Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/yVGR1NtC9LhGFVZVsJDYs9EAuW0.roa
File: yVGR1NtC9LhGFVZVsJDYs9EAuW0.roa (raw, json)
Hash identifier: OkxrN8nfWlSf4rpFriLvW6Z8ARdf05zuOgUT9kWA+3A=
Subject key identifier: C9:51:91:D4:DB:42:F4:B8:46:15:56:55:B0:90:D8:B3:D1:00:B9:6D
Certificate issuer: /CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Certificate serial: 01856D53D1535ACB4ACA807E8E665F548828
Authority key identifier: AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/yVGR1NtC9LhGFVZVsJDYs9EAuW0.roa
Signing time: Sun 01 Jan 2023 12:34:47 +0000
ROA not before: Sun 01 Jan 2023 12:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8400
IP address blocks: 185.125.176.0/23 maxlen: 23
212.57.40.0/21 maxlen: 21
93.92.248.0/21 maxlen: 21
37.35.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:53:d1:53:5a:cb:4a:ca:80:7e:8e:66:5f:54:88:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Validity
Not Before: Jan 1 12:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c95191d4db42f4b846155655b090d8b3d100b96d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:26:e4:21:e8:4a:b7:be:8e:e2:95:18:af:f0:
75:13:8f:13:20:a1:79:9b:db:8e:6a:b7:b1:ae:b9:
6c:43:fa:a5:c4:0c:8e:a3:98:4d:b1:87:7e:dc:3c:
f8:49:93:fc:f3:87:6a:f5:bc:f2:37:5b:51:76:b5:
66:67:e3:db:2e:55:92:52:29:9f:22:58:4d:dd:46:
f9:81:ad:a5:05:1a:be:5e:27:7a:fd:b9:7a:0c:aa:
cb:66:1e:b2:de:0e:0c:01:bc:b4:c6:97:80:08:e9:
92:3f:f9:32:07:ca:c3:40:19:4f:ff:3c:3b:a4:f4:
c1:3e:8a:9d:1b:e2:a3:74:05:46:0d:e2:92:17:d4:
c4:8b:6a:36:8a:a4:68:38:c5:a7:fb:09:71:1f:0d:
e6:2f:3f:e3:ab:3a:84:b2:0c:5c:9d:0e:9d:5c:e2:
b5:06:72:50:6d:d7:63:38:5a:49:f6:19:1b:27:1a:
c1:20:a3:c4:35:67:79:6c:0a:b5:85:e6:a7:7d:a6:
e8:bb:6b:2f:0e:60:29:40:d8:3f:41:0e:b0:bf:a1:
48:fd:a1:82:c4:46:6e:24:c3:27:2c:47:36:00:92:
c5:5d:ef:b6:4a:d6:a1:2b:4e:0f:37:75:ab:ee:de:
5f:85:29:d3:14:a1:53:f5:ca:5d:84:f1:04:84:cc:
b9:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:51:91:D4:DB:42:F4:B8:46:15:56:55:B0:90:D8:B3:D1:00:B9:6D
X509v3 Authority Key Identifier:
keyid:AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/yVGR1NtC9LhGFVZVsJDYs9EAuW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.35.8.0/21
93.92.248.0/21
185.125.176.0/23
212.57.40.0/21
Signature Algorithm: sha256WithRSAEncryption
59:8b:c5:69:95:21:cd:51:24:ce:65:7e:ff:09:54:b3:bf:73:
5d:70:b1:50:11:4c:28:52:2c:b7:49:aa:90:98:90:a9:5b:7b:
78:ec:09:01:00:9e:ce:f6:d8:d8:cf:f3:9b:ba:1d:2d:93:77:
67:f5:d2:de:ad:0a:79:5c:5b:71:4b:33:dd:f7:2d:a8:ae:54:
af:17:21:e3:55:70:9c:b8:ca:a7:e1:26:e1:2c:6b:cd:30:b1:
33:b8:a9:8c:f9:87:e4:36:79:78:89:5d:88:1d:69:aa:38:cb:
04:2d:71:17:ee:ae:da:7d:09:3d:78:e5:29:16:53:7a:a5:ab:
c0:74:6f:af:5a:cb:9d:33:68:96:e0:e0:51:82:06:58:bb:27:
bf:12:e6:42:75:5e:ed:4f:37:06:79:4d:25:84:ba:94:dc:09:
e9:0c:9f:aa:39:1b:87:41:c4:24:d7:e1:c9:00:cc:67:37:c7:
f0:8e:39:fd:e5:82:1b:92:e2:f7:77:4a:b5:aa:70:35:19:1b:
ad:f6:69:78:c2:da:06:6d:7b:49:47:99:8e:59:bd:fe:d8:fd:
c8:e9:4b:b6:00:2a:83:8e:03:39:49:ab:87:71:47:53:86:ce:
cc:d1:91:dc:76:4e:5c:81:5d:58:96:db:c4:fb:56:83:cb:e0:
13:2c:36:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtU9FTWstKyoB+jmZfVIgoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDkyMDc5OTRiYTljN2Q5MWVhN2U0NzlmZWZkMWI4MDk5
ZjYyY2UwHhcNMjMwMTAxMTIzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTUxOTFkNGRiNDJmNGI4NDYxNTU2NTViMDkwZDhiM2QxMDBiOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCbkIehKt76O4pUYr/B1E48TIKF5
m9uOarexrrlsQ/qlxAyOo5hNsYd+3Dz4SZP884dq9bzyN1tRdrVmZ+PbLlWSUimf
IlhN3Ub5ga2lBRq+Xid6/bl6DKrLZh6y3g4MAby0xpeACOmSP/kyB8rDQBlP/zw7
pPTBPoqdG+KjdAVGDeKSF9TEi2o2iqRoOMWn+wlxHw3mLz/jqzqEsgxcnQ6dXOK1
BnJQbddjOFpJ9hkbJxrBIKPENWd5bAq1heanfabou2svDmApQNg/QQ6wv6FI/aGC
xEZuJMMnLEc2AJLFXe+2StahK04PN3Wr7t5fhSnTFKFT9cpdhPEEhMy5qQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMlRkdTbQvS4RhVWVbCQ2LPRALltMB8GA1UdIwQY
MBaAFK3ZIHmUupx9kep+R5/v0bgJn2LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAt
ZTUyMTI1NzRmOWVjLzEveVZHUjFOdEM5TGhHRlZaVnNKRFlzOUVBdVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAtZTUyMTI1NzRmOWVj
LzEvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDJSMIAwQD
XVz4AwQBuX2wAwQD1DkoMA0GCSqGSIb3DQEBCwUAA4IBAQBZi8VplSHNUSTOZX7/
CVSzv3NdcLFQEUwoUiy3SaqQmJCpW3t47AkBAJ7O9tjYz/Obuh0tk3dn9dLerQp5
XFtxSzPd9y2orlSvFyHjVXCcuMqn4SbhLGvNMLEzuKmM+YfkNnl4iV2IHWmqOMsE
LXEX7q7afQk9eOUpFlN6pavAdG+vWsudM2iW4OBRggZYuye/EuZCdV7tTzcGeU0l
hLqU3AnpDJ+qORuHQcQk1+HJAMxnN8fwjjn95YIbkuL3d0q1qnA1GRut9ml4wtoG
bXtJR5mOWb3+2P3I6Uu2ACqDjgM5SauHcUdThs7M0ZHcdk5cgV1YltvE+1aDy+AT
LDaL
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:47:00 2025 by rpki-client