Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/gPm5utOnUf2zXGhaP7sJQQcc65I.roa
File: gPm5utOnUf2zXGhaP7sJQQcc65I.roa (raw, json)
Hash identifier: PIe5S65hTnQBICxbX4fKV1Kd6VJ8CPRXYb/iaIdq988=
Subject key identifier: 80:F9:B9:BA:D3:A7:51:FD:B3:5C:68:5A:3F:BB:09:41:07:1C:EB:92
Certificate issuer: /CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Certificate serial: 1B41C3A3
Authority key identifier: 0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/gPm5utOnUf2zXGhaP7sJQQcc65I.roa
Signing time: Thu 17 Mar 2022 08:14:05 +0000
ROA not before: Thu 17 Mar 2022 08:14:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48434
IP address blocks: 94.232.168.0/21 maxlen: 27
185.162.218.0/23 maxlen: 27
185.37.52.0/22 maxlen: 27
185.78.20.0/22 maxlen: 27
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 457294755 (0x1b41c3a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Validity
Not Before: Mar 17 08:14:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=80f9b9bad3a751fdb35c685a3fbb0941071ceb92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:b9:52:8e:fb:22:de:0b:2d:72:cd:00:04:56:
64:7c:27:7b:ba:f0:2c:af:a2:f8:6e:72:d6:ce:95:
b6:dd:04:76:fa:4b:39:8d:a2:51:f0:d0:e4:84:5e:
18:df:a6:d3:4e:e5:c0:eb:16:85:10:ee:59:cb:96:
cc:29:06:24:d0:90:31:d5:02:28:47:64:a8:1f:4c:
5a:cd:ba:9c:d9:49:d3:3f:34:43:6b:9d:7b:24:17:
79:d4:aa:65:db:d0:17:c8:d3:b6:68:f8:5c:f7:e4:
15:11:cc:40:32:68:8e:b5:a1:ae:6f:50:d4:54:10:
a9:cb:b4:86:54:78:5e:90:ca:2a:eb:13:9f:83:23:
da:b7:d7:31:68:d3:c9:35:cc:3b:6e:b8:b2:86:ce:
88:7c:8f:a9:1d:25:55:5f:a5:b2:ab:88:97:31:57:
17:e1:ea:12:2c:8b:af:e8:0f:49:b0:1e:b0:8a:33:
02:54:e2:37:85:ee:86:19:d6:c4:18:9d:fc:80:54:
0b:98:ca:e6:36:f1:76:04:65:79:4c:97:ae:cb:dd:
bd:ad:1f:4e:bf:ba:ec:bc:62:8c:88:d4:0f:54:a7:
a2:84:b8:df:53:16:d5:13:87:33:02:e0:f0:43:b1:
5d:f6:4d:f6:65:27:71:82:25:b5:77:39:f4:cb:3d:
61:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:F9:B9:BA:D3:A7:51:FD:B3:5C:68:5A:3F:BB:09:41:07:1C:EB:92
X509v3 Authority Key Identifier:
keyid:0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/gPm5utOnUf2zXGhaP7sJQQcc65I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/DNpch0NU2Dgm5DwlNbduINW2GwU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.232.168.0/21
185.37.52.0/22
185.78.20.0/22
185.162.218.0/23
Signature Algorithm: sha256WithRSAEncryption
86:b7:e7:e2:1d:39:22:72:86:bc:30:fd:71:4b:e8:2a:3c:95:
4f:1c:ec:7b:77:ac:7b:cf:87:d1:f0:8c:bc:ec:3a:de:9e:c4:
