Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Kp8Oypy03e60oxo3wY5Zv--446Q.roa
File: Kp8Oypy03e60oxo3wY5Zv--446Q.roa (raw, json)
Hash identifier: aH1jUOijRd00f1cp4CIIYlSsXVIn3x9vlWCnYtbLMrg=
Subject key identifier: 2A:9F:0E:CA:9C:B4:DD:EE:B4:A3:1A:37:C1:8E:59:BF:EF:B8:E3:A4
Certificate issuer: /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial: 018CC9BA7075DA979B29F69A0F4F796DBCB3
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Kp8Oypy03e60oxo3wY5Zv--446Q.roa
Signing time: Tue 02 Jan 2024 10:31:28 +0000
ROA not before: Tue 02 Jan 2024 10:31:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2856
IP address blocks: 87.251.14.0/23 maxlen: 23
87.251.12.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:ba:70:75:da:97:9b:29:f6:9a:0f:4f:79:6d:bc:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Validity
Not Before: Jan 2 10:31:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2a9f0eca9cb4ddeeb4a31a37c18e59bfefb8e3a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:ce:d9:3a:ce:8f:29:01:61:e8:56:d7:fd:3a:
b1:d1:a9:94:80:f6:f1:68:62:c5:75:8d:8a:d0:f8:
64:56:53:7a:e9:7a:b5:39:1b:06:bd:2d:6c:ea:3d:
c7:4a:2f:c2:3b:99:a8:7f:82:77:d1:c5:61:f8:6e:
e0:cb:c9:c7:ea:b9:77:89:e1:ee:c6:8d:cf:3c:80:
73:1d:2e:76:35:03:9c:38:7a:62:73:02:32:e3:2b:
fd:6c:29:84:c0:2f:dc:e8:8a:40:b5:d9:fb:8d:69:
d8:ee:30:44:ff:a0:d6:c8:2a:3d:ee:9c:c9:c3:fb:
cc:c1:bb:f4:b0:9c:cf:db:20:80:0c:1c:75:51:44:
b2:61:9f:58:82:3a:88:83:08:1e:19:a3:0b:3d:e3:
39:51:3d:e3:6f:51:0d:88:87:57:0d:58:d9:fc:d9:
60:31:8f:99:a5:47:eb:20:3e:3e:e9:bc:0e:b8:4e:
91:fa:68:77:ef:07:74:bc:b4:c8:03:b8:19:07:6a:
64:ef:ae:e9:ac:82:e5:d9:1b:d9:9f:22:b9:e4:f9:
78:42:da:d1:a5:09:46:ca:a8:24:9d:77:fb:d7:40:
4a:7b:8b:52:d3:84:ec:19:46:0e:a1:34:d3:10:66:
79:c5:b5:0d:d3:a5:7f:dd:9b:52:5f:1a:1f:83:75:
fc:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:9F:0E:CA:9C:B4:DD:EE:B4:A3:1A:37:C1:8E:59:BF:EF:B8:E3:A4
X509v3 Authority Key Identifier:
keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/Kp8Oypy03e60oxo3wY5Zv--446Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.251.12.0/22
Signature Algorithm: sha256WithRSAEncryption
24:19:49:8d:4b:a1:57:2e:37:9a:06:45:b3:51:a1:bc:2c:5b:
03:e8:be:11:69:76:6f:1c:8a:a5:ea:df:14:f7:4a:aa:15:1d:
06:7e:8e:14:2b:21:eb:3c:7b:6e:04:fd:76:b1:90:58:11:f9:
c0:7e:91:3e:a1:e3:8c:c8:c2:44:70:ca:d9:c8:c4:15:90:e3:
29:f5:14:92:d4:a6:bf:d5:f0:a2:26:81:98:8d:17:18:aa:4c:
04:53:12:d6:8c:c3:27:16:cb:64:7a:06:80:88:56:89:a3:13:
48:fb:6c:89:6e:51:29:05:03:65:11:75:bc:a9:c0:a6:4e:cd:
53:2b:1e:02:e5:b2:b5:75:b9:1f:dd:eb:87:9a:52:06:fb:da:
c4:ce:22:e7:df:3a:d2:b8:1c:01:a7:e4:06:f6:c8:ff:81:fb:
62:f7:2c:ef:6f:33:d2:a1:af:33:da:9d:97:16:df:a5:93:6f:
0c:b6:21:5d:63:f7:7b:f0:1f:1a:fd:14:63:05:fd:37:b8:e8:
e5:dc:f2:23:c4:d7:4d:c2:dc:d1:9e:df:fd:0d:17:91:49:9c:
f4:7b:da:07:04:c6:fb:ee:50:9d:a2:9b:59:53:86:91:16:2e:
c7:2e:cd:01:1a:db:2d:6c:ca:8a:25:bd:8d:76:ec:87:5b:8b:
c9:39:e1:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJunB12pebKfaaD095bbyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQwMTAyMTAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlmMGVjYTljYjRkZGVlYjRhMzFhMzdjMThlNTliZmVmYjhlM2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks7ZOs6PKQFh6FbX/Tqx0amUgPbx
aGLFdY2K0PhkVlN66Xq1ORsGvS1s6j3HSi/CO5mof4J30cVh+G7gy8nH6rl3ieHu
xo3PPIBzHS52NQOcOHpicwIy4yv9bCmEwC/c6IpAtdn7jWnY7jBE/6DWyCo97pzJ
w/vMwbv0sJzP2yCADBx1UUSyYZ9YgjqIgwgeGaMLPeM5UT3jb1ENiIdXDVjZ/Nlg
MY+ZpUfrID4+6bwOuE6R+mh37wd0vLTIA7gZB2pk767prILl2RvZnyK55Pl4QtrR
pQlGyqgknXf710BKe4tS04TsGUYOoTTTEGZ5xbUN06V/3ZtSXxofg3X8nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqfDsqctN3utKMaN8GOWb/vuOOkMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvS3A4T3lweTAzZTYwb3hvM3dZNVp2LS00NDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV/sMMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGUmNS6FXLjeaBkWzUaG8LFsD6L4RaXZvHIql6t8U
90qqFR0Gfo4UKyHrPHtuBP12sZBYEfnAfpE+oeOMyMJEcMrZyMQVkOMp9RSS1Ka/
1fCiJoGYjRcYqkwEUxLWjMMnFstkegaAiFaJoxNI+2yJblEpBQNlEXW8qcCmTs1T
Kx4C5bK1dbkf3euHmlIG+9rEziLn3zrSuBwBp+QG9sj/gfti9yzvbzPSoa8z2p2X
Ft+lk28MtiFdY/d78B8a/RRjBf03uOjl3PIjxNdNwtzRnt/9DReRSZz0e9oHBMb7
7lCdoptZU4aRFi7HLs0BGtstbMqKJb2NduyHW4vJOeH7
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:14:14 2025 by rpki-client