Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/tqDsMAegNRKQAE5ote-A3nyfOyE.roa
File: tqDsMAegNRKQAE5ote-A3nyfOyE.roa (raw, json)
Hash identifier: 4F4VhLbRYPi9NkyK7yhRpHdYVvHsK3iQRO0DU2nFNao=
Subject key identifier: B6:A0:EC:30:07:A0:35:12:90:00:4E:68:B5:EF:80:DE:7C:9F:3B:21
Certificate issuer: /CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Certificate serial: 01862C50F946476939191BFB191200F456DC
Authority key identifier: 0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/tqDsMAegNRKQAE5ote-A3nyfOyE.roa
Signing time: Tue 07 Feb 2023 14:39:09 +0000
ROA not before: Tue 07 Feb 2023 14:39:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48434
IP address blocks: 94.232.168.0/21 maxlen: 27
185.162.218.0/23 maxlen: 27
185.37.52.0/22 maxlen: 27
185.232.152.0/22 maxlen: 27
185.232.154.0/23 maxlen: 27
185.232.154.0/24 maxlen: 27
185.232.153.0/24 maxlen: 27
185.78.20.0/22 maxlen: 27
185.232.155.0/24 maxlen: 27
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2c:50:f9:46:47:69:39:19:1b:fb:19:12:00:f4:56:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0cda5c874354d83826e43c2535b76e20d5b61b05
Validity
Not Before: Feb 7 14:39:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6a0ec3007a0351290004e68b5ef80de7c9f3b21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:a3:0b:d7:0d:48:f2:a3:8c:76:89:f8:8b:cb:
b6:c1:bb:4d:d3:6a:6e:73:42:2c:71:8a:5a:ac:3a:
48:b4:e9:a3:f3:a7:ed:1d:d8:ff:5c:5f:aa:de:23:
98:4d:2d:ea:d5:68:5a:23:d5:0c:ed:f2:c7:6f:1d:
ef:e8:54:e7:66:7a:0f:8b:cd:cc:90:fd:ff:81:ee:
ac:e8:4e:82:09:ca:c8:94:7f:e3:f3:71:d3:96:58:
da:ed:41:94:ff:6b:4a:8d:c4:5b:2b:57:43:ad:f5:
32:ae:a3:be:07:8b:3a:df:61:2e:c3:1f:5a:58:c5:
83:11:c1:0a:67:8f:30:50:b4:6f:fc:a5:e4:b1:4e:
3c:88:97:33:14:96:45:76:cf:9a:fb:08:3e:5a:92:
97:73:16:7b:d7:b5:03:60:be:f0:0b:63:b2:c4:50:
1c:0c:8f:12:71:b5:46:24:60:b9:1b:46:f3:69:75:
c5:5c:91:fe:d0:1f:a7:99:78:13:af:14:cc:a9:37:
68:d2:45:4e:66:be:c1:0a:2b:99:b1:ce:11:55:75:
4b:ae:a4:8c:cc:7d:33:b2:19:04:04:6c:d3:96:4a:
ed:51:7f:23:8f:f5:cc:e2:e1:d2:19:aa:29:e4:b8:
01:0d:1c:13:82:cf:2e:0e:1a:d1:9f:9a:92:00:97:
fa:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:A0:EC:30:07:A0:35:12:90:00:4E:68:B5:EF:80:DE:7C:9F:3B:21
X509v3 Authority Key Identifier:
keyid:0C:DA:5C:87:43:54:D8:38:26:E4:3C:25:35:B7:6E:20:D5:B6:1B:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DNpch0NU2Dgm5DwlNbduINW2GwU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/tqDsMAegNRKQAE5ote-A3nyfOyE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/92332f-03e0-4116-b6f3-c82f424b6d0d/1/DNpch0NU2Dgm5DwlNbduINW2GwU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.232.168.0/21