c6:0d:93:c0:8e:a8:3c:a3:d9:5b:34:17:ce:f9:c9:2a:c8:95:
fd:99:4f:58:42:2d:c0:42:70:ad:f9:11:b2:4c:0e:19:4f:5c:
99:9d:20:43:b9:43:b0:95:d0:ba:39:98:0a:58:f0:32:ef:42:
e5:fb:b6:ea:86:7c:dc:0c:07:85:47:7c:ec:ce:5c:ab:6b:7d:
c0:33:7a:2f:47:fa:d9:42:5e:ca:0f:5e:0f:6c:c9:45:1e:f2:
01:75:ce:a7:b7:39:20:ef:5a:53:68:b8:d3:04:7b:a5:95:63:
a4:46:ce:90:f2:bc:d0:12:fa:6a:3a:7e:77:48:94:52:95:79:
a3:55:c9:ed:8f:dc:c3:a9:67:52:d4:51:5f:79:6e:21:c1:3c:
b5:db:64:23:03:eb:63:76:38:a6:20:3e:51:fd:d7:ab:87:7a:
54:4d:84:1a:3d:af:dc:1b:83:c2:67:dd:fe:54:84:26:45:64:
37:f4:d4:3f:34:40:e1:f9:0f:75:7d:8f:1b:08:ba:93:af:35:
1e:d1:83:d4:2f:36:4a:3f:8e:f4:73:a6:17:46:ec:b4:f8:81:
2d:7b:1b:cd
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEG0HDozANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Y2RhNWM4NzQzNTRkODM4MjZlNDNjMjUzNWI3NmUyMGQ1YjYxYjA1MB4XDTIyMDMx
NzA4MTQwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODBmOWI5YmFkM2E3
NTFmZGIzNWM2ODVhM2ZiYjA5NDEwNzFjZWI5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANu5Uo77It4LLXLNAARWZHwne7rwLK+i+G5y1s6Vtt0EdvpL
OY2iUfDQ5IReGN+m007lwOsWhRDuWcuWzCkGJNCQMdUCKEdkqB9MWs26nNlJ0z80
Q2udeyQXedSqZdvQF8jTtmj4XPfkFRHMQDJojrWhrm9Q1FQQqcu0hlR4XpDKKusT
n4Mj2rfXMWjTyTXMO264sobOiHyPqR0lVV+lsquIlzFXF+HqEiyLr+gPSbAesIoz
AlTiN4XuhhnWxBid/IBUC5jK5jbxdgRleUyXrsvdva0fTr+67LxijIjUD1SnooS4
31MW1ROHMwLg8EOxXfZN9mUncYIltXc59Ms9YecCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSA+bm606dR/bNcaFo/uwlBBxzrkjAfBgNVHSMEGDAWgBQM2lyHQ1TYOCbk
PCU1t24g1bYbBTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0ROcGNoME5VMkRnbTVEd2xOYmR1SU5XMkd3VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWIvOTIzMzJmLTAzZTAtNDExNi1iNmYzLWM4MmY0MjRiNmQwZC8x
L2dQbTV1dE9uVWYyelhHaGFQN3NKUVFjYzY1SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIv
OTIzMzJmLTAzZTAtNDExNi1iNmYzLWM4MmY0MjRiNmQwZC8xL0ROcGNoME5VMkRn
bTVEd2xOYmR1SU5XMkd3VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEA17oqAMEArklNAMEArlOFAMEAbmi
2jANBgkqhkiG9w0BAQsFAAOCAQEAhrfn4h05InKGvDD9cUvoKjyVTxzse3ese8+H
0fCMvOw63p7Exg2TwI6oPKPZWzQXzvnJKsiV/ZlPWEItwEJwrfkRskwOGU9cmZ0g
Q7lDsJXQujmYCljwMu9C5fu26oZ83AwHhUd87M5cq2t9wDN6L0f62UJeyg9eD2zJ
RR7yAXXOp7c5IO9aU2i40wR7pZVjpEbOkPK80BL6ajp+d0iUUpV5o1XJ7Y/cw6ln
UtRRX3luIcE8tdtkIwPrY3Y4piA+Uf3Xq4d6VE2EGj2v3BuDwmfd/lSEJkVkN/TU
PzRA4fkPdX2PGwi6k681HtGD1C82Sj+O9HOmF0bstPiBLXsbzQ==
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:46:44 2025 by rpki-client