Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/8C1VbNVjW63XmQLhv7r2KuG5ww0.roa
File: 8C1VbNVjW63XmQLhv7r2KuG5ww0.roa (raw, json)
Hash identifier: BqpiUR90qv0FpAtBXjJ8B45fKkKYcRlVE37fNtFhNyw=
Subject key identifier: F0:2D:55:6C:D5:63:5B:AD:D7:99:02:E1:BF:BA:F6:2A:E1:B9:C3:0D
Certificate issuer: /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial: 019423D721A03C1D0A80324C9764E979B5DD
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/8C1VbNVjW63XmQLhv7r2KuG5ww0.roa
Signing time: Wed 01 Jan 2025 21:48:08 +0000
ROA not before: Wed 01 Jan 2025 21:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205207
IP address blocks: 77.237.64.0/19 maxlen: 19
77.237.64.0/20 maxlen: 20
77.237.68.0/24 maxlen: 24
77.237.80.0/20 maxlen: 20
77.237.87.0/24 maxlen: 24
185.14.160.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:21:a0:3c:1d:0a:80:32:4c:97:64:e9:79:b5:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Validity
Not Before: Jan 1 21:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f02d556cd5635badd79902e1bfbaf62ae1b9c30d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:9f:96:5c:0c:3f:bc:ef:23:44:d5:7e:d6:09:
6b:26:8f:df:82:88:c0:97:ba:1e:2d:04:88:d6:29:
9a:b1:74:a0:9b:f2:e9:8e:96:f9:28:13:a9:50:71:
c9:78:95:9a:cb:ed:38:e0:49:3c:57:bd:6f:e4:9f:
49:0d:4f:0b:10:03:3e:1a:20:2c:21:00:b0:ba:76:
80:1a:2b:ca:41:93:c5:b6:5d:6f:f0:95:db:f9:a8:
2b:55:d6:43:7a:4c:0a:b7:d1:72:71:bc:e7:29:4a:
ee:d8:88:9a:f0:92:9d:bc:55:13:08:f9:b2:ad:d6:
63:27:47:04:2a:27:19:8c:b3:4b:cb:b5:c1:e1:c7:
76:03:9a:ec:cc:9f:cf:1f:1e:40:31:aa:41:7e:c1:
4b:55:2d:9f:f9:ba:b3:9f:be:b2:d7:86:a4:bf:7f:
65:f8:4b:c4:94:f4:d6:e9:23:1a:d7:b0:1a:20:bd:
20:5a:5e:d1:4d:ea:91:40:91:77:4b:1d:e7:5b:dc:
4a:60:86:3a:61:25:c5:3e:b1:c2:29:07:cf:32:ca:
e1:30:f3:43:b2:37:08:34:a6:6c:f4:e4:bb:00:d2:
ce:f9:74:51:85:1a:ef:1d:c7:f0:6a:ef:68:bc:54:
4a:e4:3d:5b:95:9c:83:8a:3c:e0:93:23:24:5b:55:
81:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:2D:55:6C:D5:63:5B:AD:D7:99:02:E1:BF:BA:F6:2A:E1:B9:C3:0D
X509v3 Authority Key Identifier:
keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/8C1VbNVjW63XmQLhv7r2KuG5ww0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.237.64.0/19
185.14.160.0/22
Signature Algorithm: sha256WithRSAEncryption
3c:a1:2f:7e:46:33:e2:29:c1:de:33:d6:42:44:0a:65:42:df:
e3:8a:64:8d:d7:c9:43:f1:f7:e0:98:3b:64:73:3b:12:e1:de:
2a:39:bb:5c:4c:32:be:86:bd:e3:38:a7:b5:80:95:ef:ff:7b:
e4:cf:89:12:38:87:9c:28:60:c4:3d:ca:53:1b:24:0e:23:d4:
71:7e:cb:8e:96:63:e5:b0:46:67:5c:3d:1b:29:a6:db:18:7e:
ef:f7:d1:80:0a:08:99:c7:f2:c5:74:d8:99:fb:b3:e0:c0:0c:
da:42:98:b0:54:72:f0:c9:c2:66:3d:13:12:3c:bc:9f:12:81:
c6:4d:2d:52:96:5e:b5:e6:f0:89:70:80:df:03:07:42:fe:5c:
1d:a4:f6:46:05:66:58:6c:4b:24:9e:59:fb:dc:50:25:58:d4:
31:53:6c:d9:d4:3c:4a:74:2d:9c:96:1c:07:cd:fb:84:14:38:
4c:dd:78:b9:01:be:97:ca:da:81:9a:36:e7:fb:1d:2e:8e:ad:
ca:ed:1a:a2:d3:cf:1f:e6:84:c6:95:59:2d:a2:08:98:d0:fc:
46:1d:29:d6:06:a6:4a:02:09:97:58:7c:f6:7a:16:bf:f7:63:
45:ec:4f:41:d1:1e:55:97:3c:8f:f8:64:27:a9:6c:69:0a:b1:
fa:ff:78:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1yGgPB0KgDJMl2TpebXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDJkNTU2Y2Q1NjM1YmFkZDc5OTAyZTFiZmJhZjYyYWUxYjljMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5+WXAw/vO8jRNV+1glrJo/fgojA
l7oeLQSI1imasXSgm/Lpjpb5KBOpUHHJeJWay+044Ek8V71v5J9JDU8LEAM+GiAs
IQCwunaAGivKQZPFtl1v8JXb+agrVdZDekwKt9FycbznKUru2Iia8JKdvFUTCPmy
rdZjJ0cEKicZjLNLy7XB4cd2A5rszJ/PHx5AMapBfsFLVS2f+bqzn76y14akv39l
+EvElPTW6SMa17AaIL0gWl7RTeqRQJF3Sx3nW9xKYIY6YSXFPrHCKQfPMsrhMPND
sjcINKZs9OS7ANLO+XRRhRrvHcfwau9ovFRK5D1blZyDijzgkyMkW1WB+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAtVWzVY1ut15kC4b+69irhucMNMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvOEMxVmJOVmpXNjNYbVFMaHY3cjJLdUc1d3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFTe1AAwQC
uQ6gMA0GCSqGSIb3DQEBCwUAA4IBAQA8oS9+RjPiKcHeM9ZCRAplQt/jimSN18lD
8ffgmDtkczsS4d4qObtcTDK+hr3jOKe1gJXv/3vkz4kSOIecKGDEPcpTGyQOI9Rx
fsuOlmPlsEZnXD0bKabbGH7v99GACgiZx/LFdNiZ+7PgwAzaQpiwVHLwycJmPRMS
PLyfEoHGTS1Sll615vCJcIDfAwdC/lwdpPZGBWZYbEsknln73FAlWNQxU2zZ1DxK
dC2clhwHzfuEFDhM3Xi5Ab6XytqBmjbn+x0ujq3K7Rqi088f5oTGlVktogiY0PxG
HSnWBqZKAgmXWHz2eha/92NF7E9B0R5VlzyP+GQnqWxpCrH6/3hn
-----END CERTIFICATE-----
Generated at Mon Apr 28 12:30:20 2025 by rpki-client