Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/d07f01-77c0-4a40-9563-d6bb580af785/1/7xb59neNDI7v2jJ4pgJoAWHzFRU.roa
File: 7xb59neNDI7v2jJ4pgJoAWHzFRU.roa (raw, json)
Hash identifier: xpQM+1wCVOFEeD1WP5Z1lENMAony7kFRu2JiimbVroI=
Subject key identifier: EF:16:F9:F6:77:8D:0C:8E:EF:DA:32:78:A6:02:68:01:61:F3:15:15
Certificate issuer: /CN=7645692d4bd30cf9e989d55bac8d08e7714493ab
Certificate serial: 0194228D70C6CC98C36C27854A0DF9ED5BE7
Authority key identifier: 76:45:69:2D:4B:D3:0C:F9:E9:89:D5:5B:AC:8D:08:E7:71:44:93:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dkVpLUvTDPnpidVbrI0I53FEk6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/d07f01-77c0-4a40-9563-d6bb580af785/1/7xb59neNDI7v2jJ4pgJoAWHzFRU.roa
Signing time: Wed 01 Jan 2025 15:48:02 +0000
ROA not before: Wed 01 Jan 2025 15:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12637
IP address blocks: 31.14.183.0/24 maxlen: 24
77.81.143.0/24 maxlen: 24
78.40.111.0/24 maxlen: 24
86.106.75.0/24 maxlen: 24
86.106.76.0/24 maxlen: 24
91.233.180.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:70:c6:cc:98:c3:6c:27:85:4a:0d:f9:ed:5b:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7645692d4bd30cf9e989d55bac8d08e7714493ab
Validity
Not Before: Jan 1 15:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ef16f9f6778d0c8eefda3278a602680161f31515
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:07:a3:7e:89:f3:4e:ab:44:8b:3b:6d:2e:41:
18:fd:22:42:62:f8:15:24:3c:c6:09:36:30:28:33:
be:b0:b2:5c:e8:75:1a:45:db:8d:86:4f:bd:a5:03:
8e:e4:6d:a9:9c:8b:40:43:df:d6:cb:1d:a8:f7:42:
f3:90:cb:bf:2c:c7:a9:e8:d9:dd:c6:dd:44:b7:93:
a1:54:90:ab:7f:51:4d:e2:ba:b4:18:58:f6:08:df:
81:cd:60:ea:7b:20:fd:0c:0a:8c:84:b6:cc:c0:21:
92:c1:54:76:ef:52:8e:82:0e:23:5c:06:4d:09:d1:
c1:b8:1f:47:3c:9f:4e:a0:44:fd:b1:9f:04:c8:ee:
14:09:e9:8c:54:77:ae:8c:a4:af:0f:c1:fc:d2:84:
1b:7e:de:ec:79:6a:e5:f7:bf:2c:57:c2:88:ba:aa:
5f:af:43:6f:a8:bf:87:47:14:2f:d7:ca:e6:a2:40:
0f:9f:6d:8a:11:4a:a1:ad:db:7c:95:1c:63:5c:0b:
71:57:97:5f:36:47:ac:f3:98:15:86:f7:5a:a8:a6:
cb:e2:8e:cb:53:37:7e:c7:65:6f:02:54:06:79:aa:
ae:ca:2f:d3:bf:cf:75:c4:0e:08:2c:ee:aa:2b:2c:
97:b5:99:99:8d:0c:7d:12:6b:72:db:1d:ef:9e:67:
f3:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:16:F9:F6:77:8D:0C:8E:EF:DA:32:78:A6:02:68:01:61:F3:15:15
X509v3 Authority Key Identifier:
keyid:76:45:69:2D:4B:D3:0C:F9:E9:89:D5:5B:AC:8D:08:E7:71:44:93:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkVpLUvTDPnpidVbrI0I53FEk6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d07f01-77c0-4a40-9563-d6bb580af785/1/7xb59neNDI7v2jJ4pgJoAWHzFRU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/d07f01-77c0-4a40-9563-d6bb580af785/1/dkVpLUvTDPnpidVbrI0I53FEk6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.183.0/24
