Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/djF3h0gJghnHK5OBekY92sNr_kE.roa
File: djF3h0gJghnHK5OBekY92sNr_kE.roa (raw, json)
Hash identifier: dxKuJ0sxnNJxf8JQzElFpq2M2zDs7lWk4cHw5EINe3g=
Subject key identifier: 76:31:77:87:48:09:82:19:C7:2B:93:81:7A:46:3D:DA:C3:6B:FE:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195DC010A343386C4C16CECB780CCFDE3EB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/djF3h0gJghnHK5OBekY92sNr_kE.roa
Signing time: Fri 28 Mar 2025 09:06:50 +0000
ROA not before: Fri 28 Mar 2025 09:06:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213511
IP address blocks: 87.120.126.0/23 maxlen: 24
87.121.18.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.156.92.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:dc:01:0a:34:33:86:c4:c1:6c:ec:b7:80:cc:fd:e3:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 28 09:06:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7631778748098219c72b93817a463ddac36bfe41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:eb:57:94:5f:00:88:e3:86:8e:d2:4c:28:7a:
72:d2:c9:d5:3d:e1:4a:20:27:c7:8f:0f:de:c9:5d:
86:e0:3a:73:e9:3d:2b:2b:34:ca:9b:91:b2:5d:67:
43:08:7b:dd:ea:d4:63:ce:89:ae:7b:41:62:e9:0d:
73:fd:b9:61:52:7e:d4:08:83:82:38:3e:f3:89:a7:
5a:dc:73:9d:8b:07:ef:e1:5f:e8:6a:64:eb:cd:05:
42:46:b7:7b:4c:3f:cd:84:fe:fd:e4:53:13:e7:9b:
3b:0f:9a:83:07:c8:d5:16:b0:b9:ce:ee:34:ef:f0:
56:45:14:f3:e8:7a:20:e7:55:52:20:3d:99:74:c9:
4e:8f:94:a2:58:10:44:35:6e:c5:b6:a4:0a:36:3a:
5b:06:f2:25:a8:7f:4b:8a:43:5c:d3:a0:76:99:e0:
86:37:34:be:4f:68:64:c2:75:8c:1c:6f:6e:ac:ff:
e1:f4:ca:bc:ed:73:27:16:de:08:31:bb:a1:ed:4f:
ff:68:4d:77:e3:b5:0d:c9:f2:ae:82:1f:f9:3c:a1:
cb:8f:e6:9c:11:1e:56:f8:3a:6e:36:b4:6b:fe:59:
e7:2d:c6:4f:f4:e1:cf:eb:e8:1a:43:75:bb:41:93:
c1:b1:9c:a9:ef:79:f7:31:37:80:47:f5:f6:69:86:
7a:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:31:77:87:48:09:82:19:C7:2B:93:81:7A:46:3D:DA:C3:6B:FE:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/djF3h0gJghnHK5OBekY92sNr_kE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.126.0/23
87.121.18.0/24
92.119.196.0/23
94.156.92.0/24
94.156.167.0/24
Signature Algorithm: sha256WithRSAEncryption
74:8e:9b:bc:7d:cf:16:4b:b3:f6:54:66:e4:fc:37:e4:8f:e8:
a5:3e:d6:43:bd:bf:b5:8a:99:7d:37:0f:27:2a:a0:1d:48:4c:
bb:07:81:13:23:47:bf:48:cc:2f:ea:d1:5f:ef:f5:21:96:bb:
11:04:60:c9:98:4c:8b:e7:b8:dc:70:16:fb:4f:04:f2:34:38:
2a:41:97:5c:52:74:e5:be:06:19:f7:e6:c6:77:0c:69:b0:e7:
8b:f0:6a:70:c1:a1:12:c5:8e:d5:9c:fe:82:bb:52:a8:dd:16:
d7:ff:d0:cb:e2:3c:09:41:68:aa:f4:19:b1:fd:00:a2:bb:db:
aa:ac:84:81:5e:95:7b:15:d1:09:49:35:44:54:31:25:98:a5:
74:a7:4b:73:25:b5:7f:b5:3c:cb:7b:93:21:d1:9c:95:03:d1:
54:1a:3e:3c:f6:42:a8:6d:0d:84:25:35:52:08:d7:73:17:63:
9f:37:a4:81:24:bc:0f:0f:f6:da:9b:7b:f7:12:13:88:1a:34:
bb:13:60:be:ce:9d:55:1a:78:6f:d2:af:a9:d5:91:f5:59:bd:
86:10:cb:ce:38:ba:b0:87:5b:ef:84:9d:70:6a:38:eb:74:16:
a6:69:20:fe:00:78:64:66:b5:c0:ce:82:03:41:8e:81:d3:62:
dc:c6:7d:5b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZXcAQo0M4bEwWzst4DM/ePrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI4MDkwNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjMxNzc4NzQ4MDk4MjE5YzcyYjkzODE3YTQ2M2RkYWMzNmJmZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2utXlF8AiOOGjtJMKHpy0snVPeFK
ICfHjw/eyV2G4Dpz6T0rKzTKm5GyXWdDCHvd6tRjzomue0Fi6Q1z/blhUn7UCIOC
OD7ziada3HOdiwfv4V/oamTrzQVCRrd7TD/NhP795FMT55s7D5qDB8jVFrC5zu40
7/BWRRTz6Hog51VSID2ZdMlOj5SiWBBENW7FtqQKNjpbBvIlqH9LikNc06B2meCG
NzS+T2hkwnWMHG9urP/h9Mq87XMnFt4IMbuh7U//aE1347UNyfKugh/5PKHLj+ac
ER5W+DpuNrRr/lnnLcZP9OHP6+gaQ3W7QZPBsZyp73n3MTeAR/X2aYZ6SQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHYxd4dICYIZxyuTgXpGPdrDa/5BMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZGpGM2gwZ0pnaG5ISzVPQmVrWTkyc05yX2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBV3h+AwQA
V3kSAwQBXHfEAwQAXpxcAwQAXpynMA0GCSqGSIb3DQEBCwUAA4IBAQB0jpu8fc8W
S7P2VGbk/Dfkj+ilPtZDvb+1ipl9Nw8nKqAdSEy7B4ETI0e/SMwv6tFf7/UhlrsR
BGDJmEyL57jccBb7TwTyNDgqQZdcUnTlvgYZ9+bGdwxpsOeL8GpwwaESxY7VnP6C
u1Ko3RbX/9DL4jwJQWiq9Bmx/QCiu9uqrISBXpV7FdEJSTVEVDElmKV0p0tzJbV/
tTzLe5Mh0ZyVA9FUGj489kKobQ2EJTVSCNdzF2OfN6SBJLwPD/bam3v3EhOIGjS7
E2C+zp1VGnhv0q+p1ZH1Wb2GEMvOOLqwh1vvhJ1wajjrdBamaSD+AHhkZrXAzoID
QY6B02Lcxn1b
-----END CERTIFICATE-----
Generated at Wed Apr 16 20:15:45 2025 by rpki-client