Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/c8kGUOft9fLsqligMFiKrr9eCNQ.roa
File: c8kGUOft9fLsqligMFiKrr9eCNQ.roa (raw, json)
Hash identifier: zsCrayFFTUPl/xkKTf6phTnsIbtsXUxCeNZ0+OdooJo=
Subject key identifier: 73:C9:06:50:E7:ED:F5:F2:EC:AA:58:A0:30:58:8A:AE:BF:5E:08:D4
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 018A4082F79859DBF989D8F6753E7ED71104
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/c8kGUOft9fLsqligMFiKrr9eCNQ.roa
Signing time: Tue 29 Aug 2023 08:57:19 +0000
ROA not before: Tue 29 Aug 2023 08:57:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/21 maxlen: 21
195.42.114.0/23 maxlen: 23
84.38.76.0/22 maxlen: 22
2a00:5080::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:40:82:f7:98:59:db:f9:89:d8:f6:75:3e:7e:d7:11:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Aug 29 08:57:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=73c90650e7edf5f2ecaa58a030588aaebf5e08d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:1b:9b:0c:d3:0d:12:c0:92:b1:3a:04:af:42:
33:da:5b:b9:50:03:23:71:fe:84:11:0a:59:32:84:
38:d9:9f:89:5b:64:a1:8a:e9:1e:45:7d:53:e0:95:
9d:03:07:e5:e5:34:cd:01:12:50:b5:00:dc:19:45:
11:d6:a9:6c:89:f4:73:7b:32:9c:e0:2a:64:b2:0c:
89:b5:eb:84:de:35:41:f5:e1:64:48:bd:20:7d:7f:
5e:8d:da:bc:27:23:3e:ce:4b:8b:14:21:a8:b8:1e:
53:92:53:72:e5:12:f2:90:c9:27:4a:bd:57:07:f8:
cf:72:2c:e5:d6:e2:67:90:2f:13:f7:3d:14:1d:8d:
93:f6:b3:4c:2a:6e:b4:d2:c1:c5:4c:ff:ae:7d:5d:
0a:b6:1b:7f:3f:c5:d4:ff:c8:9f:8e:64:4d:80:92:
5c:a0:8a:7a:83:e2:fe:72:db:60:09:7c:22:c9:62:
2d:e1:c2:8b:d4:ba:97:2f:ec:af:8a:15:d3:81:fd:
4b:af:10:b9:b4:e8:58:23:80:6f:29:4a:c1:6f:01:
af:f1:5f:36:ac:d3:da:55:d1:f5:19:b3:95:36:dd:
9f:88:6c:85:6a:43:89:fa:88:07:fb:1e:61:ae:0c:
be:ba:10:b7:4b:79:d6:de:aa:89:ec:9f:3e:c8:b5:
7b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:C9:06:50:E7:ED:F5:F2:EC:AA:58:A0:30:58:8A:AE:BF:5E:08:D4
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/c8kGUOft9fLsqligMFiKrr9eCNQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/21
84.38.76.0/22
195.42.114.0/23
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
99:60:69:ea:67:14:f5:a0:66:22:f2:96:b2:1e:4d:d0:b1:f1:
45:c9:64:93:8a:b8:b6:c1:56:b4:af:ae:98:bf:08:ae:04:b3:
e2:1d:c4:38:c8:df:c5:ac:47:a4:e7:7c:5d:72:9e:a2:0d:49:
f7:4a:61:03:7a:cb:58:1d:0d:ae:a2:e5:5b:f4:24:22:c6:34:
21:07:bf:63:94:b5:51:20:ce:87:ae:49:f9:61:65:49:84:51:
9f:ff:f5:e3:e8:9e:30:df:b2:14:8d:e3:a2:f6:7c:50:d8:11:
5f:25:48:a2:3d:60:31:94:52:e4:76:1e:67:df:69:b3:c4:39:
18:94:0b:75:0a:3d:ab:13:19:d4:26:05:06:36:80:d6:92:86:
5d:2a:91:f9:c6:27:f6:f0:81:fc:4b:f7:ac:74:2c:9b:ae:90:
a9:e4:66:c1:59:8b:a4:7f:3d:23:86:3a:e5:6e:93:5d:9c:83:
cd:49:86:e2:7f:ec:44:fe:71:67:be:61:39:08:ee:ff:75:ee:
de:90:4a:f5:97:a4:d8:13:23:2d:fa:3a:03:13:fd:e8:67:60:
60:34:db:81:19:91:69:cb:37:de:1f:85:e1:6a:0a:6a:d7:2d:
71:5f:ea:0e:da:07:d8:3a:e1:c5:fb:68:42:11:06:88:4c:36:
7f:ee:9e:86
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYpAgveYWdv5idj2dT5+1xEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjMwODI5MDg1NzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2M5MDY1MGU3ZWRmNWYyZWNhYTU4YTAzMDU4OGFhZWJmNWUwOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhubDNMNEsCSsToEr0Iz2lu5UAMj
cf6EEQpZMoQ42Z+JW2ShiukeRX1T4JWdAwfl5TTNARJQtQDcGUUR1qlsifRzezKc
4CpksgyJteuE3jVB9eFkSL0gfX9ejdq8JyM+zkuLFCGouB5TklNy5RLykMknSr1X
B/jPcizl1uJnkC8T9z0UHY2T9rNMKm600sHFTP+ufV0Ktht/P8XU/8ifjmRNgJJc
oIp6g+L+cttgCXwiyWIt4cKL1LqXL+yvihXTgf1LrxC5tOhYI4BvKUrBbwGv8V82
rNPaVdH1GbOVNt2fiGyFakOJ+ogH+x5hrgy+uhC3S3nW3qqJ7J8+yLV7MwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHPJBlDn7fXy7KpYoDBYiq6/XgjUMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvYzhrR1VPZnQ5ZkxzcWxpZ01GaUtycjllQ05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDVCZAAwQC
VCZMAwQBwypyMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQCZYGnq
ZxT1oGYi8payHk3QsfFFyWSTiri2wVa0r66YvwiuBLPiHcQ4yN/FrEek53xdcp6i
DUn3SmEDestYHQ2uouVb9CQixjQhB79jlLVRIM6Hrkn5YWVJhFGf//Xj6J4w37IU
jeOi9nxQ2BFfJUiiPWAxlFLkdh5n32mzxDkYlAt1Cj2rExnUJgUGNoDWkoZdKpH5
xif28IH8S/esdCybrpCp5GbBWYukfz0jhjrlbpNdnIPNSYbif+xE/nFnvmE5CO7/
de7ekEr1l6TYEyMt+joDE/3oZ2BgNNuBGZFpyzfeH4Xhagpq1y1xX+oO2gfYOuHF
+2hCEQaITDZ/7p6G
-----END CERTIFICATE-----
Generated at Tue Apr 29 00:58:34 2025 by rpki-client