Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/Q4ruQoEH7MX_CnKLJALmSWRNCmY.roa
File: Q4ruQoEH7MX_CnKLJALmSWRNCmY.roa (raw, json)
Hash identifier: bVO8SkEy+dwj7xioxeOcS2lZIXw1Btph0tjdQZYiVbw=
Subject key identifier: 43:8A:EE:42:81:07:EC:C5:FF:0A:72:8B:24:02:E6:49:64:4D:0A:66
Certificate issuer: /CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
Certificate serial: 0185729EF144A8F1FDACFC0415A9496C73D0
Authority key identifier: 4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/Q4ruQoEH7MX_CnKLJALmSWRNCmY.roa
Signing time: Mon 02 Jan 2023 13:14:57 +0000
ROA not before: Mon 02 Jan 2023 13:14:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 18106
IP address blocks: 195.133.128.0/20 maxlen: 20
185.5.132.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:f1:44:a8:f1:fd:ac:fc:04:15:a9:49:6c:73:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
Validity
Not Before: Jan 2 13:14:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=438aee428107ecc5ff0a728b2402e649644d0a66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:1a:5f:6f:93:46:ae:a3:c0:41:98:32:be:47:
d7:11:fa:78:d0:07:7c:f9:21:54:c6:66:9a:41:2e:
c9:6e:b7:22:15:61:9d:90:ca:89:83:f0:1b:ee:3d:
ff:cc:48:6c:ee:5e:9e:cd:69:9d:04:89:e1:73:9d:
ce:c8:fb:8e:8a:d1:53:85:7f:8c:75:80:15:95:f3:
2b:32:42:f6:2f:f2:30:38:70:d7:bf:18:00:bd:2b:
63:46:1a:1e:d8:6d:12:c9:b2:7f:97:98:79:d8:3f:
2c:a3:0a:49:55:54:59:c7:43:6f:4c:dc:cc:d3:eb:
44:26:da:4e:84:2d:50:ae:df:71:84:1f:95:2d:0f:
4e:29:bc:b4:a5:07:4e:b0:d4:6b:77:4d:c3:f0:de:
1a:d9:53:71:bb:fb:82:94:26:52:68:9b:a7:51:d7:
26:01:60:5a:e4:cd:a8:e9:40:a7:09:3e:37:88:8b:
58:6f:00:60:e0:5d:ee:11:84:13:8f:bd:c7:1f:92:
15:66:3b:38:91:35:a8:44:fb:3b:4e:fe:f9:c4:b1:
d9:22:39:cb:53:cb:b8:ea:44:d9:86:3c:54:2d:0a:
c7:a7:cb:04:4b:73:38:3c:05:89:cc:99:6a:5a:d4:
ba:b1:49:89:08:46:c1:92:a3:23:46:60:9e:6e:81:
40:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:8A:EE:42:81:07:EC:C5:FF:0A:72:8B:24:02:E6:49:64:4D:0A:66
X509v3 Authority Key Identifier:
keyid:4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/Q4ruQoEH7MX_CnKLJALmSWRNCmY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/TjwBugxcvyCuPpPKPTeeYt9clZo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.5.132.0/23
195.133.128.0/20
Signature Algorithm: sha256WithRSAEncryption
7c:48:20:8d:25:a3:f2:4d:3a:7e:bd:6f:57:31:76:41:65:d6:
3d:c3:71:68:79:44:70:b5:5f:95:27:a7:95:99:f4:02:9a:09:
