Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/ODGNI0z1-WtelUxrgppqSFhtYAY.roa
File: ODGNI0z1-WtelUxrgppqSFhtYAY.roa (raw, json)
Hash identifier: ohkHzoiB7hQgdh0BeIxUI0r/v4F9Yt2WIp4v5ahlPdw=
Subject key identifier: 38:31:8D:23:4C:F5:F9:6B:5E:95:4C:6B:82:9A:6A:48:58:6D:60:06
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 01928F6D35A65B52006025F4FFCE692EEB5E
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/ODGNI0z1-WtelUxrgppqSFhtYAY.roa
Signing time: Tue 15 Oct 2024 09:05:51 +0000
ROA not before: Tue 15 Oct 2024 09:05:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/21 maxlen: 21
84.38.76.0/22 maxlen: 22
84.38.78.0/23 maxlen: 24
2a00:5080::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:8f:6d:35:a6:5b:52:00:60:25:f4:ff:ce:69:2e:eb:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Oct 15 09:05:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=38318d234cf5f96b5e954c6b829a6a48586d6006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:cf:b6:86:54:e7:2b:1d:68:06:19:68:05:79:
f4:a6:79:6c:cd:27:c3:f8:f9:89:e5:b2:c0:75:dd:
e7:06:3a:e7:d8:92:a0:ae:88:fb:af:e1:72:aa:79:
35:7d:cb:e1:7e:67:08:24:a3:bf:bc:97:de:e5:65:
64:39:e9:b5:38:1c:66:ac:ca:d7:e6:f9:09:25:7c:
4b:35:23:4a:2d:43:d9:6a:ed:eb:bb:0d:37:eb:a8:
4f:1f:32:f2:81:78:c4:f5:28:cb:27:4f:e9:15:74:
68:f5:bc:b0:8f:75:04:ec:a9:42:9e:18:0a:e9:f4:
d9:0a:d0:fc:4e:aa:78:c6:d3:de:84:6a:db:ce:b1:
29:9e:d7:3f:f6:16:35:5d:35:2b:4a:5b:c8:b1:03:
2f:b0:6f:be:fd:03:30:65:7e:24:58:64:69:89:80:
d8:f3:ce:b5:3b:c0:37:94:a1:b0:a7:1e:0b:25:4a:
53:8a:50:ec:62:f4:b3:e4:bf:ac:63:72:9e:ab:49:
be:2d:bf:d9:32:10:e8:3e:8a:5c:19:bb:45:ba:55:
fe:09:49:52:cc:9c:85:36:e5:47:9e:98:54:1e:1f:
08:8e:37:55:a2:89:9e:aa:cd:a7:75:79:4e:1d:0f:
2c:67:e0:d2:56:99:9a:93:5a:61:29:0d:20:f1:ea:
95:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:31:8D:23:4C:F5:F9:6B:5E:95:4C:6B:82:9A:6A:48:58:6D:60:06
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/ODGNI0z1-WtelUxrgppqSFhtYAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/21
84.38.76.0/22
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
69:7f:26:2b:30:6f:f8:38:ae:ca:07:d7:5a:48:fd:c3:89:63:
16:0a:a7:71:83:ff:20:1b:cc:a1:26:34:f6:47:75:5a:ad:7c:
ed:47:8d:8b:0e:ba:a4:8b:0b:cd:6a:2a:2f:23:f3:6b:62:28:
71:38:42:45:ea:ce:87:87:d2:d7:24:14:da:b6:c3:c2:bc:89:
c6:0e:c5:e5:43:df:a9:35:4e:b2:f6:b6:2a:42:dc:9e:30:fb:
21:db:74:1b:40:5a:4c:09:b0:6c:22:b4:ba:aa:36:e9:c8:1f:
f1:12:fc:48:72:ef:c3:ad:f2:8d:1f:64:c4:be:00:4b:92:a8:
bd:19:10:3c:fe:6c:e2:1c:e4:ae:5e:8e:2c:ec:87:89:d5:9d:
1e:0b:18:3a:2c:b4:c2:c6:ac:e0:60:c7:6e:bb:77:15:30:39:
f3:02:4c:8d:c1:d4:5c:b6:41:b7:89:3b:a0:4c:2e:0a:37:ea:
8b:31:10:04:ac:09:f7:43:79:e1:3c:8f:cc:6a:23:d6:97:5c:
e3:93:12:a0:93:04:64:84:a6:95:09:57:9e:8b:1e:1c:b3:24:
2e:f2:24:68:82:9f:c8:33:9b:f9:a6:3b:4e:2f:c0:1d:8f:12:
02:32:19:a9:26:47:11:8b:d4:ed:4d:7c:17:ae:1a:d1:99:44:
b8:ba:3e:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZKPbTWmW1IAYCX0/85pLuteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjQxMDE1MDkwNTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMxOGQyMzRjZjVmOTZiNWU5NTRjNmI4MjlhNmE0ODU4NmQ2MDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8+2hlTnKx1oBhloBXn0pnlszSfD
+PmJ5bLAdd3nBjrn2JKgroj7r+Fyqnk1fcvhfmcIJKO/vJfe5WVkOem1OBxmrMrX
5vkJJXxLNSNKLUPZau3ruw0366hPHzLygXjE9SjLJ0/pFXRo9bywj3UE7KlCnhgK
6fTZCtD8Tqp4xtPehGrbzrEpntc/9hY1XTUrSlvIsQMvsG++/QMwZX4kWGRpiYDY
8861O8A3lKGwpx4LJUpTilDsYvSz5L+sY3Keq0m+Lb/ZMhDoPopcGbtFulX+CUlS
zJyFNuVHnphUHh8IjjdVoomeqs2ndXlOHQ8sZ+DSVpmak1phKQ0g8eqVXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDgxjSNM9flrXpVMa4KaakhYbWAGMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvT0RHTkkwejEtV3RlbFV4cmdwcHFTRmh0WUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVCZAAwQC
VCZMMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQBpfyYrMG/4OK7K
B9daSP3DiWMWCqdxg/8gG8yhJjT2R3VarXztR42LDrqkiwvNaiovI/NrYihxOEJF
6s6Hh9LXJBTatsPCvInGDsXlQ9+pNU6y9rYqQtyeMPsh23QbQFpMCbBsIrS6qjbp
yB/xEvxIcu/DrfKNH2TEvgBLkqi9GRA8/mziHOSuXo4s7IeJ1Z0eCxg6LLTCxqzg
YMduu3cVMDnzAkyNwdRctkG3iTugTC4KN+qLMRAErAn3Q3nhPI/MaiPWl1zjkxKg
kwRkhKaVCVeeix4csyQu8iRogp/IM5v5pjtOL8AdjxICMhmpJkcRi9TtTXwXrhrR
mUS4uj4P
-----END CERTIFICATE-----
Generated at Mon Apr 28 19:58:23 2025 by rpki-client