Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/ju9beHi9FYrSoHcKYnZl05kPHe0.roa
File: ju9beHi9FYrSoHcKYnZl05kPHe0.roa (raw, json)
Hash identifier: DCakjwBGc2yOy3z1EpB/BlrnnxsdTRohGZfgRSZMUvg=
Subject key identifier: 8E:EF:5B:78:78:BD:15:8A:D2:A0:77:0A:62:76:65:D3:99:0F:1D:ED
Certificate issuer: /CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Certificate serial: 01856FA6E96EFB2E37173A2173934553F927
Authority key identifier: 06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/ju9beHi9FYrSoHcKYnZl05kPHe0.roa
Signing time: Sun 01 Jan 2023 23:24:47 +0000
ROA not before: Sun 01 Jan 2023 23:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15965
IP address blocks: 194.48.192.0/23 maxlen: 23
195.43.96.0/19 maxlen: 19
217.31.64.0/20 maxlen: 24
194.48.252.0/23 maxlen: 24
80.64.144.0/20 maxlen: 20
193.91.32.0/20 maxlen: 20
2a02:3a8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:a6:e9:6e:fb:2e:37:17:3a:21:73:93:45:53:f9:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Validity
Not Before: Jan 1 23:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8eef5b7878bd158ad2a0770a627665d3990f1ded
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:d4:1c:0b:3e:d4:cc:0c:53:b3:3a:f2:14:17:
08:8b:fe:e3:fa:bf:2e:d5:a2:0e:e0:6e:2c:6e:e1:
5a:34:b6:d5:a6:f0:4b:5c:67:0b:03:64:a7:41:16:
f3:10:dd:a6:5d:ce:cd:90:19:49:7e:38:a6:32:01:
48:0e:e7:91:4b:04:be:16:a6:66:ce:b6:97:e9:37:
dc:9f:22:55:48:c5:00:8d:c3:0c:77:53:11:e0:0b:
db:f8:e6:9f:8c:7c:43:06:ed:e3:63:0b:3e:0d:7f:
7d:44:f7:42:ca:f8:3a:7e:84:a3:76:f4:47:e2:66:
64:a1:16:68:79:e6:83:ca:13:41:02:22:78:bf:57:
f9:28:fe:4e:88:10:1a:82:ee:8f:0e:4a:80:59:d4:
3d:50:eb:8e:79:03:de:a9:2d:62:ed:e7:64:4c:8f:
93:e8:ee:b4:d3:a1:5f:86:38:11:a3:c8:8b:d4:3d:
ef:e9:da:3f:5e:59:cc:cd:de:cb:89:93:f1:f5:af:
6f:59:2d:0d:77:6e:44:8c:25:fc:3c:e2:0e:73:16:
34:65:a7:77:cd:66:1f:f7:a8:db:46:d7:01:ed:90:
2c:ad:7e:f7:f1:4b:42:3e:ff:05:a1:70:8a:fb:2e:
4e:7d:3e:f4:b9:42:39:b3:04:fc:7d:c5:ad:04:00:
f8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:EF:5B:78:78:BD:15:8A:D2:A0:77:0A:62:76:65:D3:99:0F:1D:ED
X509v3 Authority Key Identifier:
keyid:06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/ju9beHi9FYrSoHcKYnZl05kPHe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/Brft72GFhyPErevj7lqJ9wBY1f4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.144.0/20
193.91.32.0/20
194.48.192.0/23
194.48.252.0/23
195.43.96.0/19
217.31.64.0/20
IPv6:
