
75:d3:bb:ea:95:1f:43:12:63:6a:08:97:02:bf:0b:d9:4f:da:
bd:12:40:ba:51:c2:be:05:db:a7:35:c6:f4:1f:5f:fa:90:29:
68:a7:38:c5
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZKKd61F5dxjOk9MW2PG/4pgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYjYzNGRjNzRmNjAzN2JhNDczMTFkMTI3NDIwZTc2ZjI5
NmJlNTQwHhcNMjQxMDE0MDk1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ4Y2U1MjVlNmQzZmUzYmQzMjg2NWQ5YzlmMGEzZjBiZDQ3YWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2NMXs58muwNi1/xBsPMQr70G777
BchIwRbwtCY5zsaKVcixkgmM9euaksjPjBBT5OeJRuC6TwWzs9EsE8FnrdvGt1cM
vmpMe5OzYtQPAaIzBPA37ec9LG7s48y4Rz6A072DC0xrEkT3AGGBs32VBWVktorS
LYSP38Fibh7UfazT42NLM0+OJPdKVc9cnCnKEndO1YNXsGxdjpLG+ktucwKwt7jg
3clVYhBF9WDvS62C70R69AW/pCP3ddxYvyQ6Al4zyTUJhqDc/00qhwGOCyLcdAIy
92kb6/sQw/siSU9q/Soziep7HSR+9Umu54QBXfbLelsG7wp3foQvmACWMQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFP3YzlJebT/jvTKGXZyfCj8L1HrJMB8GA1UdIwQY
MBaAFBq2NNx09gN7pHMR0SdCDnbylr5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3JZMDNIVDJBM3VrY3hIUkowSU9kdktXdmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83YTI2ZTYtZjdhZS00ZGYwLTllY2It
ZDg3OWY3ZTcwOWQ2LzEvX2RqT1VsNXRQLU85TW9aZG5KOEtQd3ZVZXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83YTI2ZTYtZjdhZS00ZGYwLTllY2ItZDg3OWY3ZTcwOWQ2
LzEvR3JZMDNIVDJBM3VrY3hIUkowSU9kdktXdmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDXn8AAwQD
sG2IAwQCuQ0IAwQCuRIMAwQE1fTQAwQD2RrQMA0GCSqGSIb3DQEBCwUAA4IBAQBn
1HWlAAiT3vDAmtwrhsgZXbTpnh/Rq8FOhqGQTTp2CBAVbYvY3lBc4OM/NMuZada4
MHThkjX/ViaPvBNmA373opTuZ0TlIzI3evF+9P+wFqQ4A+kS8JRWJAHz08QgkIJt
SjtxBzDH5FwVpAyI+d2A4zXfrENUdePhn25zxD93GOqYiUtMFPJQfwJuog0BiW22
chzUw8H/lUaRtSP/5aQRMHCbTNXoVInIJ8hxYZ4e/2AQp6pppp41Do/kX2wWiw4A
qdN8WXz1FoMH8loKQE9XPXMDXYc9JGF107vqlR9DEmNqCJcCvwvZT9q9EkC6UcK+
BdunNcb0H1/6kClopzjF
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:37:17 2025 by rpki-client