Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/4nJG-QZw_2nceaEbxm5FPRnCr4g.roa
File: 4nJG-QZw_2nceaEbxm5FPRnCr4g.roa (raw, json)
Hash identifier: BYJwr6SlAcA5ywchjst/oXkwvFo948P14hxGkJeVeFA=
Subject key identifier: E2:72:46:F9:06:70:FF:69:DC:79:A1:1B:C6:6E:45:3D:19:C2:AF:88
Certificate issuer: /CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
Certificate serial: 095CEC7A
Authority key identifier: 4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/4nJG-QZw_2nceaEbxm5FPRnCr4g.roa
Signing time: Sat 01 Jan 2022 04:58:14 +0000
ROA not before: Sat 01 Jan 2022 04:58:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 18106
IP address blocks: 195.133.128.0/20 maxlen: 20
185.5.132.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 157084794 (0x95cec7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
Validity
Not Before: Jan 1 04:58:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e27246f90670ff69dc79a11bc66e453d19c2af88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:9c:7c:99:6a:a6:fc:d6:d9:0d:de:3c:6c:0a:
96:11:90:9f:7e:21:fa:25:3e:5d:95:46:6a:f4:ce:
88:4b:ca:60:26:32:8e:3c:e3:48:b6:f1:aa:f9:32:
a2:a7:e4:8d:7f:38:b0:43:66:12:a1:9a:e6:26:95:
7c:76:78:f0:4a:44:56:d1:8b:31:19:a1:53:71:b7:
2e:19:99:39:a1:a5:b0:52:b7:aa:bd:2f:da:f1:ac:
f5:a9:b8:10:12:32:55:8a:f9:e3:f6:d2:58:35:be:
ff:f9:45:11:09:02:c8:6a:96:bc:6e:89:ee:54:d6:
55:7b:f3:3d:61:af:25:96:51:40:6d:d3:90:db:a3:
5d:9f:b2:a0:86:32:de:5b:e6:8c:0e:56:18:5a:53:
1c:2b:4d:55:28:b7:d8:4c:57:ca:90:05:d7:31:24:
6f:75:6c:9e:73:09:28:c5:be:8e:af:cf:f7:e3:82:
74:60:21:79:85:4f:b4:ed:bb:78:10:c1:9c:ab:52:
16:2b:68:6b:b4:fc:0e:4f:b9:eb:fe:55:19:db:3f:
ff:de:76:10:cd:a3:d1:17:b6:a6:7a:c0:20:32:eb:
9c:0e:50:91:e1:9d:43:e8:d0:7b:26:17:ec:b8:a8:
52:4b:06:d9:18:a3:45:84:a7:ec:4f:be:f7:da:2c:
ab:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:72:46:F9:06:70:FF:69:DC:79:A1:1B:C6:6E:45:3D:19:C2:AF:88
X509v3 Authority Key Identifier:
keyid:4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/4nJG-QZw_2nceaEbxm5FPRnCr4g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/TjwBugxcvyCuPpPKPTeeYt9clZo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.5.132.0/23
195.133.128.0/20
Signature Algorithm: sha256WithRSAEncryption
8e:d0:a2:bf:20:ed:b7:18:8d:79:aa:b0:d7:d3:b2:46:a5:ff:
ec:7d:87:8d:d3:c4:a1:9a:bb:cd:f2:40:df:d4:f2:40:86:b1:
15:b2:fe:c8:31:11:f8:3d:ec:48:00:f2:1c:0a:a6:85:d4:8c:
93:b1:f6:f4:6f:95:bd:06:e7:2b:31:34:bf:9c:c2:41:1a:01:
e7:e1:34:f7:f5:81:9b:11:d9:18:d1:34:2f:bb:d6:01:86:35:
2b:27:f3:51:4d:07:d8:64:80:87:dd:43:51:3f:e9:22:25:00:
92:21:f5:d5:b1:70:7f:e2:2d:19:db:0d:28:23:b7:19:c0:61:
2e:89:27:dc:94:b2:22:53:0f:83:70:b8:96:eb:8b:8c:e2:29:
8e:24:b1:34:d2:78:c8:cf:a5:01:72:0e:bb:76:88:aa:78:90:
83:19:d8:bf:76:fb:1e:53:17:f8:58:1a:13:9b:71:62:75:97:
65:e6:e6:e9:6f:76:b8:28:30:3e:d3:d0:aa:29:1b:e6:af:02:
fc:d7:01:83:5f:71:e6:af:d7:96:a7:f3:c0:3a:aa:2b:8f:8b:
fe:37:ce:59:01:e1:a5:56:f5:6c:ac:e2:a5:77:ac:c9:4f:e6:
7b:73:01:4e:f8:37:cb:4b:7e:0f:80:3b:18:e8:1a:30:06:28:
0e:68:15:e5
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECVzsejANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZTNjMDFiYTBjNWNiZjIwYWUzZTkzY2EzZDM3OWU2MmRmNWM5NTlhMB4XDTIyMDEw
MTA0NTgxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI3MjQ2ZjkwNjcw
ZmY2OWRjNzlhMTFiYzY2ZTQ1M2QxOWMyYWY4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKcfJlqpvzW2Q3ePGwKlhGQn34h+iU+XZVGavTOiEvKYCYy
jjzjSLbxqvkyoqfkjX84sENmEqGa5iaVfHZ48EpEVtGLMRmhU3G3LhmZOaGlsFK3
qr0v2vGs9am4EBIyVYr54/bSWDW+//lFEQkCyGqWvG6J7lTWVXvzPWGvJZZRQG3T
kNujXZ+yoIYy3lvmjA5WGFpTHCtNVSi32ExXypAF1zEkb3VsnnMJKMW+jq/P9+OC
dGAheYVPtO27eBDBnKtSFitoa7T8Dk+56/5VGds//952EM2j0Re2pnrAIDLrnA5Q
keGdQ+jQeyYX7LioUksG2RijRYSn7E++99osq68CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTickb5BnD/adx5oRvGbkU9GcKviDAfBgNVHSMEGDAWgBROPAG6DFy/IK4+
k8o9N55i31yVmjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1Rqd0J1Z3hjdnlDdVBwUEtQVGVlWXQ5Y2xaby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvYjhlNzczLTRlNzEtNGQwOS1iNzRhLWIyN2Y1NTI2NzJlMC8x
LzRuSkctUVp3XzJuY2VhRWJ4bTVGUFJuQ3I0Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
YjhlNzczLTRlNzEtNGQwOS1iNzRhLWIyN2Y1NTI2NzJlMC8xL1Rqd0J1Z3hjdnlD
dVBwUEtQVGVlWXQ5Y2xaby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAbkFhAMEBMOFgDANBgkqhkiG9w0B
AQsFAAOCAQEAjtCivyDttxiNeaqw19OyRqX/7H2HjdPEoZq7zfJA39TyQIaxFbL+
yDER+D3sSADyHAqmhdSMk7H29G+VvQbnKzE0v5zCQRoB5+E09/WBmxHZGNE0L7vW
AYY1KyfzUU0H2GSAh91DUT/pIiUAkiH11bFwf+ItGdsNKCO3GcBhLokn3JSyIlMP
g3C4luuLjOIpjiSxNNJ4yM+lAXIOu3aIqniQgxnYv3b7HlMX+FgaE5txYnWXZebm
6W92uCgwPtPQqikb5q8C/NcBg19x5q/XlqfzwDqqK4+L/jfOWQHhpVb1bKzipXes
yU/me3MBTvg3y0t+D4A7GOgaMAYoDmgV5Q==
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:15:14 2025 by rpki-client