Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/JE-PEC7cttJjwpUvC0Oapmc2N9I.roa
File: JE-PEC7cttJjwpUvC0Oapmc2N9I.roa (raw, json)
Hash identifier: cwsJbdj6AzRWds2cZR2froLS9mHv5eBGWmU3T+XuoDM=
Subject key identifier: 24:4F:8F:10:2E:DC:B6:D2:63:C2:95:2F:0B:43:9A:A6:67:36:37:D2
Certificate issuer: /CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Certificate serial: 018CC72612C78A7E5A57D414722CFA293C2A
Authority key identifier: 06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/JE-PEC7cttJjwpUvC0Oapmc2N9I.roa
Signing time: Mon 01 Jan 2024 22:30:10 +0000
ROA not before: Mon 01 Jan 2024 22:30:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15965
IP address blocks: 194.48.192.0/23 maxlen: 23
195.43.96.0/19 maxlen: 19
217.31.64.0/20 maxlen: 24
194.48.252.0/23 maxlen: 24
80.64.144.0/20 maxlen: 20
193.91.32.0/20 maxlen: 20
2a02:3a8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:12:c7:8a:7e:5a:57:d4:14:72:2c:fa:29:3c:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Validity
Not Before: Jan 1 22:30:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=244f8f102edcb6d263c2952f0b439aa6673637d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ff:ea:72:70:5c:19:61:dd:db:5e:9d:33:94:
0c:df:e5:c3:58:c3:14:9e:7e:6f:df:b6:60:d8:dd:
82:cb:ed:ec:4b:cb:64:5f:33:3c:e3:3d:ed:e7:fb:
9d:3f:ba:c2:50:42:e8:14:ae:0c:a7:c2:f7:f8:76:
66:57:7d:13:50:f2:de:e6:c3:9b:72:85:e6:59:53:
9f:1c:77:6e:b3:04:f6:e0:9a:cf:4f:7a:6f:12:e4:
1f:dd:a5:6b:66:48:eb:99:15:05:69:b8:43:ee:06:
b9:51:4e:83:35:4b:e1:30:ae:fc:5f:c9:49:1f:b3:
e6:9f:6f:96:86:0c:74:13:54:6e:1e:4e:d8:0c:26:
3a:3a:65:35:91:0f:46:05:58:82:4e:44:08:77:81:
92:3f:e5:97:13:56:bc:ad:02:f9:ed:3d:20:1f:6e:
22:5f:b8:6b:95:99:67:47:03:7f:6f:17:17:62:6c:
4f:84:a3:42:9c:f7:f1:8e:43:3e:0d:4a:02:1f:79:
35:fc:a3:cc:d7:e1:59:cf:bd:44:c2:46:1f:0b:ad:
e5:1c:c6:ee:b5:9e:7f:8c:03:80:cf:7c:f6:07:ba:
a4:a3:76:d5:2f:0b:43:24:6a:ff:2e:ad:29:99:1a:
fe:b9:bc:37:14:da:30:75:5d:d6:4b:23:38:1e:f5:
4f:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:4F:8F:10:2E:DC:B6:D2:63:C2:95:2F:0B:43:9A:A6:67:36:37:D2
X509v3 Authority Key Identifier:
keyid:06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/JE-PEC7cttJjwpUvC0Oapmc2N9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/Brft72GFhyPErevj7lqJ9wBY1f4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.144.0/20
193.91.32.0/20
194.48.192.0/23
194.48.252.0/23
195.43.96.0/19
217.31.64.0/20
IPv6:
