Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1GzK-elRniJzeqx7zG7vD1gJKew.roa
File: 1GzK-elRniJzeqx7zG7vD1gJKew.roa (raw, json)
Hash identifier: /kj1T2v5fKz0ypHGCkqOuBAudzuG7y2K4XYhIwDVNUg=
Subject key identifier: D4:6C:CA:F9:E9:51:9E:22:73:7A:AC:7B:CC:6E:EF:0F:58:09:29:EC
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 01857102E36199F822E449732CFFE8D8B316
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1GzK-elRniJzeqx7zG7vD1gJKew.roa
Signing time: Mon 02 Jan 2023 05:44:52 +0000
ROA not before: Mon 02 Jan 2023 05:44:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50969
IP address blocks: 195.211.166.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:02:e3:61:99:f8:22:e4:49:73:2c:ff:e8:d8:b3:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 2 05:44:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d46ccaf9e9519e22737aac7bcc6eef0f580929ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:3b:e7:b0:e4:09:5c:ce:46:63:02:09:99:79:
24:97:f7:c8:c5:4b:55:b0:e2:0d:b6:2c:7c:07:cc:
a7:42:f3:70:79:d2:3d:99:dd:7d:1d:4a:7f:a2:b4:
f7:55:aa:0e:fb:ec:36:36:c1:37:d8:25:5a:f2:15:
b6:3f:ef:c0:99:05:2e:b3:6b:4c:d1:eb:dd:9e:2c:
2a:f5:f6:c2:cc:d3:e0:b7:55:5d:4b:b5:ca:68:78:
3f:7f:67:ed:b8:3b:50:49:c3:e0:4f:eb:18:85:6b:
30:dc:58:97:e0:13:70:3a:3d:e8:66:37:c8:b9:15:
7d:20:e7:bb:91:1d:d5:6d:1c:8c:0f:7f:5a:9b:cb:
e7:51:58:e6:f5:4a:5e:4c:f4:cc:31:fa:a0:21:de:
87:7c:fe:4b:a3:21:3e:bb:d7:30:fa:c9:89:c0:ef:
94:ca:09:8a:c5:a9:12:fb:ec:42:7b:87:d0:c8:c1:
bb:39:bb:68:4f:46:90:ba:ba:44:78:0c:94:8f:8f:
64:a2:d3:9e:e1:31:83:ab:79:f5:e6:e4:32:4a:a4:
90:e1:79:b2:34:18:30:ed:ae:78:87:6d:83:8d:b3:
68:84:75:4d:d9:c4:5a:cd:c5:0a:b5:60:12:16:89:
0e:f1:9c:66:77:7a:27:90:5b:89:90:54:ee:10:9f:
49:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:6C:CA:F9:E9:51:9E:22:73:7A:AC:7B:CC:6E:EF:0F:58:09:29:EC
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1GzK-elRniJzeqx7zG7vD1gJKew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.211.166.0/24
Signature Algorithm: sha256WithRSAEncryption
70:22:79:a3:fb:b5:fa:cb:f9:22:87:8d:74:06:6c:11:c4:67:
41:57:26:66:16:09:33:b9:4c:63:ee:26:51:39:2d:30:36:ea:
3b:b7:7f:7a:50:fc:36:06:6b:d1:6c:0a:e0:e7:bc:0e:5a:4c:
ec:db:a1:a9:b0:f7:d0:33:12:0b:78:c7:6b:a6:4c:79:e4:f3:
21:de:68:44:b1:7d:b5:59:9f:19:d6:e8:96:bc:ce:7d:53:c7:
2f:06:f9:47:a4:37:25:c3:0b:7c:b2:ed:60:30:b8:db:1a:d1:
ac:d2:e7:d1:10:6f:d0:5a:31:8b:f8:e2:fb:7d:57:a8:0d:4e:
82:8a:9f:f5:50:6e:a5:55:af:f6:6b:76:49:68:1f:47:07:77:
f6:f9:e2:a1:67:06:9c:87:af:09:0e:84:ac:2d:66:04:a6:74:
a4:8f:2d:5c:df:ed:1a:0c:ec:3b:76:d8:5d:be:ab:44:d5:e5:
4b:f1:da:ea:94:56:2b:e6:cb:41:d7:4e:9f:21:2f:ef:f2:78:
34:4c:24:6c:50:b3:dd:fd:91:42:b1:10:f7:d1:f4:d3:e1:25:
b8:52:80:3e:4b:5b:b0:27:87:ea:64:c1:6c:9f:c2:1e:c7:39:
8d:94:46:5a:c0:df:51:e6:e9:ed:c1:87:e7:e0:86:72:4e:c2:
68:64:9f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxAuNhmfgi5ElzLP/o2LMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjMwMTAyMDU0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDZjY2FmOWU5NTE5ZTIyNzM3YWFjN2JjYzZlZWYwZjU4MDkyOWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjvnsOQJXM5GYwIJmXkkl/fIxUtV
sOINtix8B8ynQvNwedI9md19HUp/orT3VaoO++w2NsE32CVa8hW2P+/AmQUus2tM
0evdniwq9fbCzNPgt1VdS7XKaHg/f2ftuDtQScPgT+sYhWsw3FiX4BNwOj3oZjfI
uRV9IOe7kR3VbRyMD39am8vnUVjm9UpeTPTMMfqgId6HfP5LoyE+u9cw+smJwO+U
ygmKxakS++xCe4fQyMG7ObtoT0aQurpEeAyUj49kotOe4TGDq3n15uQySqSQ4Xmy
NBgw7a54h22DjbNohHVN2cRazcUKtWASFokO8Zxmd3onkFuJkFTuEJ9JcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRsyvnpUZ4ic3qse8xu7w9YCSnsMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvMUd6Sy1lbFJuaUp6ZXF4N3pHN3ZEMWdKS2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9OmMA0G
CSqGSIb3DQEBCwUAA4IBAQBwInmj+7X6y/kih410BmwRxGdBVyZmFgkzuUxj7iZR
OS0wNuo7t396UPw2BmvRbArg57wOWkzs26GpsPfQMxILeMdrpkx55PMh3mhEsX21
WZ8Z1uiWvM59U8cvBvlHpDclwwt8su1gMLjbGtGs0ufREG/QWjGL+OL7fVeoDU6C
ip/1UG6lVa/2a3ZJaB9HB3f2+eKhZwach68JDoSsLWYEpnSkjy1c3+0aDOw7dthd
vqtE1eVL8drqlFYr5stB106fIS/v8ng0TCRsULPd/ZFCsRD30fTT4SW4UoA+S1uw
J4fqZMFsn8IexzmNlEZawN9R5untwYfn4IZyTsJoZJ8E
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:15:16 2025 by rpki-client