Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/DQ5nv8TTCxZPSnekcYR0OqnjKeQ.roa
File: DQ5nv8TTCxZPSnekcYR0OqnjKeQ.roa (raw, json)
Hash identifier: uqJiaAavYOEKdv3BvFAXa46C/M3MU3oMhWgK1jsBVUI=
Subject key identifier: 0D:0E:67:BF:C4:D3:0B:16:4F:4A:77:A4:71:84:74:3A:A9:E3:29:E4
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018CC72625AF9B67CFBE8398EFE06EADAC7C
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/DQ5nv8TTCxZPSnekcYR0OqnjKeQ.roa
Signing time: Mon 01 Jan 2024 22:30:15 +0000
ROA not before: Mon 01 Jan 2024 22:30:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 193.42.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:25:af:9b:67:cf:be:83:98:ef:e0:6e:ad:ac:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Jan 1 22:30:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0d0e67bfc4d30b164f4a77a47184743aa9e329e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e7:c6:ad:93:80:80:4a:7c:d8:0e:1e:52:33:
0a:4a:c1:35:f6:af:31:d1:e4:e2:37:4d:5c:14:a9:
db:3a:3b:5a:2e:fc:88:c4:1d:1b:a1:56:b5:f1:57:
b8:54:64:be:c8:f3:1b:9b:da:3c:3f:af:f4:2d:39:
7f:c1:58:9a:78:5b:7a:4f:59:50:09:31:3e:11:3a:
d2:94:7f:57:40:0e:de:2b:84:06:2e:98:d1:5d:4c:
8b:70:24:f4:97:dc:7b:08:63:cd:d4:77:80:3f:9c:
61:f3:40:f5:5f:65:8c:af:49:7a:d2:75:11:61:d1:
68:da:e5:75:4c:5a:ba:4b:b1:93:99:68:3f:71:56:
2e:c1:08:b8:6e:fa:ba:91:30:80:47:ef:54:4e:8c:
48:c3:66:12:0a:19:c0:67:22:b9:34:73:84:00:a6:
aa:2b:dc:67:4f:01:61:e1:9d:fb:0b:86:d9:3d:8f:
54:b3:b5:8d:81:07:80:e5:3d:9a:ba:78:4e:f2:a8:
ba:52:f9:83:cb:5f:cc:52:e7:bd:69:a9:ee:c7:14:
c1:c4:ad:1c:2d:d6:d9:54:43:24:27:76:be:b1:12:
95:ab:42:fb:35:1e:69:67:e6:55:b5:4a:36:6e:e1:
36:cf:7f:07:97:b9:18:d4:14:ec:41:ed:38:86:4d:
78:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:0E:67:BF:C4:D3:0B:16:4F:4A:77:A4:71:84:74:3A:A9:E3:29:E4
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/DQ5nv8TTCxZPSnekcYR0OqnjKeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.42.119.0/24
Signature Algorithm: sha256WithRSAEncryption
87:cb:ff:15:b9:5c:a3:d6:85:85:8e:bb:c6:8b:df:3a:c3:dc:
0e:e8:9f:ab:7c:24:36:2c:3e:2b:97:b3:43:1e:dc:1e:51:ff:
59:98:28:c9:9f:1c:7b:b0:b8:97:0e:ac:43:b4:42:fe:09:f4:
2a:4d:ad:10:88:2d:fa:0f:6a:c5:7b:91:21:e3:90:8e:b5:67:
cf:09:9c:21:c0:00:ed:cb:3a:70:1d:50:25:6d:47:8b:c6:ec:
0e:35:4c:9a:57:af:96:fd:76:25:54:22:aa:ed:37:eb:ab:26:
66:c9:a3:fc:a1:51:b6:bb:13:aa:58:b9:6d:84:fb:1c:d8:da:
a7:52:7d:64:ff:ba:c4:2c:c3:47:1b:6b:2d:93:8a:b8:c7:cf:
87:6a:43:e8:a2:61:90:d8:26:19:4b:f7:38:84:37:4b:96:b1:
1e:56:b4:f9:a5:4f:14:79:5e:05:39:d9:c9:92:8c:ae:22:00:
c6:11:a4:29:af:5b:02:8b:f5:bc:b3:80:8c:ce:29:c9:29:fa:
42:24:20:43:95:03:48:60:76:d4:8b:00:55:61:4a:fb:d3:34:
22:85:f7:f7:b7:5c:32:9d:f4:43:50:12:c6:72:5e:70:4d:8e:
a6:7c:13:88:08:67:0f:bd:14:89:e8:ca:47:ed:6a:29:cb:ec:
62:62:b9:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJiWvm2fPvoOY7+Burax8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTAxMjIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDBlNjdiZmM0ZDMwYjE2NGY0YTc3YTQ3MTg0NzQzYWE5ZTMyOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOfGrZOAgEp82A4eUjMKSsE19q8x
0eTiN01cFKnbOjtaLvyIxB0boVa18Ve4VGS+yPMbm9o8P6/0LTl/wViaeFt6T1lQ
CTE+ETrSlH9XQA7eK4QGLpjRXUyLcCT0l9x7CGPN1HeAP5xh80D1X2WMr0l60nUR
YdFo2uV1TFq6S7GTmWg/cVYuwQi4bvq6kTCAR+9UToxIw2YSChnAZyK5NHOEAKaq
K9xnTwFh4Z37C4bZPY9Us7WNgQeA5T2aunhO8qi6UvmDy1/MUue9aanuxxTBxK0c
LdbZVEMkJ3a+sRKVq0L7NR5pZ+ZVtUo2buE2z38Hl7kY1BTsQe04hk14CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0OZ7/E0wsWT0p3pHGEdDqp4ynkMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvRFE1bnY4VFRDeFpQU25la2NZUjBPcW5qS2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSp3MA0G
CSqGSIb3DQEBCwUAA4IBAQCHy/8VuVyj1oWFjrvGi986w9wO6J+rfCQ2LD4rl7ND
HtweUf9ZmCjJnxx7sLiXDqxDtEL+CfQqTa0QiC36D2rFe5Eh45COtWfPCZwhwADt
yzpwHVAlbUeLxuwONUyaV6+W/XYlVCKq7TfrqyZmyaP8oVG2uxOqWLlthPsc2Nqn
Un1k/7rELMNHG2stk4q4x8+HakPoomGQ2CYZS/c4hDdLlrEeVrT5pU8UeV4FOdnJ
koyuIgDGEaQpr1sCi/W8s4CMzinJKfpCJCBDlQNIYHbUiwBVYUr70zQihff3t1wy
nfRDUBLGcl5wTY6mfBOICGcPvRSJ6MpH7Wopy+xiYrnt
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:18:25 2025 by rpki-client