Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/BG2GQRQj__LbyWDFhe3ln85b940.roa
File: BG2GQRQj__LbyWDFhe3ln85b940.roa (raw, json)
Hash identifier: lk6lxMj6AygLD+sogl1yc/ecZHSyV/21ZENJYGE3vF8=
Subject key identifier: 04:6D:86:41:14:23:FF:F2:DB:C9:60:C5:85:ED:E5:9F:CE:5B:F7:8D
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 018689BAA55B8E220965BF36E5EF4CFBAE0B
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/BG2GQRQj__LbyWDFhe3ln85b940.roa
Signing time: Sat 25 Feb 2023 17:59:15 +0000
ROA not before: Sat 25 Feb 2023 17:59:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48964
IP address blocks: 141.105.138.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:89:ba:a5:5b:8e:22:09:65:bf:36:e5:ef:4c:fb:ae:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Feb 25 17:59:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=046d86411423fff2dbc960c585ede59fce5bf78d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:aa:10:45:5e:cc:92:9c:f7:4e:5a:72:ba:59:
c1:63:0e:83:10:7b:b9:d7:09:1b:af:3b:ab:cf:de:
55:a7:26:56:67:a1:3c:8a:c2:d9:73:bb:ee:bf:12:
8f:37:66:ed:ab:1b:a7:fa:21:96:f7:ec:1d:e1:30:
57:9d:7d:d6:70:40:31:01:9c:68:87:b4:7c:0d:26:
4b:93:0f:2a:07:99:fa:5a:21:1a:72:55:eb:50:51:
14:d9:d8:58:07:e5:e4:8f:0e:45:07:dd:f6:c4:5d:
3b:07:5f:d5:b8:a2:72:87:79:e6:4f:21:3f:de:78:
d4:48:3b:bd:7d:f0:26:df:c0:0b:97:4e:da:72:bb:
0e:49:b2:c1:cd:34:de:b3:57:96:2d:93:32:94:fc:
98:27:ec:59:d8:6c:bd:7c:b5:47:36:4a:ca:75:d8:
c6:42:72:4d:5b:52:3b:fe:62:91:57:39:63:57:e6:
f7:17:ee:5b:ee:25:93:0a:04:ed:9b:b8:4a:75:00:
cb:05:17:c8:9d:65:28:6b:56:4e:34:29:56:5c:41:
45:ff:01:c5:e4:2e:88:c8:c8:91:5b:82:5c:10:fe:
be:e1:4d:79:de:96:91:ce:08:ba:d3:d2:ac:d4:04:
52:45:24:4a:a9:f5:ed:5d:8c:6b:e0:b3:03:55:19:
31:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:6D:86:41:14:23:FF:F2:DB:C9:60:C5:85:ED:E5:9F:CE:5B:F7:8D
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/BG2GQRQj__LbyWDFhe3ln85b940.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.138.0/24
Signature Algorithm: sha256WithRSAEncryption
83:03:84:18:29:86:42:55:4b:07:f4:6e:ec:96:12:76:33:61:
52:84:e6:50:38:1f:9e:ee:97:93:c5:3e:b4:b0:43:71:f2:73:
87:0c:12:ce:26:ed:a6:13:bc:ac:a8:a4:1b:d2:a9:c2:92:a6:
03:5c:96:73:8f:84:c3:38:e9:47:c4:54:23:80:33:98:c8:f7:
fb:3e:ad:fd:69:a5:c7:a7:1a:12:16:15:77:d9:72:40:92:05:
76:4a:78:1f:02:70:67:ca:23:61:10:e3:e8:b2:33:f3:a7:00:
20:69:f2:ee:30:97:29:4a:12:e6:63:c7:19:9c:07:07:55:a7:
0b:cd:cb:b4:a3:44:79:7c:3d:0b:2c:b4:d8:28:d0:bf:d8:13:
8f:b2:17:61:95:f4:4e:ba:2b:2d:17:4b:5e:3b:93:17:38:99:
fd:55:62:27:c9:c8:51:85:93:6e:09:dd:76:bb:37:b7:ab:55:
eb:90:6b:9a:8a:c8:22:76:df:9d:19:27:e1:78:ee:f8:93:03:
ca:e8:92:90:51:39:81:c8:27:be:51:63:20:18:f1:c0:74:92:
37:01:7d:23:aa:df:f8:01:ec:86:9e:ad:7f:57:95:6c:a9:ad:
4b:53:aa:24:ff:a8:e9:d3:77:11:ba:aa:b0:ab:88:91:26:51:
83:ed:ec:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYaJuqVbjiIJZb825e9M+64LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjMwMjI1MTc1OTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDZkODY0MTE0MjNmZmYyZGJjOTYwYzU4NWVkZTU5ZmNlNWJmNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KoQRV7Mkpz3TlpyulnBYw6DEHu5
1wkbrzurz95VpyZWZ6E8isLZc7vuvxKPN2btqxun+iGW9+wd4TBXnX3WcEAxAZxo
h7R8DSZLkw8qB5n6WiEaclXrUFEU2dhYB+Xkjw5FB932xF07B1/VuKJyh3nmTyE/
3njUSDu9ffAm38ALl07acrsOSbLBzTTes1eWLZMylPyYJ+xZ2Gy9fLVHNkrKddjG
QnJNW1I7/mKRVzljV+b3F+5b7iWTCgTtm7hKdQDLBRfInWUoa1ZONClWXEFF/wHF
5C6IyMiRW4JcEP6+4U153paRzgi609Ks1ARSRSRKqfXtXYxr4LMDVRkxNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARthkEUI//y28lgxYXt5Z/OW/eNMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvQkcyR1FSUWpfX0xieVdERmhlM2xuODViOTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWmKMA0G
CSqGSIb3DQEBCwUAA4IBAQCDA4QYKYZCVUsH9G7slhJ2M2FShOZQOB+e7peTxT60
sENx8nOHDBLOJu2mE7ysqKQb0qnCkqYDXJZzj4TDOOlHxFQjgDOYyPf7Pq39aaXH
pxoSFhV32XJAkgV2SngfAnBnyiNhEOPosjPzpwAgafLuMJcpShLmY8cZnAcHVacL
zcu0o0R5fD0LLLTYKNC/2BOPshdhlfROuistF0teO5MXOJn9VWInychRhZNuCd12
uze3q1XrkGuaisgidt+dGSfheO74kwPK6JKQUTmByCe+UWMgGPHAdJI3AX0jqt/4
AeyGnq1/V5Vsqa1LU6ok/6jp03cRuqqwq4iRJlGD7ewA
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:10:45 2025 by rpki-client