Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/NEWl4gm95DNE7JV20ZVZR19IAIM.roa
File: NEWl4gm95DNE7JV20ZVZR19IAIM.roa (raw, json)
Hash identifier: Ne/PfUFWOH5aU0IQlPI7Ip7EQW7NZ/gFhLToDgzOuAs=
Subject key identifier: 34:45:A5:E2:09:BD:E4:33:44:EC:95:76:D1:95:59:47:5F:48:00:83
Certificate issuer: /CN=787aac71f17ef033cb6536795338fdc7bc0f2263
Certificate serial: 018570B0687220025C7632C672003B18E045
Authority key identifier: 78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/NEWl4gm95DNE7JV20ZVZR19IAIM.roa
Signing time: Mon 02 Jan 2023 04:14:47 +0000
ROA not before: Mon 02 Jan 2023 04:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35571
IP address blocks: 185.141.180.0/22 maxlen: 22
87.236.80.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b0:68:72:20:02:5c:76:32:c6:72:00:3b:18:e0:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=787aac71f17ef033cb6536795338fdc7bc0f2263
Validity
Not Before: Jan 2 04:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3445a5e209bde43344ec9576d19559475f480083
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:2c:c9:22:de:fb:e1:f2:6a:15:c4:da:ce:e1:
11:be:a5:66:a2:ae:52:57:d0:78:c4:16:73:1f:ee:
47:51:f7:72:09:3b:80:3c:77:6b:3e:b2:72:0d:56:
a9:40:50:6f:81:f9:09:f4:8b:3d:76:0f:6d:77:cd:
5a:28:dc:38:95:53:6a:d6:d7:7b:9b:1d:8a:d2:f8:
15:b9:03:da:76:f2:c7:0a:d6:fd:1a:ef:bd:89:00:
5d:85:72:4c:5f:a1:7e:55:2b:0f:28:13:4f:f8:d7:
48:bb:45:13:5c:e8:43:66:d2:21:30:ee:d1:bb:e2:
30:dc:a6:16:36:e4:63:01:09:04:df:b1:b4:41:7f:
91:77:4b:e4:08:91:42:75:2b:04:eb:82:f7:99:eb:
e4:35:5d:90:b3:f6:95:b2:a7:ae:57:d4:46:14:0c:
0d:7d:ca:62:54:b4:e0:02:d0:93:db:71:06:03:cc:
7a:e2:1f:56:3a:78:78:57:d6:cc:2d:80:de:bf:fe:
45:b8:99:6b:a1:7a:e4:f0:e1:30:99:2a:5e:39:aa:
68:7a:e4:d1:0f:67:59:ce:32:2a:ae:15:29:99:7f:
80:ab:b0:2a:6e:b2:65:4e:26:a5:8b:d4:f3:98:d1:
96:3d:c8:13:f3:e8:2c:46:f0:f7:56:66:1a:68:4f:
ca:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:45:A5:E2:09:BD:E4:33:44:EC:95:76:D1:95:59:47:5F:48:00:83
X509v3 Authority Key Identifier:
keyid:78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/NEWl4gm95DNE7JV20ZVZR19IAIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.236.80.0/21
185.141.180.0/22
Signature Algorithm: sha256WithRSAEncryption
90:00:e8:26:8d:fa:ab:94:f6:e7:70:06:13:b4:df:97:6f:c0:
7a:2e:5e:8f:34:8d:66:3b:7e:7a:0e:85:80:01:59:78:26:b0:
7c:ce:e8:5d:74:0e:84:44:f2:b0:3d:23:2d:3d:16:df:b9:9b:
89:e9:82:08:63:51:58:96:54:23:0a:3f:df:81:8e:12:99:41:
2a:1e:be:89:31:33:78:63:41:b9:8d:6e:84:61:31:3a:31:2c:
1d:0d:8e:bd:77:8a:48:23:fc:48:5c:a2:1f:3c:3c:1e:50:c7:
c3:18:5f:5e:ef:cf:c4:55:ea:69:78:1b:01:31:31:8b:16:5d:
3e:76:72:e4:3e:3e:82:bc:b4:a3:c5:f5:9c:9a:1e:c7:2e:3f:
63:bf:f5:e4:52:a9:fe:f2:94:d6:a2:07:d8:2e:be:f5:38:cc:
dd:14:54:8b:5b:de:4c:ca:2a:35:1f:11:d8:37:05:6a:8f:cb:
1f:5e:1e:89:bc:9f:45:26:6f:26:24:d8:11:94:36:e0:94:9b:
88:9c:2f:13:12:9e:3d:04:04:c6:e5:de:aa:db:38:29:a8:51:
18:ff:6d:3f:3e:25:d1:65:53:74:36:c7:ef:d0:54:99:21:9f:
f3:5d:61:0d:5d:7a:77:2a:09:b6:41:30:3d:29:f5:3b:15:db:
db:5a:8c:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwsGhyIAJcdjLGcgA7GOBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4N2FhYzcxZjE3ZWYwMzNjYjY1MzY3OTUzMzhmZGM3YmMw
ZjIyNjMwHhcNMjMwMTAyMDQxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ1YTVlMjA5YmRlNDMzNDRlYzk1NzZkMTk1NTk0NzVmNDgwMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyzJIt774fJqFcTazuERvqVmoq5S
V9B4xBZzH+5HUfdyCTuAPHdrPrJyDVapQFBvgfkJ9Is9dg9td81aKNw4lVNq1td7
mx2K0vgVuQPadvLHCtb9Gu+9iQBdhXJMX6F+VSsPKBNP+NdIu0UTXOhDZtIhMO7R
u+Iw3KYWNuRjAQkE37G0QX+Rd0vkCJFCdSsE64L3mevkNV2Qs/aVsqeuV9RGFAwN
fcpiVLTgAtCT23EGA8x64h9WOnh4V9bMLYDev/5FuJlroXrk8OEwmSpeOapoeuTR
D2dZzjIqrhUpmX+Aq7AqbrJlTiali9TzmNGWPcgT8+gsRvD3VmYaaE/K3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDRFpeIJveQzROyVdtGVWUdfSACDMB8GA1UdIwQY
MBaAFHh6rHHxfvAzy2U2eVM4/ce8DyJjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEt
ZDEyODY3YjQ2NzMzLzEvTkVXbDRnbTk1RE5FN0pWMjBaVlpSMTlJQUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEtZDEyODY3YjQ2NzMz
LzEvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDV+xQAwQC
uY20MA0GCSqGSIb3DQEBCwUAA4IBAQCQAOgmjfqrlPbncAYTtN+Xb8B6Ll6PNI1m
O356DoWAAVl4JrB8zuhddA6ERPKwPSMtPRbfuZuJ6YIIY1FYllQjCj/fgY4SmUEq
Hr6JMTN4Y0G5jW6EYTE6MSwdDY69d4pII/xIXKIfPDweUMfDGF9e78/EVeppeBsB
MTGLFl0+dnLkPj6CvLSjxfWcmh7HLj9jv/XkUqn+8pTWogfYLr71OMzdFFSLW95M
yio1HxHYNwVqj8sfXh6JvJ9FJm8mJNgRlDbglJuInC8TEp49BATG5d6q2zgpqFEY
/20/PiXRZVN0Nsfv0FSZIZ/zXWENXXp3Kgm2QTA9KfU7FdvbWoxu
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:42:22 2025 by rpki-client