9d:ad:cb:98:dd:8b:30:3e:cd:df:1f:72:02:58:28:80:d7:1c:
3e:5e:53:25:4b:93:44:a1:83:2a:5f:6b:15:4c:7c:dc:7b:d7:
ea:17:0a:d0:69:e2:6f:25:a5:1e:37:d8:86:9d:80:7d:5e:7a:
e9:60:60:08:85:6f:9c:0b:3d:3b:a0:7d:2f:0a:0c:ae:0d:28:
c8:b6:4c:8d:07:53:5e:89:16:6f:98:29:82:8f:67:db:f4:97:
6c:c6:d2:d6:6a:db:8b:98:2d:2f:d9:8c:1e:04:da:f6:da:7e:
8b:60:9c:d0:86:da:83:5c:49:c6:9c:d6:1c:57:2a:dd:c1:f5:
67:4d:79:bd:21:51:e0:77:a2:9c:7a:b7:54:fe:30:6b:c9:1a:
32:ef:e2:12:42:8b:f7:08:0e:30:39:11:6a:00:20:d5:b5:87:
eb:d3:1c:fb:76:c0:06:55:ea:b7:a1:44:1c:f6:b8:ea:22:77:
2b:16:41:5d:34:a6:b8:50:02:de:df:b3:89:19:ad:91:80:0d:
7a:3c:82:c7:84:4d:2d:fe:22:3a:f7:e6:52:b3:79:12:58:f1:
19:3b:2c:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVynvFEqPH9rPwEFalJbHPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2MwMWJhMGM1Y2JmMjBhZTNlOTNjYTNkMzc5ZTYyZGY1
Yzk1OWEwHhcNMjMwMTAyMTMxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhhZWU0MjgxMDdlY2M1ZmYwYTcyOGIyNDAyZTY0OTY0NGQwYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRpfb5NGrqPAQZgyvkfXEfp40Ad8
+SFUxmaaQS7JbrciFWGdkMqJg/Ab7j3/zEhs7l6ezWmdBInhc53OyPuOitFThX+M
dYAVlfMrMkL2L/IwOHDXvxgAvStjRhoe2G0SybJ/l5h52D8sowpJVVRZx0NvTNzM
0+tEJtpOhC1Qrt9xhB+VLQ9OKby0pQdOsNRrd03D8N4a2VNxu/uClCZSaJunUdcm
AWBa5M2o6UCnCT43iItYbwBg4F3uEYQTj73HH5IVZjs4kTWoRPs7Tv75xLHZIjnL
U8u46kTZhjxULQrHp8sES3M4PAWJzJlqWtS6sUmJCEbBkqMjRmCeboFAJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEOK7kKBB+zF/wpyiyQC5klkTQpmMB8GA1UdIwQY
MBaAFE48AboMXL8grj6Tyj03nmLfXJWaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGp3QnVneGN2eUN1UHBQS1BUZWVZdDljbFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iOGU3NzMtNGU3MS00ZDA5LWI3NGEt
YjI3ZjU1MjY3MmUwLzEvUTRydVFvRUg3TVhfQ25LTEpBTG1TV1JOQ21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iOGU3NzMtNGU3MS00ZDA5LWI3NGEtYjI3ZjU1MjY3MmUw
LzEvVGp3QnVneGN2eUN1UHBQS1BUZWVZdDljbFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuQWEAwQE
w4WAMA0GCSqGSIb3DQEBCwUAA4IBAQB8SCCNJaPyTTp+vW9XMXZBZdY9w3FoeURw
tV+VJ6eVmfQCmgmdrcuY3YswPs3fH3ICWCiA1xw+XlMlS5NEoYMqX2sVTHzce9fq
FwrQaeJvJaUeN9iGnYB9XnrpYGAIhW+cCz07oH0vCgyuDSjItkyNB1NeiRZvmCmC
j2fb9JdsxtLWatuLmC0v2YweBNr22n6LYJzQhtqDXEnGnNYcVyrdwfVnTXm9IVHg
d6KcerdU/jBryRoy7+ISQov3CA4wORFqACDVtYfr0xz7dsAGVeq3oUQc9rjqIncr
FkFdNKa4UALe37OJGa2RgA16PILHhE0t/iI69+ZSs3kSWPEZOyxi
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:45:29 2025 by rpki-client