Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/wq4TD9h9oa9NZGfO8Bp06JKvP6g.roa
File: wq4TD9h9oa9NZGfO8Bp06JKvP6g.roa (raw, json)
Hash identifier: MpfBCPLGu923Oe1Qp4Ky/HNdQV6i3vpGA8xuph/7h80=
Subject key identifier: C2:AE:13:0F:D8:7D:A1:AF:4D:64:67:CE:F0:1A:74:E8:92:AF:3F:A8
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0195A9263AB30FC0328EE433858717D9A1C9
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/wq4TD9h9oa9NZGfO8Bp06JKvP6g.roa
Signing time: Tue 18 Mar 2025 12:06:49 +0000
ROA not before: Tue 18 Mar 2025 12:06:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34661
IP address blocks: 31.42.124.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a9:26:3a:b3:0f:c0:32:8e:e4:33:85:87:17:d9:a1:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Mar 18 12:06:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c2ae130fd87da1af4d6467cef01a74e892af3fa8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:9d:57:b0:cc:2e:cb:ac:9b:b1:94:94:e8:d9:
43:dc:c5:c6:dd:b3:54:eb:d2:23:16:86:65:fc:97:
7a:aa:5f:7b:34:f3:27:e3:0f:a2:32:46:94:19:f5:
8b:96:df:4c:d3:6e:5d:b2:73:3e:b8:4b:bb:5b:d7:
c2:69:ea:98:17:fc:15:47:d9:72:f8:fd:f6:91:77:
ea:bd:ab:04:dd:0c:68:45:10:64:1e:b1:79:b2:90:
7d:df:f9:58:1c:43:04:8e:c4:04:fc:c0:68:f5:96:
95:91:ed:61:c9:e0:06:12:75:ee:ac:63:97:06:af:
80:e1:d0:e0:79:b2:3e:de:d1:78:1f:c7:44:98:9c:
d0:48:ef:1f:bc:bc:5d:7b:1c:5c:fb:f6:9f:f6:54:
14:57:7c:0d:68:0b:fc:6b:cf:2e:18:18:4a:b7:ee:
68:57:5e:9a:df:65:13:09:19:04:d0:a9:ad:32:ed:
3e:6b:da:4e:59:b6:f0:f4:e8:64:a2:51:b9:1c:53:
de:d1:f3:50:f3:08:5b:ee:ca:93:9e:ee:61:ac:91:
d8:0f:a8:17:38:e5:58:6f:86:2e:76:57:5b:dc:a7:
81:70:ef:23:80:0f:5f:9c:cb:3e:85:9e:60:9b:25:
fc:e6:93:23:de:54:c8:d3:23:c7:35:3c:92:88:8e:
97:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:AE:13:0F:D8:7D:A1:AF:4D:64:67:CE:F0:1A:74:E8:92:AF:3F:A8
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/wq4TD9h9oa9NZGfO8Bp06JKvP6g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.124.0/22
Signature Algorithm: sha256WithRSAEncryption
35:70:90:63:4e:98:e4:32:ad:3b:27:d5:96:2e:6e:cd:48:bb:
7e:28:96:1c:2a:d0:5e:88:ff:1c:bf:35:f0:4f:8b:45:7f:19:
12:99:e8:65:b5:e1:3c:fc:77:0c:84:cc:69:80:1f:4e:bf:38:
ad:8c:67:44:d3:71:a7:bb:ca:70:eb:57:96:3c:88:1a:26:c5:
d9:a5:de:d1:08:fd:26:1a:3b:a4:74:47:83:89:cc:d5:59:24:
72:a4:fe:99:eb:b1:1a:85:1e:9f:e1:55:82:62:b7:f3:3b:3f:
2f:11:18:cf:85:ec:b9:86:a5:81:6b:02:a6:c8:65:06:01:bb:
a7:18:fe:04:19:4a:f7:db:91:da:a8:a6:aa:16:cd:8e:15:b3:
60:8b:5a:60:d8:ca:44:c9:20:e2:92:85:5f:67:bb:7f:f8:a2:
1a:e2:d6:7a:31:4f:21:0e:82:65:3e:be:15:90:29:a9:8a:c8:
42:a8:4d:f9:2f:91:35:d0:3c:8c:ce:93:e8:eb:19:f0:f4:ed:
98:7e:b1:5e:97:2a:2b:fa:2c:d9:19:13:78:b7:5b:3d:26:f9:
ef:25:1a:27:f7:20:f0:0e:1d:b1:4d:8f:73:b6:a5:c0:f4:82:
bf:09:f0:4a:cd:ad:2d:3f:31:8c:94:7c:3c:ce:6e:3e:4e:e7:
c8:0b:ab:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWpJjqzD8AyjuQzhYcX2aHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjUwMzE4MTIwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmFlMTMwZmQ4N2RhMWFmNGQ2NDY3Y2VmMDFhNzRlODkyYWYzZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ1XsMwuy6ybsZSU6NlD3MXG3bNU
69IjFoZl/Jd6ql97NPMn4w+iMkaUGfWLlt9M025dsnM+uEu7W9fCaeqYF/wVR9ly
+P32kXfqvasE3QxoRRBkHrF5spB93/lYHEMEjsQE/MBo9ZaVke1hyeAGEnXurGOX
Bq+A4dDgebI+3tF4H8dEmJzQSO8fvLxdexxc+/af9lQUV3wNaAv8a88uGBhKt+5o
V16a32UTCRkE0KmtMu0+a9pOWbbw9OhkolG5HFPe0fNQ8whb7sqTnu5hrJHYD6gX
OOVYb4Yudldb3KeBcO8jgA9fnMs+hZ5gmyX85pMj3lTI0yPHNTySiI6XBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKuEw/YfaGvTWRnzvAadOiSrz+oMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvd3E0VEQ5aDlvYTlOWkdmTzhCcDA2Skt2UDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHyp8MA0G
CSqGSIb3DQEBCwUAA4IBAQA1cJBjTpjkMq07J9WWLm7NSLt+KJYcKtBeiP8cvzXw
T4tFfxkSmehlteE8/HcMhMxpgB9OvzitjGdE03Gnu8pw61eWPIgaJsXZpd7RCP0m
GjukdEeDiczVWSRypP6Z67EahR6f4VWCYrfzOz8vERjPhey5hqWBawKmyGUGAbun
GP4EGUr325HaqKaqFs2OFbNgi1pg2MpEySDikoVfZ7t/+KIa4tZ6MU8hDoJlPr4V
kCmpishCqE35L5E10DyMzpPo6xnw9O2YfrFelyor+izZGRN4t1s9JvnvJRon9yDw
Dh2xTY9ztqXA9IK/CfBKza0tPzGMlHw8zm4+TufIC6sV
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:40:26 2025 by rpki-client