2a02:3a8::/32
Signature Algorithm: sha256WithRSAEncryption
14:0b:54:e8:bc:45:2b:4a:63:aa:06:0d:f8:9e:35:3b:ca:75:
73:c3:76:a7:40:56:2f:c8:99:b0:a6:47:8c:da:f8:55:8d:68:
7b:01:b7:57:e3:2e:ca:81:3f:4a:f0:41:a5:27:1f:7c:06:0c:
56:52:7e:a3:f6:30:48:fa:4b:a0:47:13:18:7b:df:e7:d9:84:
4c:96:3a:49:e1:92:eb:7d:d1:58:c7:82:aa:ae:5a:90:65:07:
7d:ae:c5:05:04:60:6a:16:20:3e:79:05:73:3c:44:fc:aa:7a:
24:04:0e:9e:f2:fb:aa:7d:49:d6:e6:97:ea:17:f4:72:9f:82:
ff:28:64:14:bb:d6:57:28:c3:b5:a2:c6:07:c4:2c:c9:a0:d9:
d2:2b:a8:f5:fb:6b:80:5a:cc:c3:8d:cc:c4:f8:fa:3c:63:01:
99:65:00:16:c3:64:27:46:a6:3a:a8:06:e9:6c:d4:8c:36:2e:
c9:c6:9a:6e:b0:d9:51:c7:ff:7e:3c:00:8e:f1:a1:c6:33:2d:
1b:7f:47:8a:fb:72:16:2c:bc:ec:84:dc:d4:e8:e1:7b:b7:bb:
87:f8:c5:4f:88:13:55:07:f7:b9:bd:b7:d9:59:8d:45:83:d7:
4a:18:c2:ea:22:71:6f:be:74:db:a1:3b:c6:84:86:dc:97:9b:
fc:21:0c:d9
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVvpulu+y43Fzohc5NFU/knMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjdlZGVmNjE4NTg3MjNjNGFkZWJlM2VlNWE4OWY3MDA1
OGQ1ZmUwHhcNMjMwMTAxMjMyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVmNWI3ODc4YmQxNThhZDJhMDc3MGE2Mjc2NjVkMzk5MGYxZGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdQcCz7UzAxTszryFBcIi/7j+r8u
1aIO4G4sbuFaNLbVpvBLXGcLA2SnQRbzEN2mXc7NkBlJfjimMgFIDueRSwS+FqZm
zraX6TfcnyJVSMUAjcMMd1MR4Avb+OafjHxDBu3jYws+DX99RPdCyvg6foSjdvRH
4mZkoRZoeeaDyhNBAiJ4v1f5KP5OiBAagu6PDkqAWdQ9UOuOeQPeqS1i7edkTI+T
6O6006FfhjgRo8iL1D3v6do/XlnMzd7LiZPx9a9vWS0Nd25EjCX8POIOcxY0Zad3
zWYf96jbRtcB7ZAsrX738UtCPv8FoXCK+y5OfT70uUI5swT8fcWtBAD4RQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFI7vW3h4vRWK0qB3CmJ2ZdOZDx3tMB8GA1UdIwQY
MBaAFAa37e9hhYcjxK3r4+5aifcAWNX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUt
ODk1NTFlOGNjZTEyLzEvanU5YmVIaTlGWXJTb0hjS1luWmwwNWtQSGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUtODk1NTFlOGNjZTEy
LzEvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEUECQAwQE
wVsgAwQBwjDAAwQBwjD8AwQFwytgAwQE2R9AMA0EAgACMAcDBQAqAgOoMA0GCSqG
SIb3DQEBCwUAA4IBAQAUC1TovEUrSmOqBg34njU7ynVzw3anQFYvyJmwpkeM2vhV
jWh7AbdX4y7KgT9K8EGlJx98BgxWUn6j9jBI+kugRxMYe9/n2YRMljpJ4ZLrfdFY
x4KqrlqQZQd9rsUFBGBqFiA+eQVzPET8qnokBA6e8vuqfUnW5pfqF/Ryn4L/KGQU
u9ZXKMO1osYHxCzJoNnSK6j1+2uAWszDjczE+Po8YwGZZQAWw2QnRqY6qAbpbNSM
Ni7JxppusNlRx/9+PACO8aHGMy0bf0eK+3IWLLzshNzU6OF7t7uH+MVPiBNVB/e5
vbfZWY1Fg9dKGMLqInFvvnTboTvGhIbcl5v8IQzZ
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:19:15 2025 by rpki-client