77.81.143.0/24
78.40.111.0/24
86.106.75.0-86.106.76.255
91.233.180.0/23
Signature Algorithm: sha256WithRSAEncryption
21:65:c6:68:f2:67:5b:69:48:aa:a3:50:8d:6e:5e:a4:b6:8e:
dd:d4:6b:ab:99:23:13:6d:f4:4c:e8:dd:f6:48:eb:52:94:2d:
81:45:e3:bd:b4:5f:ba:c2:84:6e:0c:70:2e:ed:22:fa:84:c3:
7d:86:a0:cc:e6:36:ea:a5:4f:bd:dc:ba:1d:c2:f0:71:d9:e0:
8b:9c:08:bf:48:9d:67:1a:50:35:13:7c:0c:b3:89:f5:f5:a2:
9b:f8:d6:46:e8:4f:02:7c:d5:4e:0b:ef:9f:d7:47:d2:d7:66:
eb:0d:5f:3a:d5:eb:62:d5:0f:3b:13:01:a4:dc:e3:01:63:9b:
0d:81:a1:86:9a:e2:37:58:5d:99:f1:bb:5b:2e:41:e7:80:d8:
2b:b2:c7:28:51:9a:e5:26:4c:f6:3b:be:87:e9:1c:c2:03:37:
bd:75:25:a4:6a:0a:56:d9:91:75:f7:b4:af:f6:bb:d3:7f:e7:
ce:53:92:2a:c1:66:91:32:59:fb:d8:98:2b:63:d7:8d:33:96:
5d:c8:00:1c:a4:55:76:05:3a:fa:77:91:19:11:47:e7:66:f4:
42:29:26:d3:75:fb:49:f2:c7:fb:24:f8:1f:24:e9:56:ca:ee:
e3:58:f8:01:9e:eb:6a:3b:88:20:aa:b3:ef:57:01:d3:c1:a2:
77:33:c4:47
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQijXDGzJjDbCeFSg357VvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDU2OTJkNGJkMzBjZjllOTg5ZDU1YmFjOGQwOGU3NzE0
NDkzYWIwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjE2ZjlmNjc3OGQwYzhlZWZkYTMyNzhhNjAyNjgwMTYxZjMxNTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAejfonzTqtEizttLkEY/SJCYvgV
JDzGCTYwKDO+sLJc6HUaRduNhk+9pQOO5G2pnItAQ9/Wyx2o90LzkMu/LMep6Nnd
xt1Et5OhVJCrf1FN4rq0GFj2CN+BzWDqeyD9DAqMhLbMwCGSwVR271KOgg4jXAZN
CdHBuB9HPJ9OoET9sZ8EyO4UCemMVHeujKSvD8H80oQbft7seWrl978sV8KIuqpf
r0NvqL+HRxQv18rmokAPn22KEUqhrdt8lRxjXAtxV5dfNkes85gVhvdaqKbL4o7L
Uzd+x2VvAlQGeaquyi/Tv891xA4ILO6qKyyXtZmZjQx9Emty2x3vnmfzCQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFO8W+fZ3jQyO79oyeKYCaAFh8xUVMB8GA1UdIwQY
MBaAFHZFaS1L0wz56YnVW6yNCOdxRJOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtWcExVdlREUG5waWRWYnJJMEk1M0ZFazZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kMDdmMDEtNzdjMC00YTQwLTk1NjMt
ZDZiYjU4MGFmNzg1LzEvN3hiNTluZU5ESTd2MmpKNHBnSm9BV0h6RlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kMDdmMDEtNzdjMC00YTQwLTk1NjMtZDZiYjU4MGFmNzg1
LzEvZGtWcExVdlREUG5waWRWYnJJMEk1M0ZFazZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAHw63AwQA
TVGPAwQATihvMAwDBABWaksDBABWakwDBAFb6bQwDQYJKoZIhvcNAQELBQADggEB
ACFlxmjyZ1tpSKqjUI1uXqS2jt3Ua6uZIxNt9Ezo3fZI61KULYFF4720X7rChG4M
cC7tIvqEw32GoMzmNuqlT73cuh3C8HHZ4IucCL9InWcaUDUTfAyzifX1opv41kbo
TwJ81U4L75/XR9LXZusNXzrV62LVDzsTAaTc4wFjmw2BoYaa4jdYXZnxu1suQeeA
2CuyxyhRmuUmTPY7vofpHMIDN711JaRqClbZkXX3tK/2u9N/585TkirBZpEyWfvY
mCtj140zll3IABykVXYFOvp3kRkRR+dm9EIpJtN1+0nyx/sk+B8k6VbK7uNY+AGe
62o7iCCqs+9XAdPBonczxEc=
-----END CERTIFICATE-----
Generated at Wed Apr 30 13:33:17 2025 by rpki-client