Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/X4igfs5a_v3EseIKImNZFCFKb28.roa
File: X4igfs5a_v3EseIKImNZFCFKb28.roa (raw, json)
Hash identifier: gsuo6dmf7p0Iol2eX8eMMj3RZkmHbClOqMMY9AqZZB4=
Subject key identifier: 5F:88:A0:7E:CE:5A:FE:FD:C4:B1:E2:0A:22:63:59:14:21:4A:6F:6F
Certificate issuer: /CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Certificate serial: 06D43D28
Authority key identifier: 00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/X4igfs5a_v3EseIKImNZFCFKb28.roa
Signing time: Sun 01 May 2022 01:59:35 +0000
ROA not before: Sun 01 May 2022 01:59:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39049
IP address blocks: 94.231.36.0/22 maxlen: 22
94.231.32.0/20 maxlen: 20
94.231.32.0/22 maxlen: 22
94.231.32.0/21 maxlen: 21
94.231.40.0/22 maxlen: 22
195.66.136.0/24 maxlen: 24
195.66.136.0/23 maxlen: 23
195.66.137.0/24 maxlen: 24
94.231.44.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 114572584 (0x6d43d28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Validity
Not Before: May 1 01:59:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5f88a07ece5afefdc4b1e20a22635914214a6f6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:23:7f:c7:fc:b1:a4:a8:65:e5:cf:5d:25:02:
8b:9a:b7:73:8b:55:1e:33:42:7b:66:eb:95:9a:08:
1c:07:ea:d4:50:d8:b7:4f:b6:51:9e:6c:08:77:67:
cc:0c:d4:b9:1a:19:e8:99:a9:4d:52:fc:04:98:79:
78:6e:02:04:9e:26:57:8b:f9:a1:11:af:4a:b8:f8:
3d:e7:ed:e1:50:66:3a:13:98:ce:23:0d:3c:7d:84:
19:1f:90:9e:e4:a0:a8:22:ed:cf:b8:72:1b:79:3f:
81:73:03:ab:46:47:cd:ae:15:f4:b9:1f:c4:da:a2:
74:3d:79:4d:52:2b:96:24:e2:11:1f:6e:24:1e:c7:
a6:0e:30:b8:c8:dc:eb:60:10:24:c1:28:da:00:39:
0e:08:d0:e8:50:ae:08:d9:74:a0:8b:9c:c4:26:c6:
33:5d:f5:f9:8e:ba:dc:83:6d:24:76:22:a1:1c:d4:
0d:77:8a:99:22:b7:e7:1e:c0:68:3e:12:bb:81:a0:
b9:13:ce:de:51:93:d5:71:f6:81:02:c0:c1:0b:d6:
e7:57:63:51:f2:b9:92:7e:40:65:8c:c0:f4:db:a9:
8f:5c:ca:a0:24:4e:31:51:1e:84:13:20:e3:ff:e3:
a3:7c:2b:3a:de:4e:81:3d:d2:e3:28:60:28:3b:6c:
e9:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:88:A0:7E:CE:5A:FE:FD:C4:B1:E2:0A:22:63:59:14:21:4A:6F:6F
X509v3 Authority Key Identifier:
keyid:00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/X4igfs5a_v3EseIKImNZFCFKb28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/AC-m4ZBWg4kFvDK1OrDRBH145NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.231.32.0/20
195.66.136.0/23
Signature Algorithm: sha256WithRSAEncryption
81:e6:be:25:ed:f6:7e:c4:42:86:c7:6f:2e:cd:9f:bb:38:f8:
