Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/pxoBcjPzg-1lTWkMF3jTzM_wCLU.roa
File: pxoBcjPzg-1lTWkMF3jTzM_wCLU.roa (raw, json)
Hash identifier: qMLr3s7JhnfGIDCg9gboiTHbDf/d03cMnf4WzrdXNN0=
Subject key identifier: A7:1A:01:72:33:F3:83:ED:65:4D:69:0C:17:78:D3:CC:CF:F0:08:B5
Certificate issuer: /CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Certificate serial: 019421437F64813065CCE3E7A5679D19E160
Authority key identifier: B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/pxoBcjPzg-1lTWkMF3jTzM_wCLU.roa
Signing time: Wed 01 Jan 2025 09:47:39 +0000
ROA not before: Wed 01 Jan 2025 09:47:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200602
IP address blocks: 5.63.188.0/23 maxlen: 32
185.54.103.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:7f:64:81:30:65:cc:e3:e7:a5:67:9d:19:e1:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Validity
Not Before: Jan 1 09:47:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a71a017233f383ed654d690c1778d3cccff008b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:69:46:ef:e8:6f:f6:77:71:2a:54:bd:2e:6f:
a2:09:96:8a:87:a3:b8:4f:2e:c4:87:20:de:7b:40:
46:f9:cb:41:37:66:64:e8:24:59:9e:85:ba:bb:2c:
7c:3e:01:78:62:6e:5e:df:1b:46:93:60:f8:fb:80:
b2:24:fc:85:3d:f4:63:1c:ca:0c:64:a3:42:f0:92:
f1:99:75:ef:3a:7d:24:a9:cc:62:17:95:f4:c6:99:
f0:92:a6:60:89:23:b6:3d:6f:83:0d:ff:f2:30:61:
de:1e:05:fc:6d:00:f3:10:43:6e:9d:4e:c7:b9:25:
ce:06:2b:8d:3c:ae:fe:d8:dc:1c:72:e6:14:7c:55:
dd:82:af:f6:9e:79:ff:a4:07:12:99:fa:f8:74:50:
13:c1:e6:25:e7:a0:96:d3:86:c0:7d:5a:4b:d0:4e:
80:c6:99:f9:e5:38:d7:9f:fc:34:79:fc:a4:ff:05:
8a:2c:a5:fe:76:17:00:1e:42:b6:d9:ee:cb:2b:8c:
96:3f:a6:66:ac:93:3a:ed:2c:28:e7:46:f9:b0:ff:
44:6f:f9:25:63:eb:23:6d:6d:e4:2d:50:91:d5:c2:
b9:f0:9c:d3:7b:b4:e5:06:92:f6:21:96:7f:0d:e4:
91:77:d5:83:0b:19:d6:d8:fe:ad:37:76:20:c6:dc:
aa:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:1A:01:72:33:F3:83:ED:65:4D:69:0C:17:78:D3:CC:CF:F0:08:B5
X509v3 Authority Key Identifier:
keyid:B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/pxoBcjPzg-1lTWkMF3jTzM_wCLU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.188.0/23
185.54.103.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:44:cc:2e:f8:59:57:eb:ad:d0:6a:73:93:2b:fd:31:50:a0:
07:05:ad:ae:7e:5d:0d:06:53:e6:6b:8c:db:9d:6a:84:4e:00:
ba:6d:52:38:26:97:c8:d9:e7:f6:9d:97:53:26:69:e8:63:d3:
5d:4c:d3:3c:d8:4c:cf:86:e4:1e:ca:72:4a:97:4b:91:7c:2c:
57:e4:88:c5:ed:51:ca:8b:b6:94:91:7a:ac:c6:13:fb:ac:e9:
07:2f:c0:4b:69:57:87:fb:48:ec:10:87:e2:c2:b9:6e:2e:4f:
cf:f0:32:87:0e:a8:f4:fb:29:29:60:55:dd:b6:17:1b:cb:b3:
ba:c3:b5:66:99:29:38:89:ca:7d:c8:e0:d1:f5:d8:ff:f1:5d:
b6:76:ab:74:14:9d:d6:6b:57:1e:5d:29:ab:99:d2:c0:de:f8:
1d:14:89:24:d2:87:e9:a8:63:d9:99:31:38:fe:1f:81:4a:fe:
83:64:7d:a4:e5:16:2b:20:76:e5:5a:54:13:90:9f:6c:0e:36:
19:8c:ed:0e:f1:f5:b2:84:41:aa:80:26:53:9d:5d:59:74:71:
dd:40:d9:7f:57:40:d3:1e:fe:b6:81:97:ef:ab:ae:30:5d:a1:
09:2e:fa:36:cc:dd:c5:1c:c7:2e:bb:3b:b5:67:50:e9:d1:6b:
65:c3:06:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ39kgTBlzOPnpWedGeFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Zjc0YTQ3YTZkMWEwYmY0YzIxNmU1ZmFiNGQ5MWZiMTI5
ZGYzZDYwHhcNMjUwMTAxMDk0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFhMDE3MjMzZjM4M2VkNjU0ZDY5MGMxNzc4ZDNjY2NmZjAwOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmlG7+hv9ndxKlS9Lm+iCZaKh6O4
Ty7EhyDee0BG+ctBN2Zk6CRZnoW6uyx8PgF4Ym5e3xtGk2D4+4CyJPyFPfRjHMoM
ZKNC8JLxmXXvOn0kqcxiF5X0xpnwkqZgiSO2PW+DDf/yMGHeHgX8bQDzEENunU7H
uSXOBiuNPK7+2NwccuYUfFXdgq/2nnn/pAcSmfr4dFATweYl56CW04bAfVpL0E6A
xpn55TjXn/w0efyk/wWKLKX+dhcAHkK22e7LK4yWP6ZmrJM67Swo50b5sP9Eb/kl
Y+sjbW3kLVCR1cK58JzTe7TlBpL2IZZ/DeSRd9WDCxnW2P6tN3YgxtyqIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKcaAXIz84PtZU1pDBd408zP8Ai1MB8GA1UdIwQY
MBaAFLn3Skem0aC/TCFuX6tNkfsSnfPWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2Qt
MzBmNjA4YWRlNDhkLzEvcHhvQmNqUHpnLTFsVFdrTUYzalR6TV93Q0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2QtMzBmNjA4YWRlNDhk
LzEvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBT+8AwQA
uTZnMA0GCSqGSIb3DQEBCwUAA4IBAQBfRMwu+FlX663QanOTK/0xUKAHBa2ufl0N
BlPma4zbnWqETgC6bVI4JpfI2ef2nZdTJmnoY9NdTNM82EzPhuQeynJKl0uRfCxX
5IjF7VHKi7aUkXqsxhP7rOkHL8BLaVeH+0jsEIfiwrluLk/P8DKHDqj0+ykpYFXd
thcby7O6w7VmmSk4icp9yODR9dj/8V22dqt0FJ3Wa1ceXSmrmdLA3vgdFIkk0ofp
qGPZmTE4/h+BSv6DZH2k5RYrIHblWlQTkJ9sDjYZjO0O8fWyhEGqgCZTnV1ZdHHd
QNl/V0DTHv62gZfvq64wXaEJLvo2zN3FHMcuuzu1Z1Dp0WtlwwYG
-----END CERTIFICATE-----
Generated at Tue Apr 22 05:08:30 2025 by rpki-client