Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/WaQkUagCZa0Kj4AyNsc65jyW4po.roa
File: WaQkUagCZa0Kj4AyNsc65jyW4po.roa (raw, json)
Hash identifier: UYsEgo0M7lc/QSTKugcfmVkkoLJyZqJ+pq/Dk8wOkkk=
Subject key identifier: 59:A4:24:51:A8:02:65:AD:0A:8F:80:32:36:C7:3A:E6:3C:96:E2:9A
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 018D2D73AB818A3CB028E58F0E1C1901B80A
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/WaQkUagCZa0Kj4AyNsc65jyW4po.roa
Signing time: Sun 21 Jan 2024 19:16:11 +0000
ROA not before: Sun 21 Jan 2024 19:16:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 176.56.35.0/24 maxlen: 24
185.234.8.0/24 maxlen: 24
188.95.71.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:73:ab:81:8a:3c:b0:28:e5:8f:0e:1c:19:01:b8:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 21 19:16:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=59a42451a80265ad0a8f803236c73ae63c96e29a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:07:47:25:d1:60:d1:df:48:10:2d:e0:88:f7:
14:e5:e7:c4:ff:3c:d7:a8:33:35:f5:ea:eb:c4:e3:
02:46:b2:fb:6d:b3:54:49:75:11:5a:58:60:2b:0d:
07:3f:ea:e7:1d:be:cf:a8:72:6c:88:d3:3e:c0:34:
65:80:80:14:9e:82:19:ae:db:63:f3:26:c0:7d:01:
93:0b:7c:9d:70:c3:af:98:83:a0:e5:00:d5:4e:04:
64:79:01:e9:62:2b:99:b3:6d:3e:50:6b:51:cd:2f:
f6:a1:f4:e8:31:de:4f:83:ba:07:82:d6:42:17:80:
88:e1:c2:9d:38:90:18:4c:6a:df:9c:40:99:7c:b6:
a6:43:28:71:11:dc:d8:d2:09:fa:99:fd:85:e0:9a:
a1:3d:b3:93:2f:c3:ab:5e:f2:61:8f:ae:0c:23:75:
81:7d:fc:cd:a3:60:65:14:8f:6e:50:94:91:7d:96:
da:49:65:63:3f:88:f7:25:f0:55:f2:43:49:a8:21:
d4:9c:10:76:dc:d1:e3:95:32:9d:15:f1:8a:d1:c9:
5c:79:d1:13:18:4c:08:58:c6:0a:48:e2:6d:c3:cb:
ec:63:fc:70:06:2a:a3:40:8d:d9:a6:65:09:eb:62:
81:06:2a:3b:16:98:80:29:22:84:e2:78:bf:1c:23:
1a:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:A4:24:51:A8:02:65:AD:0A:8F:80:32:36:C7:3A:E6:3C:96:E2:9A
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/WaQkUagCZa0Kj4AyNsc65jyW4po.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.56.35.0/24
185.234.8.0/24
188.95.71.0/24
Signature Algorithm: sha256WithRSAEncryption
88:80:1a:7e:91:27:85:39:f2:95:4d:c6:36:54:ea:bd:92:f0:
3f:48:32:f9:8f:57:d8:7e:bb:fc:ad:58:24:ec:aa:9f:86:41:
da:c5:20:bb:c5:97:11:a5:e9:48:c2:15:8c:e1:3e:a3:32:ba:
b3:f2:67:02:7d:39:7d:d7:4c:52:b2:c5:74:14:10:06:55:e3:
5b:28:1b:98:e9:36:84:15:92:5c:e2:06:fb:36:23:78:a1:dd:
1a:09:82:86:ad:99:85:b9:47:cf:67:cc:e5:d4:bf:06:72:9c:
f7:52:f9:a3:13:46:84:c2:49:17:b0:59:3f:30:e4:71:ba:99:
a4:84:7b:2b:b5:f7:a9:3c:0a:78:0a:35:f4:3e:3b:d7:99:3c:
1c:67:60:b0:d6:e1:1b:0e:78:23:5b:11:a0:15:36:e1:a7:65:
92:9f:63:cd:92:36:b6:f8:ad:bf:9d:f5:e2:13:8c:63:cb:53:
ca:60:4d:e9:25:82:83:32:a2:80:d7:26:7b:7b:f4:08:0c:5b:
53:6b:93:0d:9f:fe:71:67:88:10:10:5a:7d:4f:56:43:49:a4:
1f:aa:8d:bc:af:ad:c4:1d:18:51:73:7f:f5:e4:33:74:02:0a:
61:74:19:25:a7:6b:d0:20:63:46:cc:92:e5:71:8c:4d:c0:0f:
58:38:c2:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0tc6uBijywKOWPDhwZAbgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwMTIxMTkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE0MjQ1MWE4MDI2NWFkMGE4ZjgwMzIzNmM3M2FlNjNjOTZlMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwdHJdFg0d9IEC3giPcU5efE/zzX
qDM19errxOMCRrL7bbNUSXURWlhgKw0HP+rnHb7PqHJsiNM+wDRlgIAUnoIZrttj
8ybAfQGTC3ydcMOvmIOg5QDVTgRkeQHpYiuZs20+UGtRzS/2ofToMd5Pg7oHgtZC
F4CI4cKdOJAYTGrfnECZfLamQyhxEdzY0gn6mf2F4JqhPbOTL8OrXvJhj64MI3WB
ffzNo2BlFI9uUJSRfZbaSWVjP4j3JfBV8kNJqCHUnBB23NHjlTKdFfGK0clcedET
GEwIWMYKSOJtw8vsY/xwBiqjQI3ZpmUJ62KBBio7FpiAKSKE4ni/HCMaWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFmkJFGoAmWtCo+AMjbHOuY8luKaMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvV2FRa1VhZ0NaYTBLajRBeU5zYzY1anlXNHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsDgjAwQA
ueoIAwQAvF9HMA0GCSqGSIb3DQEBCwUAA4IBAQCIgBp+kSeFOfKVTcY2VOq9kvA/
SDL5j1fYfrv8rVgk7KqfhkHaxSC7xZcRpelIwhWM4T6jMrqz8mcCfTl910xSssV0
FBAGVeNbKBuY6TaEFZJc4gb7NiN4od0aCYKGrZmFuUfPZ8zl1L8Gcpz3UvmjE0aE
wkkXsFk/MORxupmkhHsrtfepPAp4CjX0PjvXmTwcZ2Cw1uEbDngjWxGgFTbhp2WS
n2PNkja2+K2/nfXiE4xjy1PKYE3pJYKDMqKA1yZ7e/QIDFtTa5MNn/5xZ4gQEFp9
T1ZDSaQfqo28r63EHRhRc3/15DN0AgphdBklp2vQIGNGzJLlcYxNwA9YOMKV
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:15:17 2025 by rpki-client