Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Cak0PHAX9x3ZqdW-T2lBPfDS0WU.roa
File: Cak0PHAX9x3ZqdW-T2lBPfDS0WU.roa (raw, json)
Hash identifier: h3W1yzHEV30ePWv/dEGqqvkJ5Lwo8RyfTEQk5joG1Qw=
Subject key identifier: 09:A9:34:3C:70:17:F7:1D:D9:A9:D5:BE:4F:69:41:3D:F0:D2:D1:65
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 0189B3247283E13F4C6AAC6F30068C6789A4
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Cak0PHAX9x3ZqdW-T2lBPfDS0WU.roa
Signing time: Tue 01 Aug 2023 22:07:37 +0000
ROA not before: Tue 01 Aug 2023 22:07:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 194.46.32.0/19 maxlen: 19
91.84.0.0/15 maxlen: 15
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b3:24:72:83:e1:3f:4c:6a:ac:6f:30:06:8c:67:89:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Aug 1 22:07:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09a9343c7017f71dd9a9d5be4f69413df0d2d165
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f5:12:89:25:5c:d2:85:73:fe:01:84:07:70:
18:31:e9:c1:02:41:44:c5:4a:89:2d:f8:ec:57:9a:
28:b7:66:3e:44:5a:68:30:39:c2:58:ea:b6:3f:ac:
a3:87:c7:e6:03:ab:c6:96:03:a2:d7:63:57:b4:a8:
a4:68:7f:85:e0:4c:9e:18:0d:58:d9:c4:54:ba:17:
2f:b4:af:5f:4b:b6:de:67:79:88:bf:49:88:82:7a:
4f:ec:b7:8b:36:de:5f:6d:c8:b4:97:a0:eb:75:15:
53:b2:04:fd:68:c8:a4:9d:84:04:46:8b:95:9e:64:
3a:11:b5:bf:3c:5b:7f:52:22:d6:17:af:5b:01:4f:
ef:eb:d1:f7:88:2b:97:2f:9e:76:92:a2:4d:36:c9:
06:e4:78:19:1e:11:c9:83:c9:df:17:4f:cf:d9:3f:
65:b0:e2:cb:ef:f7:4c:51:ac:79:4a:c6:23:94:7a:
fe:9f:59:7a:3c:c1:94:68:60:0c:2c:fd:7a:26:3b:
4d:fb:db:0a:12:86:d1:0f:00:94:2e:38:17:89:a8:
e0:60:c7:f9:39:74:00:86:70:5e:9c:8e:93:80:dc:
81:26:4f:66:8a:c0:c7:4d:e9:51:89:90:d6:6b:17:
56:8c:fb:d4:01:47:ab:2c:89:bc:0c:f9:31:69:bf:
79:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:A9:34:3C:70:17:F7:1D:D9:A9:D5:BE:4F:69:41:3D:F0:D2:D1:65
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Cak0PHAX9x3ZqdW-T2lBPfDS0WU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/15
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
27:d0:a3:a8:16:8b:26:19:d1:22:d8:4f:04:de:54:0e:ad:39:
bf:e5:68:1d:10:a4:aa:5e:a3:62:f7:bc:53:59:aa:65:dd:4f:
cf:f0:ed:10:c4:a6:51:13:21:67:1e:c6:62:1b:4c:8a:0c:0d:
95:4f:2f:17:f9:8f:41:d5:b7:32:77:58:9d:f5:29:ea:55:9b:
73:a5:c5:c2:99:be:3a:61:b9:36:e6:81:e5:82:0b:4e:49:a4:
ed:c6:13:81:eb:0c:08:ea:c1:5f:e4:24:fd:be:d5:13:3c:3c:
a8:c9:dd:49:01:9c:1e:54:d4:b6:6e:f8:be:41:4b:2b:19:0c:
3a:8b:46:58:11:83:2b:d8:01:73:77:c5:fb:64:53:7d:ff:18:
a7:9c:90:bf:d5:fe:a4:25:f7:3a:9d:5c:ea:e6:d9:3a:36:32:
0c:62:f5:15:31:68:09:2e:c1:7b:41:47:41:4b:0a:dc:ae:d8:
8c:eb:c3:75:7f:9f:5c:f8:19:1a:96:14:cb:d7:fc:87:f3:05:
40:56:35:68:76:64:83:4b:a2:26:85:31:37:01:bd:1d:6c:62:
59:3d:76:d7:64:40:70:c5:1f:25:30:87:0f:87:04:40:42:01:
05:32:c9:6f:1e:ba:25:80:f9:97:c5:ea:2a:89:c2:ba:94:c0:
90:34:33:db
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYmzJHKD4T9MaqxvMAaMZ4mkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMwODAxMjIwNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWE5MzQzYzcwMTdmNzFkZDlhOWQ1YmU0ZjY5NDEzZGYwZDJkMTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/USiSVc0oVz/gGEB3AYMenBAkFE
xUqJLfjsV5oot2Y+RFpoMDnCWOq2P6yjh8fmA6vGlgOi12NXtKikaH+F4EyeGA1Y
2cRUuhcvtK9fS7beZ3mIv0mIgnpP7LeLNt5fbci0l6DrdRVTsgT9aMiknYQERouV
nmQ6EbW/PFt/UiLWF69bAU/v69H3iCuXL552kqJNNskG5HgZHhHJg8nfF0/P2T9l
sOLL7/dMUax5SsYjlHr+n1l6PMGUaGAMLP16JjtN+9sKEobRDwCULjgXiajgYMf5
OXQAhnBenI6TgNyBJk9misDHTelRiZDWaxdWjPvUAUerLIm8DPkxab95xwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAmpNDxwF/cd2anVvk9pQT3w0tFlMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvQ2FrMFBIQVg5eDNacWRXLVQybEJQZkRTMFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwMBW1QwDAME
BcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC1GxYMA0GCSqGSIb3DQEBCwUAA4IB
AQAn0KOoFosmGdEi2E8E3lQOrTm/5WgdEKSqXqNi97xTWapl3U/P8O0QxKZREyFn
HsZiG0yKDA2VTy8X+Y9B1bcyd1id9SnqVZtzpcXCmb46Ybk25oHlggtOSaTtxhOB
6wwI6sFf5CT9vtUTPDyoyd1JAZweVNS2bvi+QUsrGQw6i0ZYEYMr2AFzd8X7ZFN9
/xinnJC/1f6kJfc6nVzq5tk6NjIMYvUVMWgJLsF7QUdBSwrcrtiM68N1f59c+Bka
lhTL1/yH8wVAVjVodmSDS6ImhTE3Ab0dbGJZPXbXZEBwxR8lMIcPhwRAQgEFMslv
HrolgPmXxeoqicK6lMCQNDPb
-----END CERTIFICATE-----
Generated at Thu May 15 00:21:11 2025 by rpki-client