Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/mM2YjpoPNm3lKDF5XIehw-HWpxo.roa
File: mM2YjpoPNm3lKDF5XIehw-HWpxo.roa (raw, json)
Hash identifier: nQHUp0hwMzyR/v5LdmGA3oxpCvZGr7uL8M+kmOF0STM=
Subject key identifier: 98:CD:98:8E:9A:0F:36:6D:E5:28:31:79:5C:87:A1:C3:E1:D6:A7:1A
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 018CC5001077B42E466805B5697EE21A830B
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/mM2YjpoPNm3lKDF5XIehw-HWpxo.roa
Signing time: Mon 01 Jan 2024 12:29:24 +0000
ROA not before: Mon 01 Jan 2024 12:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50969
IP address blocks: 195.211.166.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:10:77:b4:2e:46:68:05:b5:69:7e:e2:1a:83:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 1 12:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=98cd988e9a0f366de52831795c87a1c3e1d6a71a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:e3:77:fe:96:00:64:92:45:80:aa:e2:3b:c1:
a7:34:c2:af:83:b7:48:3c:f1:36:87:6a:aa:f3:d3:
30:8b:86:64:05:2e:d8:a6:3e:d6:2f:84:4e:c9:1d:
80:c1:62:e8:44:37:bc:5f:ba:ea:28:4f:14:d1:ab:
0e:d3:cb:b8:41:dd:e5:e2:6a:3a:e4:cc:2c:5b:2e:
8e:a6:dd:e6:71:5d:8c:5c:b3:ae:3c:ba:37:5b:df:
7a:6a:bb:98:3c:63:9c:a6:0c:a8:5d:c8:11:00:7e:
e5:8a:e2:76:45:3b:8e:f3:df:0c:f8:29:fc:dc:0f:
5a:49:19:73:d6:9b:77:eb:68:f4:75:90:94:42:43:
78:6c:eb:59:c1:97:62:1e:84:c4:86:c3:45:c5:b5:
c9:29:00:c7:b6:33:ca:c7:e8:c2:2c:aa:7d:ff:a2:
e7:0a:78:75:17:90:53:54:af:10:ce:f8:f3:28:c9:
e6:a2:99:48:d8:68:cd:8d:86:a3:6d:98:58:76:d6:
28:07:c5:de:bb:90:14:56:2e:d9:63:30:42:17:57:
61:ba:9f:92:d5:98:e5:a7:5e:2c:de:9d:0e:de:67:
c0:0d:88:bd:80:f2:af:51:2c:63:07:be:46:16:14:
f1:7a:b2:43:9b:a7:a1:3b:47:32:c5:a0:d4:8f:f8:
43:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:CD:98:8E:9A:0F:36:6D:E5:28:31:79:5C:87:A1:C3:E1:D6:A7:1A
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/mM2YjpoPNm3lKDF5XIehw-HWpxo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.211.166.0/24
Signature Algorithm: sha256WithRSAEncryption
28:83:40:3c:64:08:d6:1e:b3:d0:57:07:3a:64:50:e5:ae:8a:
12:53:f2:b4:77:24:25:66:ab:0d:69:df:7c:4b:c8:75:f1:6d:
e6:e0:ab:76:4a:83:4c:08:a7:42:8a:3c:f9:5f:f3:56:66:65:
cd:03:68:f4:22:9c:43:67:ae:12:23:cc:02:6d:ab:46:55:a0:
8f:8c:bf:68:83:41:6b:2e:e7:f6:69:dd:e6:6b:50:c9:86:52:
52:08:94:c1:45:45:11:4c:22:e6:98:5b:b8:fb:f8:50:a3:b1:
ef:db:d4:03:ac:81:3f:45:8c:37:e8:f0:e8:48:92:1c:77:f4:
1e:51:8e:7d:54:23:1c:c5:b3:26:39:36:42:56:04:b5:ef:ef:
b9:d7:9c:8a:9d:26:db:e6:e4:be:a1:db:59:d0:6f:c0:44:a9:
5f:1e:cf:45:5a:78:ae:09:10:15:fa:32:ae:de:00:c5:72:b2:
f4:da:4e:fe:60:a7:ff:88:64:a7:a8:df:ae:39:96:33:df:20:
b3:25:43:33:f2:0a:f4:82:aa:8b:93:ee:fa:b6:3a:60:9c:7b:
b2:5d:39:0c:4c:09:d1:27:1e:a2:00:5c:b1:9e:6a:56:af:5d:
e7:3c:14:c3:38:a1:84:73:7e:42:b3:7d:09:ec:7a:75:40:0d:
43:20:fe:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABB3tC5GaAW1aX7iGoMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNkOTg4ZTlhMGYzNjZkZTUyODMxNzk1Yzg3YTFjM2UxZDZhNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgON3/pYAZJJFgKriO8GnNMKvg7dI
PPE2h2qq89Mwi4ZkBS7Ypj7WL4ROyR2AwWLoRDe8X7rqKE8U0asO08u4Qd3l4mo6
5MwsWy6Opt3mcV2MXLOuPLo3W996aruYPGOcpgyoXcgRAH7liuJ2RTuO898M+Cn8
3A9aSRlz1pt362j0dZCUQkN4bOtZwZdiHoTEhsNFxbXJKQDHtjPKx+jCLKp9/6Ln
Cnh1F5BTVK8QzvjzKMnmoplI2GjNjYajbZhYdtYoB8Xeu5AUVi7ZYzBCF1dhup+S
1Zjlp14s3p0O3mfADYi9gPKvUSxjB75GFhTxerJDm6ehO0cyxaDUj/hDLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjNmI6aDzZt5SgxeVyHocPh1qcaMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvbU0yWWpwb1BObTNsS0RGNVhJZWh3LUhXcHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9OmMA0G
CSqGSIb3DQEBCwUAA4IBAQAog0A8ZAjWHrPQVwc6ZFDlrooSU/K0dyQlZqsNad98
S8h18W3m4Kt2SoNMCKdCijz5X/NWZmXNA2j0IpxDZ64SI8wCbatGVaCPjL9og0Fr
Luf2ad3ma1DJhlJSCJTBRUURTCLmmFu4+/hQo7Hv29QDrIE/RYw36PDoSJIcd/Qe
UY59VCMcxbMmOTZCVgS17++515yKnSbb5uS+odtZ0G/ARKlfHs9FWniuCRAV+jKu
3gDFcrL02k7+YKf/iGSnqN+uOZYz3yCzJUMz8gr0gqqLk+76tjpgnHuyXTkMTAnR
Jx6iAFyxnmpWr13nPBTDOKGEc35Cs30J7Hp1QA1DIP6P
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:13:41 2025 by rpki-client