Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/yYuMrGAUhe5_9JCBGAwA4NXKzdw.roa
File: yYuMrGAUhe5_9JCBGAwA4NXKzdw.roa (raw, json)
Hash identifier: QxSL1wfmyX5fhPAsk7v2TrH1JEBbantakWNxO8pIiQo=
Subject key identifier: C9:8B:8C:AC:60:14:85:EE:7F:F4:90:81:18:0C:00:E0:D5:CA:CD:DC
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 018B8764DC8431ABEF454D850EF215D05172
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/yYuMrGAUhe5_9JCBGAwA4NXKzdw.roa
Signing time: Tue 31 Oct 2023 20:20:16 +0000
ROA not before: Tue 31 Oct 2023 20:20:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42905
IP address blocks: 141.105.128.0/24 maxlen: 24
141.105.132.0/22 maxlen: 22
141.105.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:87:64:dc:84:31:ab:ef:45:4d:85:0e:f2:15:d0:51:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Oct 31 20:20:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c98b8cac601485ee7ff49081180c00e0d5cacddc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:c4:24:dc:af:32:95:75:c4:57:1f:7c:91:81:
4c:3b:d5:3d:11:c4:39:1c:6a:93:0a:20:56:26:0c:
f3:41:7c:25:94:7f:11:58:cb:71:7b:94:cc:37:e2:
2e:27:3a:cc:a1:46:8b:1a:55:8b:80:b8:fa:db:08:
27:c5:93:49:20:84:4a:28:7c:07:aa:49:02:64:2c:
17:14:78:55:8e:b1:b5:30:5f:c4:29:d3:99:88:61:
f1:1f:20:c1:fe:bf:b7:de:06:0d:04:30:55:c5:14:
fa:c8:79:b6:7f:46:52:7f:c2:34:18:b6:ee:13:db:
06:cf:6e:b6:cd:4c:65:fd:fa:6d:b7:ad:68:15:ea:
9b:97:c3:61:a4:be:08:3b:bd:d4:6c:cd:44:1f:6e:
c5:5f:9c:34:95:c8:c5:07:47:68:6f:9b:a7:09:ba:
58:e0:db:d3:5b:3c:9d:b6:8e:ba:9e:0a:1d:0e:68:
78:53:99:bc:b4:73:99:91:3c:48:b5:7e:7a:14:0a:
e0:0c:b4:6a:24:11:aa:e5:ae:27:7d:1e:a9:f6:f0:
9a:76:4f:bd:79:99:0f:99:21:ba:ce:d9:2b:e6:71:
ac:18:84:d9:ce:c6:41:2e:85:a0:4c:65:d2:f0:a5:
5e:14:df:20:33:81:69:b6:6e:9c:6b:5b:5e:1c:5e:
b0:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:8B:8C:AC:60:14:85:EE:7F:F4:90:81:18:0C:00:E0:D5:CA:CD:DC
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/yYuMrGAUhe5_9JCBGAwA4NXKzdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.128.0/24
141.105.132.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:0f:e2:f8:72:7a:60:56:fe:0e:b0:ad:d2:9f:c2:6f:12:52:
7f:65:c5:ad:bf:53:ac:f4:ae:c7:b0:b9:46:06:06:c4:dc:1b:
b6:c7:a2:8b:dd:34:19:aa:1f:9b:e1:84:ed:01:6a:2e:20:73:
93:6d:e9:28:29:dc:3b:e7:78:39:1d:4d:1a:c1:b8:70:58:04:
c7:bc:00:9c:97:54:ec:a4:60:ae:65:4f:2c:5f:b2:ab:d8:89:
02:d4:9c:22:31:35:d4:1b:ea:91:82:f0:f3:90:f6:13:16:05:
f3:e7:5f:16:a0:04:49:cc:fa:ae:0f:a7:f7:6b:41:e6:88:91:
70:55:30:c8:89:d3:5b:9a:90:7b:c3:95:91:a5:a6:a2:04:e2:
1a:f3:47:e5:61:e6:d0:1f:29:92:ae:ee:eb:b1:ef:a1:16:76:
fc:37:70:1e:8a:14:8f:84:30:0c:60:f6:63:a9:d0:60:a2:91:
1a:98:05:f9:e3:ab:a0:54:d8:3d:91:ce:54:7d:46:d6:ba:f2:
7a:50:ab:c4:24:84:86:42:23:86:20:d9:72:c2:c0:9e:c0:c8:
dc:9a:4f:f2:be:54:09:db:c4:13:a1:d0:f5:0f:0f:e5:74:4b:
c6:b2:af:db:89:b8:4e:d0:5d:d4:32:32:e6:f5:da:e7:d4:05:
b4:6c:4e:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYuHZNyEMavvRU2FDvIV0FFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjMxMDMxMjAyMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOThiOGNhYzYwMTQ4NWVlN2ZmNDkwODExODBjMDBlMGQ1Y2FjZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMQk3K8ylXXEVx98kYFMO9U9EcQ5
HGqTCiBWJgzzQXwllH8RWMtxe5TMN+IuJzrMoUaLGlWLgLj62wgnxZNJIIRKKHwH
qkkCZCwXFHhVjrG1MF/EKdOZiGHxHyDB/r+33gYNBDBVxRT6yHm2f0ZSf8I0GLbu
E9sGz262zUxl/fptt61oFeqbl8NhpL4IO73UbM1EH27FX5w0lcjFB0dob5unCbpY
4NvTWzydto66ngodDmh4U5m8tHOZkTxItX56FArgDLRqJBGq5a4nfR6p9vCadk+9
eZkPmSG6ztkr5nGsGITZzsZBLoWgTGXS8KVeFN8gM4Fptm6ca1teHF6wOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMmLjKxgFIXuf/SQgRgMAODVys3cMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEveVl1TXJHQVVoZTVfOUpDQkdBd0E0TlhLemR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjWmAAwQC
jWmEMA0GCSqGSIb3DQEBCwUAA4IBAQAMD+L4cnpgVv4OsK3Sn8JvElJ/ZcWtv1Os
9K7HsLlGBgbE3Bu2x6KL3TQZqh+b4YTtAWouIHOTbekoKdw753g5HU0awbhwWATH
vACcl1TspGCuZU8sX7Kr2IkC1JwiMTXUG+qRgvDzkPYTFgXz518WoARJzPquD6f3
a0HmiJFwVTDIidNbmpB7w5WRpaaiBOIa80flYebQHymSru7rse+hFnb8N3AeihSP
hDAMYPZjqdBgopEamAX546ugVNg9kc5UfUbWuvJ6UKvEJISGQiOGINlywsCewMjc
mk/yvlQJ28QTodD1Dw/ldEvGsq/bibhO0F3UMjLm9drn1AW0bE77
-----END CERTIFICATE-----
Generated at Sun Apr 13 09:30:57 2025 by rpki-client