Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/94Wo12Y1e3j65Bs3qSAzSptfA4E.roa
File: 94Wo12Y1e3j65Bs3qSAzSptfA4E.roa (raw, json)
Hash identifier: rENezSOChxMywueLEcdlzFpl7wJd3fzE/bII/1kUK0Q=
Subject key identifier: F7:85:A8:D7:66:35:7B:78:FA:E4:1B:37:A9:20:33:4A:9B:5F:03:81
Certificate issuer: /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial: 019424B39DABFE5070C2E29840A1ABAC5C76
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/94Wo12Y1e3j65Bs3qSAzSptfA4E.roa
Signing time: Thu 02 Jan 2025 01:48:58 +0000
ROA not before: Thu 02 Jan 2025 01:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201011
IP address blocks: 2.59.28.0/22 maxlen: 22
5.56.16.0/21 maxlen: 21
31.7.176.0/20 maxlen: 24
31.7.177.0/24 maxlen: 24
80.255.0.0/20 maxlen: 20
81.95.0.0/20 maxlen: 24
82.199.128.0/19 maxlen: 24
82.199.128.0/24 maxlen: 24
82.199.130.0/24 maxlen: 24
82.199.131.0/24 maxlen: 24
82.199.138.0/24 maxlen: 24
82.199.141.0/24 maxlen: 24
82.199.147.0/24 maxlen: 24
82.199.148.0/24 maxlen: 24
82.199.149.0/24 maxlen: 24
82.199.153.0/24 maxlen: 24
82.199.157.0/24 maxlen: 24
82.199.158.0/24 maxlen: 24
82.199.159.0/24 maxlen: 24
83.142.80.0/21 maxlen: 21
92.43.104.0/21 maxlen: 24
185.89.36.0/22 maxlen: 22
193.104.251.0/24 maxlen: 24
195.138.248.0/21 maxlen: 21
195.138.249.0/24 maxlen: 24
195.138.250.0/24 maxlen: 24
2a01:4a0::/29 maxlen: 48
2a01:4a0:b::/48 maxlen: 48
2a01:4a0:e::/48 maxlen: 48
2a01:4a0:17::/48 maxlen: 48
2a01:4a0:30::/48 maxlen: 48
2a01:4a0:38::/48 maxlen: 48
2a01:4a0:42::/48 maxlen: 48
2a01:4a0:43::/48 maxlen: 48
2a01:4a0:45::/48 maxlen: 48
2a01:4a0:46::/48 maxlen: 48
2a01:4a0:47::/48 maxlen: 48
2a01:4a0:48::/48 maxlen: 48
2a01:4a0:50::/48 maxlen: 48
2a01:4a0:56::/48 maxlen: 48
2a05:d4c0::/29 maxlen: 29
2a06:7ec0::/29 maxlen: 29
2a09:ee40::/29 maxlen: 29
2a0b:76c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:9d:ab:fe:50:70:c2:e2:98:40:a1:ab:ac:5c:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Validity
Not Before: Jan 2 01:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f785a8d766357b78fae41b37a920334a9b5f0381
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:ef:b8:85:4b:1f:22:49:1f:e8:30:e0:56:08:
78:83:df:3f:32:3f:84:8d:58:02:06:79:82:4c:0e:
9e:b9:70:82:e3:7f:ee:2e:a5:87:62:16:40:d2:f5:
03:27:c5:a1:74:82:87:e0:aa:ef:70:81:00:91:7b:
3a:db:2c:51:a1:ff:bd:16:b9:e8:9d:36:7b:12:0f:
19:a0:91:95:db:9c:7d:50:bc:3f:1c:8d:41:0e:0a:
d5:9d:3b:b0:25:5b:c4:2a:5f:01:e9:18:52:f3:81:
72:52:a1:e3:46:27:e6:b7:c8:fa:ef:20:e9:fd:81:
fd:55:91:64:6a:bf:a2:7b:48:86:d0:79:63:48:66:
aa:26:7e:7f:c9:91:90:04:1a:5b:e8:65:27:79:d9:
af:b7:56:92:d0:62:93:88:07:06:a4:e1:49:30:29:
24:a3:cd:d3:d5:8c:37:53:d1:91:e7:3b:4c:4f:6d:
31:2d:e9:e6:95:5b:4c:74:5b:4a:f6:f2:01:0c:4d:
fa:48:90:bf:fb:b7:01:62:2f:d4:b1:13:5b:9b:ba:
0e:5b:4a:5c:6e:1e:d3:b5:2e:59:19:a2:4e:ba:b1:
86:f9:65:ce:71:5d:91:74:29:eb:64:6e:37:fc:50:
c9:9b:57:d9:20:f8:ba:4e:a1:78:8e:fa:88:b4:79:
77:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:85:A8:D7:66:35:7B:78:FA:E4:1B:37:A9:20:33:4A:9B:5F:03:81
X509v3 Authority Key Identifier:
keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/94Wo12Y1e3j65Bs3qSAzSptfA4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.28.0/22
5.56.16.0/21
31.7.176.0/20
80.255.0.0/20
81.95.0.0/20
82.199.128.0/19
83.142.80.0/21
92.43.104.0/21
185.89.36.0/22
193.104.251.0/24
195.138.248.0/21
IPv6:
2a01:4a0::/29
2a05:d4c0::/29
2a06:7ec0::/29
2a09:ee40::/29
2a0b:76c0::/29
Signature Algorithm: sha256WithRSAEncryption
9d:7a:f2:f5:68:b0:bb:2d:a1:5e:ce:52:10:78:28:73:c7:65:
ee:3e:bf:f5:a4:9a:5d:49:25:a2:ab:06:90:a5:4e:80:7e:cb:
a5:0e:6a:6f:31:82:09:58:92:18:a9:2b:41:78:9e:95:e5:41:
d3:11:f3:e3:2f:3e:58:34:79:9d:00:00:7a:25:c3:22:cf:9f:
5e:ba:39:db:5e:4f:69:46:d4:44:18:86:b5:08:56:78:05:79:
38:1d:05:d8:87:b7:ad:3c:1a:08:c7:6c:96:8c:e4:00:d7:64:
62:5d:de:b4:8b:5c:e6:2e:8a:8f:a5:31:fd:48:79:c8:1f:82:
b2:e8:e7:07:0f:cf:87:87:ef:1a:c9:fc:81:4f:71:6a:d1:fd:
e1:a1:b6:6a:77:50:19:20:12:e5:61:9a:73:a9:10:42:ac:27:
00:b3:2d:98:05:3d:f0:53:9d:c5:c6:44:78:d1:a0:31:f6:8e:
fb:65:4b:96:66:66:fd:4b:ab:05:91:b2:a4:4d:e8:31:86:24:
8b:21:b8:a9:04:2e:88:e2:83:a7:29:53:5d:db:06:35:9b:b7:
d3:da:d6:39:f7:e2:b7:61:4a:6f:c2:ec:71:98:8c:17:46:ab:
ff:c8:79:8f:16:41:fb:9b:b5:f2:69:60:cc:80:10:78:6f:74:
5c:66:33:20
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZQks52r/lBwwuKYQKGrrFx2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjUwMTAyMDE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzg1YThkNzY2MzU3Yjc4ZmFlNDFiMzdhOTIwMzM0YTliNWYwMzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO+4hUsfIkkf6DDgVgh4g98/Mj+E
jVgCBnmCTA6euXCC43/uLqWHYhZA0vUDJ8WhdIKH4KrvcIEAkXs62yxRof+9Frno
nTZ7Eg8ZoJGV25x9ULw/HI1BDgrVnTuwJVvEKl8B6RhS84FyUqHjRifmt8j67yDp
/YH9VZFkar+ie0iG0HljSGaqJn5/yZGQBBpb6GUnedmvt1aS0GKTiAcGpOFJMCkk
o83T1Yw3U9GR5ztMT20xLenmlVtMdFtK9vIBDE36SJC/+7cBYi/UsRNbm7oOW0pc
bh7TtS5ZGaJOurGG+WXOcV2RdCnrZG43/FDJm1fZIPi6TqF4jvqItHl3LQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFPeFqNdmNXt4+uQbN6kgM0qbXwOBMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvOTRXbzEyWTFlM2o2NUJzM3FTQXpTcHRmQTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwSAQCAAEwQgMEAgI7HAME
AwU4EAMEBB8HsAMEBFD/AAMEBFFfAAMEBVLHgAMEA1OOUAMEA1wraAMEArlZJAME
AMFo+wMEA8OK+DApBAIAAjAjAwUDKgEEoAMFAyoF1MADBQMqBn7AAwUDKgnuQAMF
AyoLdsAwDQYJKoZIhvcNAQELBQADggEBAJ168vVosLstoV7OUhB4KHPHZe4+v/Wk
ml1JJaKrBpClToB+y6UOam8xgglYkhipK0F4npXlQdMR8+MvPlg0eZ0AAHolwyLP
n166OdteT2lG1EQYhrUIVngFeTgdBdiHt608GgjHbJaM5ADXZGJd3rSLXOYuio+l
Mf1IecgfgrLo5wcPz4eH7xrJ/IFPcWrR/eGhtmp3UBkgEuVhmnOpEEKsJwCzLZgF
PfBTncXGRHjRoDH2jvtlS5ZmZv1LqwWRsqRN6DGGJIshuKkELojig6cpU13bBjWb
t9Pa1jn34rdhSm/C7HGYjBdGq//IeY8WQfubtfJpYMyAEHhvdFxmMyA=
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:40:39 2025 by rpki-client