Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2sk7WRyc_YYWaTkXM4QCmHMEAus.roa
File: 2sk7WRyc_YYWaTkXM4QCmHMEAus.roa (raw, json)
Hash identifier: lU/ogJJsqGVk6hOKRHRyy4cCEJ3XP5uv7jF5OIHj8H4=
Subject key identifier: DA:C9:3B:59:1C:9C:FD:86:16:69:39:17:33:84:02:98:73:04:02:EB
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0194D86552EFBE9AAB642DD86B722BAD23DD
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2sk7WRyc_YYWaTkXM4QCmHMEAus.roa
Signing time: Wed 05 Feb 2025 23:15:06 +0000
ROA not before: Wed 05 Feb 2025 23:15:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 394814
IP address blocks: 94.131.182.0/23 maxlen: 24
94.131.184.0/22 maxlen: 22
95.164.144.0/20 maxlen: 24
95.164.200.0/22 maxlen: 24
95.164.204.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d8:65:52:ef:be:9a:ab:64:2d:d8:6b:72:2b:ad:23:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Feb 5 23:15:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dac93b591c9cfd861669391733840298730402eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:8e:69:1e:a1:e0:6e:7a:df:fc:d6:8d:7f:62:
69:77:e6:fd:10:47:46:1e:b5:82:05:b7:fa:3c:b8:
e0:4c:32:a7:36:c6:ec:27:29:f9:db:2d:bc:9d:a3:
d6:cd:15:f8:b1:fc:31:db:b6:8d:e3:96:2c:a0:77:
bc:d6:14:88:57:81:b5:8b:19:4e:c9:14:59:40:14:
cf:52:b1:0c:8a:b3:55:12:a4:b6:63:59:8a:7f:de:
37:41:4f:b3:f0:a6:57:f5:f4:96:22:e5:ed:9e:ce:
1b:f5:b0:ca:4e:a7:d5:18:da:c3:73:70:73:54:7a:
01:1c:89:23:06:08:fd:98:29:3f:58:35:02:50:b5:
93:fb:24:3d:fd:48:b7:5f:01:3d:8c:b3:c5:dc:9b:
36:2c:56:02:5d:a1:9e:a4:17:3d:bf:02:ba:42:e1:
78:55:6d:1e:ce:5c:9f:25:9d:e7:7c:c4:45:34:ee:
fe:c7:2b:13:25:81:eb:c6:ce:df:3a:f3:84:dc:77:
a3:49:a1:c9:06:65:d4:d6:11:af:47:70:f3:cd:ac:
f8:3d:93:e4:a5:8f:e4:7a:be:7e:72:9d:a7:ae:c3:
70:9c:e5:0f:43:fa:c5:2f:2b:fc:07:c1:06:a7:2b:
29:42:c2:f2:86:3a:d4:91:00:d9:75:4f:cd:e9:3c:
63:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C9:3B:59:1C:9C:FD:86:16:69:39:17:33:84:02:98:73:04:02:EB
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2sk7WRyc_YYWaTkXM4QCmHMEAus.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.182.0-94.131.187.255
95.164.144.0/20
95.164.200.0/21
Signature Algorithm: sha256WithRSAEncryption
41:3c:f8:be:53:65:33:9f:91:69:a7:d3:ae:f7:03:3d:26:67:
25:c6:19:12:f6:af:94:98:77:44:c2:3d:51:44:bc:46:13:35:
23:72:0d:66:0b:05:a7:fc:d8:12:18:b4:fe:60:15:05:00:db:
04:d4:52:14:1a:7a:f6:7f:1b:cc:1c:63:2d:40:eb:92:32:53:
07:97:17:74:e1:1c:cb:c7:f1:8c:74:ff:76:28:c8:e5:94:ee:
3c:0e:15:3c:d5:de:36:fa:4e:b1:66:71:16:c7:c6:5a:5d:10:
2f:2d:c6:02:98:ed:20:48:cb:f3:f8:83:40:51:bb:fe:75:12:
e4:c4:00:73:b0:d1:21:10:e9:70:0f:7a:2b:55:46:de:7b:b0:
4e:a7:8e:1c:6a:77:b8:13:a4:4c:ea:73:7c:97:2f:44:37:5c:
be:4d:aa:c9:2c:d7:d1:75:7b:75:cc:c8:94:bc:6e:8d:e7:5f:
04:76:bf:a5:b3:91:37:51:d3:39:ad:9b:f3:64:f9:4b:91:19:
77:ec:9a:ac:a9:1b:d9:66:fc:53:f0:6a:10:a6:ae:b2:06:6e:
1d:ff:82:8a:b6:fd:06:54:0b:bc:62:c3:ae:c4:df:c6:8e:15:
58:43:18:50:77:a3:9e:43:9e:8d:5c:7b:14:2f:6f:88:dc:5e:
a9:c2:d8:62
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZTYZVLvvpqrZC3Ya3IrrSPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMjA1MjMxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM5M2I1OTFjOWNmZDg2MTY2OTM5MTczMzg0MDI5ODczMDQwMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I5pHqHgbnrf/NaNf2Jpd+b9EEdG
HrWCBbf6PLjgTDKnNsbsJyn52y28naPWzRX4sfwx27aN45YsoHe81hSIV4G1ixlO
yRRZQBTPUrEMirNVEqS2Y1mKf943QU+z8KZX9fSWIuXtns4b9bDKTqfVGNrDc3Bz
VHoBHIkjBgj9mCk/WDUCULWT+yQ9/Ui3XwE9jLPF3Js2LFYCXaGepBc9vwK6QuF4
VW0ezlyfJZ3nfMRFNO7+xysTJYHrxs7fOvOE3HejSaHJBmXU1hGvR3Dzzaz4PZPk
pY/ker5+cp2nrsNwnOUPQ/rFLyv8B8EGpyspQsLyhjrUkQDZdU/N6Txj1QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNrJO1kcnP2GFmk5FzOEAphzBALrMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvMnNrN1dSeWNfWVlXYVRrWE00UUNtSE1FQXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAFeg7YD
BAJeg7gDBARfpJADBANfpMgwDQYJKoZIhvcNAQELBQADggEBAEE8+L5TZTOfkWmn
0673Az0mZyXGGRL2r5SYd0TCPVFEvEYTNSNyDWYLBaf82BIYtP5gFQUA2wTUUhQa
evZ/G8wcYy1A65IyUweXF3ThHMvH8Yx0/3YoyOWU7jwOFTzV3jb6TrFmcRbHxlpd
EC8txgKY7SBIy/P4g0BRu/51EuTEAHOw0SEQ6XAPeitVRt57sE6njhxqd7gTpEzq
c3yXL0Q3XL5Nqsks19F1e3XMyJS8bo3nXwR2v6WzkTdR0zmtm/Nk+UuRGXfsmqyp
G9lm/FPwahCmrrIGbh3/goq2/QZUC7xiw67E38aOFVhDGFB3o55Dno1cexQvb4jc
XqnC2GI=
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:26:31 2025 by rpki-client