2a02:3a8::/32
Signature Algorithm: sha256WithRSAEncryption
c1:7b:94:d3:ac:48:19:4c:45:d8:b5:18:66:46:fc:36:54:c3:
83:d9:ec:42:d9:58:75:7c:c1:94:77:d6:b2:a6:7b:61:53:a0:
8f:f2:50:38:ae:2e:85:0b:6d:5b:63:28:36:b3:e3:b5:52:a1:
55:42:fa:98:8b:11:aa:89:9b:b1:e1:e1:63:56:71:eb:44:03:
63:16:ac:70:bc:3a:3c:22:50:0d:03:d9:32:84:eb:5f:dc:00:
24:5e:21:b3:8f:b0:ae:ba:1b:43:3a:bd:c8:6f:b5:76:66:57:
54:5d:2a:1b:87:ae:65:90:bc:08:d0:fd:da:4c:85:78:4d:cd:
21:f6:cc:ee:66:e3:2c:da:a8:60:13:29:c5:b8:f8:87:f4:a8:
8d:ba:7d:af:4f:3d:8d:09:7a:c1:b6:f5:e5:19:53:81:50:ca:
53:16:19:f0:fc:e3:d6:22:2f:0a:1b:e8:56:dc:9d:e3:85:7b:
12:79:5e:9f:b7:13:f9:de:ac:63:97:c1:46:43:38:96:27:cf:
b9:16:4f:7a:fd:b7:45:31:0a:e1:67:af:c9:6b:48:47:30:db:
fa:44:69:c6:5b:bb:ff:f6:2f:4d:3f:aa:de:de:4f:0f:82:83:
fb:c5:f2:a7:ce:5e:9b:18:4e:0d:b1:e4:aa:f5:56:3d:ef:58:
a2:52:31:8e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzHJhLHin5aV9QUciz6KTwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjdlZGVmNjE4NTg3MjNjNGFkZWJlM2VlNWE4OWY3MDA1
OGQ1ZmUwHhcNMjQwMTAxMjIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRmOGYxMDJlZGNiNmQyNjNjMjk1MmYwYjQzOWFhNjY3MzYzN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0P/qcnBcGWHd216dM5QM3+XDWMMU
nn5v37Zg2N2Cy+3sS8tkXzM84z3t5/udP7rCUELoFK4Mp8L3+HZmV30TUPLe5sOb
coXmWVOfHHduswT24JrPT3pvEuQf3aVrZkjrmRUFabhD7ga5UU6DNUvhMK78X8lJ
H7Pmn2+Whgx0E1RuHk7YDCY6OmU1kQ9GBViCTkQId4GSP+WXE1a8rQL57T0gH24i
X7hrlZlnRwN/bxcXYmxPhKNCnPfxjkM+DUoCH3k1/KPM1+FZz71EwkYfC63lHMbu
tZ5/jAOAz3z2B7qko3bVLwtDJGr/Lq0pmRr+ubw3FNowdV3WSyM4HvVP0wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCRPjxAu3LbSY8KVLwtDmqZnNjfSMB8GA1UdIwQY
MBaAFAa37e9hhYcjxK3r4+5aifcAWNX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUt
ODk1NTFlOGNjZTEyLzEvSkUtUEVDN2N0dEpqd3BVdkMwT2FwbWMyTjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUtODk1NTFlOGNjZTEy
LzEvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEUECQAwQE
wVsgAwQBwjDAAwQBwjD8AwQFwytgAwQE2R9AMA0EAgACMAcDBQAqAgOoMA0GCSqG
SIb3DQEBCwUAA4IBAQDBe5TTrEgZTEXYtRhmRvw2VMOD2exC2Vh1fMGUd9aypnth
U6CP8lA4ri6FC21bYyg2s+O1UqFVQvqYixGqiZux4eFjVnHrRANjFqxwvDo8IlAN
A9kyhOtf3AAkXiGzj7CuuhtDOr3Ib7V2ZldUXSobh65lkLwI0P3aTIV4Tc0h9szu
ZuMs2qhgEynFuPiH9KiNun2vTz2NCXrBtvXlGVOBUMpTFhnw/OPWIi8KG+hW3J3j
hXsSeV6ftxP53qxjl8FGQziWJ8+5Fk96/bdFMQrhZ6/Ja0hHMNv6RGnGW7v/9i9N
P6re3k8PgoP7xfKnzl6bGE4NseSq9VY971iiUjGO
-----END CERTIFICATE-----
Generated at Wed Apr 16 23:59:12 2025 by rpki-client