Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/q1yQTATSUZMKgxRO2RnGiqdmqXA.roa
File: q1yQTATSUZMKgxRO2RnGiqdmqXA.roa (raw, json)
Hash identifier: KHGjhPxM6hVabD3h0aA1i/qtux482bMNBb2dhwYl4J0=
Subject key identifier: AB:5C:90:4C:04:D2:51:93:0A:83:14:4E:D9:19:C6:8A:A7:66:A9:70
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 019424B3F8CED34D4128E56DD666C47F051E
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/q1yQTATSUZMKgxRO2RnGiqdmqXA.roa
Signing time: Thu 02 Jan 2025 01:49:21 +0000
ROA not before: Thu 02 Jan 2025 01:49:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50140
IP address blocks: 193.104.145.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:f8:ce:d3:4d:41:28:e5:6d:d6:66:c4:7f:05:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 2 01:49:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab5c904c04d251930a83144ed919c68aa766a970
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f1:85:6f:2f:38:a1:df:2d:a9:91:3c:10:dd:
51:c3:e0:f1:4b:d0:db:4f:f9:ae:80:c4:ed:b4:ac:
7e:11:7b:32:df:18:0d:bb:83:f1:f7:0f:98:b4:12:
1c:58:d0:14:ca:96:d8:19:32:a6:f6:57:0d:6d:fd:
78:0d:8c:7f:06:8c:56:e8:2e:2c:e3:b1:cf:86:81:
2e:23:ba:7b:c6:d9:52:ba:79:1d:22:5d:5a:1c:a8:
66:20:fb:5c:62:a7:3b:ac:9e:78:c5:f1:ed:56:d5:
9c:33:a1:2f:71:11:c7:01:80:7b:cf:31:ca:51:3d:
e2:47:d6:97:9d:ce:f8:67:e0:0d:5a:5c:e5:4a:22:
e8:44:f0:53:43:23:43:2c:60:f8:69:75:34:ab:ae:
85:1c:5f:1a:a1:c2:5b:e6:48:f7:ab:ac:a8:37:20:
81:55:ea:f4:dd:33:e6:8b:10:ef:69:9f:f5:19:a5:
53:88:18:1d:5f:74:cd:09:d9:d1:75:fa:b1:9d:63:
ec:99:d4:60:5b:d0:2d:fd:59:13:04:46:cb:dd:76:
41:38:2e:79:e7:a4:94:59:0b:a1:fd:4d:aa:aa:5a:
76:7d:9a:01:b4:7d:fa:e0:20:54:3f:5d:b6:e6:c7:
be:57:37:92:3f:73:c4:57:c7:6e:eb:72:c1:42:44:
34:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:5C:90:4C:04:D2:51:93:0A:83:14:4E:D9:19:C6:8A:A7:66:A9:70
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/q1yQTATSUZMKgxRO2RnGiqdmqXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.104.145.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:5a:fc:76:82:ef:1e:66:5f:a9:09:f4:b7:fd:17:ae:7e:30:
e5:95:16:91:64:b3:ec:d5:77:f6:9f:8b:6e:b6:94:fc:07:e8:
de:05:4f:58:85:96:18:94:b5:e5:d0:91:0c:d3:dc:21:4c:bb:
74:b9:92:6a:39:64:fb:23:67:24:85:43:7e:eb:c0:86:5c:75:
f2:26:ce:cb:3c:ee:8e:26:18:20:e3:01:b9:fd:05:ab:95:75:
fd:81:dc:b4:54:d8:23:d3:04:7f:b5:2e:b6:1c:63:2d:43:78:
b9:49:47:37:20:6f:20:98:b6:d2:e1:dd:d5:3c:4d:83:08:57:
61:1e:f3:45:6a:e9:78:d1:c6:86:fb:5a:cb:a9:76:27:15:dc:
3f:01:c1:23:6c:48:f0:8e:b0:a9:cd:e8:2e:64:7d:ec:6e:b3:
1b:cc:66:dc:fe:ff:bd:12:da:43:50:a0:1e:b9:44:53:b6:83:
4d:91:b9:7e:55:ec:71:46:f2:8b:37:2c:ff:ba:50:e4:2f:8f:
d0:61:98:73:94:20:44:2a:29:d1:08:d6:13:31:6a:8d:ea:a1:
47:2c:6a:2d:43:7c:dc:7d:ac:28:8b:d2:33:b5:b9:89:a2:93:
7c:f4:af:e7:cf:60:d3:10:57:9a:0a:5f:af:d9:6e:d9:a5:1e:
f5:95:09:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/jO001BKOVt1mbEfwUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjUwMTAyMDE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVjOTA0YzA0ZDI1MTkzMGE4MzE0NGVkOTE5YzY4YWE3NjZhOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvGFby84od8tqZE8EN1Rw+DxS9Db
T/mugMTttKx+EXsy3xgNu4Px9w+YtBIcWNAUypbYGTKm9lcNbf14DYx/BoxW6C4s
47HPhoEuI7p7xtlSunkdIl1aHKhmIPtcYqc7rJ54xfHtVtWcM6EvcRHHAYB7zzHK
UT3iR9aXnc74Z+ANWlzlSiLoRPBTQyNDLGD4aXU0q66FHF8aocJb5kj3q6yoNyCB
Ver03TPmixDvaZ/1GaVTiBgdX3TNCdnRdfqxnWPsmdRgW9At/VkTBEbL3XZBOC55
56SUWQuh/U2qqlp2fZoBtH364CBUP1225se+VzeSP3PEV8du63LBQkQ0fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtckEwE0lGTCoMUTtkZxoqnZqlwMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvcTF5UVRBVFNVWk1LZ3hSTzJSbkdpcWRtcVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiRMA0G
CSqGSIb3DQEBCwUAA4IBAQBOWvx2gu8eZl+pCfS3/ReufjDllRaRZLPs1Xf2n4tu
tpT8B+jeBU9YhZYYlLXl0JEM09whTLt0uZJqOWT7I2ckhUN+68CGXHXyJs7LPO6O
Jhgg4wG5/QWrlXX9gdy0VNgj0wR/tS62HGMtQ3i5SUc3IG8gmLbS4d3VPE2DCFdh
HvNFaul40caG+1rLqXYnFdw/AcEjbEjwjrCpzeguZH3sbrMbzGbc/v+9EtpDUKAe
uURTtoNNkbl+VexxRvKLNyz/ulDkL4/QYZhzlCBEKinRCNYTMWqN6qFHLGotQ3zc
fawoi9IztbmJopN89K/nz2DTEFeaCl+v2W7ZpR71lQlA
-----END CERTIFICATE-----
Generated at Sun Apr 6 14:43:57 2025 by rpki-client