185.37.52.0/22
185.78.20.0/22
185.162.218.0/23
185.232.152.0/22
Signature Algorithm: sha256WithRSAEncryption
52:0d:cf:66:d0:6b:9a:e2:39:38:3a:1f:25:f7:aa:da:6d:82:
40:ea:72:ac:82:6a:30:cd:76:12:90:8c:21:af:d7:72:4b:d1:
7e:87:48:3e:3a:9e:e2:a1:73:5b:1a:24:d4:4e:0c:af:a3:c1:
4d:86:01:87:e8:78:27:4c:3b:15:bb:79:60:de:36:a8:06:17:
82:d0:80:e4:66:4f:8f:09:af:eb:6d:fc:a4:02:91:24:3d:b2:
c9:ca:3b:7e:ae:98:4e:12:54:09:44:ee:53:fb:0d:1b:a5:31:
52:b9:e9:ef:2b:b2:ed:db:80:64:5d:20:d7:dd:8f:bc:d7:23:
39:a7:31:e9:51:03:82:38:c9:87:09:87:48:dd:81:4c:2d:68:
9e:a1:b8:8a:95:d7:bc:70:b0:97:00:be:cd:46:80:27:e3:1c:
10:99:9b:4e:29:c0:80:91:74:e2:c3:93:13:35:7f:d9:9d:a2:
83:1e:5d:52:86:8d:fa:8a:96:cf:c8:38:95:81:d3:af:79:79:
f3:16:1b:06:61:59:7e:cf:0c:5f:ce:6b:76:c8:99:a7:8e:58:
b8:8f:3d:16:e8:cd:16:f7:68:3b:10:84:b9:09:a3:36:88:5a:
d4:ee:46:77:9e:9a:f7:85:0e:a4:ae:4e:02:ff:b6:35:6e:42:
75:b0:8e:86
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYYsUPlGR2k5GRv7GRIA9FbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZGE1Yzg3NDM1NGQ4MzgyNmU0M2MyNTM1Yjc2ZTIwZDVi
NjFiMDUwHhcNMjMwMjA3MTQzOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmEwZWMzMDA3YTAzNTEyOTAwMDRlNjhiNWVmODBkZTdjOWYzYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaML1w1I8qOMdon4i8u2wbtN02pu
c0IscYparDpItOmj86ftHdj/XF+q3iOYTS3q1WhaI9UM7fLHbx3v6FTnZnoPi83M
kP3/ge6s6E6CCcrIlH/j83HTllja7UGU/2tKjcRbK1dDrfUyrqO+B4s632Euwx9a
WMWDEcEKZ48wULRv/KXksU48iJczFJZFds+a+wg+WpKXcxZ717UDYL7wC2OyxFAc
DI8ScbVGJGC5G0bzaXXFXJH+0B+nmXgTrxTMqTdo0kVOZr7BCiuZsc4RVXVLrqSM
zH0zshkEBGzTlkrtUX8jj/XM4uHSGaop5LgBDRwTgs8uDhrRn5qSAJf68QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLag7DAHoDUSkABOaLXvgN58nzshMB8GA1UdIwQY
MBaAFAzaXIdDVNg4JuQ8JTW3biDVthsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE5wY2gwTlUyRGdtNUR3bE5iZHVJTlcyR3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85MjMzMmYtMDNlMC00MTE2LWI2ZjMt
YzgyZjQyNGI2ZDBkLzEvdHFEc01BZWdOUktRQUU1b3RlLUEzbnlmT3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85MjMzMmYtMDNlMC00MTE2LWI2ZjMtYzgyZjQyNGI2ZDBk
LzEvRE5wY2gwTlUyRGdtNUR3bE5iZHVJTlcyR3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDXuioAwQC
uSU0AwQCuU4UAwQBuaLaAwQCueiYMA0GCSqGSIb3DQEBCwUAA4IBAQBSDc9m0Gua
4jk4Oh8l96rabYJA6nKsgmowzXYSkIwhr9dyS9F+h0g+Op7ioXNbGiTUTgyvo8FN
hgGH6HgnTDsVu3lg3jaoBheC0IDkZk+PCa/rbfykApEkPbLJyjt+rphOElQJRO5T
+w0bpTFSuenvK7Lt24BkXSDX3Y+81yM5pzHpUQOCOMmHCYdI3YFMLWieobiKlde8
cLCXAL7NRoAn4xwQmZtOKcCAkXTiw5MTNX/ZnaKDHl1Sho36ipbPyDiVgdOveXnz
FhsGYVl+zwxfzmt2yJmnjli4jz0W6M0W92g7EIS5CaM2iFrU7kZ3npr3hQ6krk4C
/7Y1bkJ1sI6G
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:42:29 2025 by rpki-client