0d:b6:ac:f3:64:f6:3b:85:ed:85:09:34:a1:6a:81:50:06:ed:
60:ac:07:d3:32:2b:87:e3:26:d9:3d:43:ea:44:67:5e:5c:6f:
c9:19:33:2e:94:a6:98:34:cf:02:40:16:af:f3:b5:43:e6:fe:
22:f6:41:9d:3a:ec:65:f7:98:68:ed:6f:79:e0:7b:6c:9c:68:
db:2a:4f:6d:38:46:ae:b5:9d:e9:61:47:c0:b4:1b:65:c5:84:
a3:98:c6:7e:47:07:bd:70:72:d1:07:19:7d:a6:52:ac:ab:3e:
50:ab:1c:45:cc:25:51:05:08:bf:57:2c:15:de:1f:f4:70:12:
89:11:1f:b3:35:a4:3f:0e:f0:7e:53:51:61:d0:f3:e6:78:16:
2a:53:39:7e:5b:93:e7:08:9d:32:e4:44:7c:c2:40:d6:30:e5:
cb:00:72:fd:2f:7f:12:83:99:4e:cc:1f:83:5d:b6:37:c0:21:
cd:1d:2b:fe:4e:b6:f6:ff:e6:0d:b8:7e:92:a8:f5:18:99:61:
aa:a8:6a:04:de:99:7b:db:d4:53:3f:35:7a:ab:42:4b:5e:81:
7c:7e:ee:95:ea:06:b7:94:ed:cf:c1:b4:f6:e4:0d:aa:63:53:
bd:3f:1a:18
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBtQ9KDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MDJmYTZlMTkwNTY4Mzg5MDViYzMyYjUzYWIwZDEwNDdkNzhlNGQ0MB4XDTIyMDUw
MTAxNTkzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWY4OGEwN2VjZTVh
ZmVmZGM0YjFlMjBhMjI2MzU5MTQyMTRhNmY2ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANAjf8f8saSoZeXPXSUCi5q3c4tVHjNCe2brlZoIHAfq1FDY
t0+2UZ5sCHdnzAzUuRoZ6JmpTVL8BJh5eG4CBJ4mV4v5oRGvSrj4Peft4VBmOhOY
ziMNPH2EGR+QnuSgqCLtz7hyG3k/gXMDq0ZHza4V9LkfxNqidD15TVIrliTiER9u
JB7Hpg4wuMjc62AQJMEo2gA5DgjQ6FCuCNl0oIucxCbGM131+Y663INtJHYioRzU
DXeKmSK35x7AaD4Su4GguRPO3lGT1XH2gQLAwQvW51djUfK5kn5AZYzA9Nupj1zK
oCROMVEehBMg4//jo3wrOt5OgT3S4yhgKDts6SkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRfiKB+zlr+/cSx4goiY1kUIUpvbzAfBgNVHSMEGDAWgBQAL6bhkFaDiQW8
MrU6sNEEfXjk1DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FDLW00WkJXZzRrRnZESzFPckRSQkgxNDVOUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjcvODY2YjZiLWY1NmMtNGEyZi05MDJkLWZiYzM2ZTQzNDhmNS8x
L1g0aWdmczVhX3YzRXNlSUtJbU5aRkNGS2IyOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjcv
ODY2YjZiLWY1NmMtNGEyZi05MDJkLWZiYzM2ZTQzNDhmNS8xL0FDLW00WkJXZzRr
RnZESzFPckRSQkgxNDVOUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBF7nIAMEAcNCiDANBgkqhkiG9w0B
AQsFAAOCAQEAgea+Je32fsRChsdvLs2fuzj4Dbas82T2O4XthQk0oWqBUAbtYKwH
0zIrh+Mm2T1D6kRnXlxvyRkzLpSmmDTPAkAWr/O1Q+b+IvZBnTrsZfeYaO1veeB7
bJxo2ypPbThGrrWd6WFHwLQbZcWEo5jGfkcHvXBy0QcZfaZSrKs+UKscRcwlUQUI
v1csFd4f9HASiREfszWkPw7wflNRYdDz5ngWKlM5fluT5widMuREfMJA1jDlywBy
/S9/EoOZTswfg122N8AhzR0r/k629v/mDbh+kqj1GJlhqqhqBN6Ze9vUUz81eqtC
S16BfH7uleoGt5Ttz8G09uQNqmNTvT8aGA==
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:00:58 2025 by rpki-client