Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/phZre_cBe5dUWh1VRqmVm7BTfzQ.roa
File: phZre_cBe5dUWh1VRqmVm7BTfzQ.roa (raw, json)
Hash identifier: ML4AprPUv8v+h0cH371ammjyrcj1pffwcBygOGQEENg=
Subject key identifier: A6:16:6B:7B:F7:01:7B:97:54:5A:1D:55:46:A9:95:9B:B0:53:7F:34
Certificate issuer: /CN=d50ca5213413c70a9e83b47a82a7c4579dd4c196
Certificate serial: 019425216BE5EF3EADF6B2EA5BF978AF0177
Authority key identifier: D5:0C:A5:21:34:13:C7:0A:9E:83:B4:7A:82:A7:C4:57:9D:D4:C1:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1QylITQTxwqeg7R6gqfEV53UwZY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/phZre_cBe5dUWh1VRqmVm7BTfzQ.roa
Signing time: Thu 02 Jan 2025 03:48:54 +0000
ROA not before: Thu 02 Jan 2025 03:48:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43293
IP address blocks: 77.93.64.0/19 maxlen: 19
77.93.64.0/20 maxlen: 20
2a01:350::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:6b:e5:ef:3e:ad:f6:b2:ea:5b:f9:78:af:01:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d50ca5213413c70a9e83b47a82a7c4579dd4c196
Validity
Not Before: Jan 2 03:48:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6166b7bf7017b97545a1d5546a9959bb0537f34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:af:7b:5d:6c:b9:39:67:1a:4c:e6:7b:bd:3e:
8f:5c:66:c6:ab:dc:bb:ec:c5:65:29:0f:1a:dd:6f:
6c:d9:09:04:d1:b4:07:f0:e8:ea:f3:47:55:28:a5:
2c:28:e0:69:ea:a5:08:d2:76:88:1b:47:e2:b4:20:
d4:9f:3f:73:f0:a4:fe:52:e3:ca:7f:84:2e:42:cf:
ce:21:8a:a5:96:e2:3d:53:e9:ef:48:5a:81:3c:95:
49:3b:d6:eb:54:de:6a:01:ae:07:df:1b:81:fe:9a:
0a:20:45:6e:83:58:0f:57:ec:49:61:19:fd:f6:ea:
9f:11:c9:13:a0:97:5b:01:91:1b:33:91:88:4b:9f:
c1:6b:89:14:17:99:4d:b7:63:88:b0:1b:b0:09:fc:
e5:9a:42:27:6a:94:39:8c:0d:bc:36:6c:8a:d2:bc:
a7:08:9a:39:fb:f2:18:e6:c7:41:94:5f:ad:1d:7b:
49:87:cb:5f:95:7e:bf:36:7d:10:dc:fb:2b:ab:4c:
24:1b:08:46:0a:fe:32:80:97:e2:67:41:7a:7d:59:
f8:1d:09:ca:50:75:7a:d9:76:58:42:06:43:42:3a:
d5:79:01:11:02:48:18:19:0b:b8:12:ee:f4:8a:8e:
5c:db:43:02:61:37:6f:bd:b2:f7:f9:2e:2c:aa:e1:
76:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:16:6B:7B:F7:01:7B:97:54:5A:1D:55:46:A9:95:9B:B0:53:7F:34
X509v3 Authority Key Identifier:
keyid:D5:0C:A5:21:34:13:C7:0A:9E:83:B4:7A:82:A7:C4:57:9D:D4:C1:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QylITQTxwqeg7R6gqfEV53UwZY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/phZre_cBe5dUWh1VRqmVm7BTfzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/22f80f-3a08-49c6-b405-354b11af233e/1/1QylITQTxwqeg7R6gqfEV53UwZY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.64.0/19
IPv6:
2a01:350::/32
Signature Algorithm: sha256WithRSAEncryption
71:f1:d8:7f:d7:60:f7:6c:24:8e:48:9c:d2:ac:bd:b5:0b:36:
66:4f:f9:de:89:88:05:c0:28:22:62:93:e4:3c:6c:47:d0:9b:
36:f8:24:d9:be:3a:f3:70:d4:b8:02:c7:3e:f3:02:be:b0:4c:
33:f3:af:b4:e9:ab:7f:fb:29:57:0e:ea:c7:c0:13:1e:71:32:
08:71:44:9e:cf:97:81:a8:97:28:03:b6:3a:95:c2:08:71:18:
c9:f9:20:c2:d6:dc:73:f2:64:95:8b:fc:f2:cc:16:d9:a0:c4:
71:3a:fc:11:a1:be:e8:ee:72:1c:87:ab:72:89:ab:f9:ad:0e:
4f:80:7d:c3:bc:a8:27:19:c8:fc:b1:a7:66:d4:ed:89:18:ec:
08:31:e7:7d:a4:00:9b:e9:5c:55:4a:5b:2f:51:2c:0e:02:f9:
31:77:cf:30:95:4f:ec:97:01:90:05:4d:5d:d5:8a:55:b2:bf:
18:f7:83:8a:8c:e6:d5:b5:1e:22:ba:e4:b8:11:0a:66:6b:20:
3e:3b:35:ad:8c:fb:23:da:60:5f:32:7c:9f:9d:c8:bf:eb:7b:
15:b0:a3:cb:6f:19:ae:0f:79:db:85:1f:83:65:05:e4:6d:fa:
6a:5d:1c:a1:aa:df:c7:0a:35:96:3d:c5:ed:52:bf:cf:ed:79:
18:01:9f:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIWvl7z6t9rLqW/l4rwF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MGNhNTIxMzQxM2M3MGE5ZTgzYjQ3YTgyYTdjNDU3OWRk
NGMxOTYwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjE2NmI3YmY3MDE3Yjk3NTQ1YTFkNTU0NmE5OTU5YmIwNTM3ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAya97XWy5OWcaTOZ7vT6PXGbGq9y7
7MVlKQ8a3W9s2QkE0bQH8Ojq80dVKKUsKOBp6qUI0naIG0fitCDUnz9z8KT+UuPK
f4QuQs/OIYqlluI9U+nvSFqBPJVJO9brVN5qAa4H3xuB/poKIEVug1gPV+xJYRn9
9uqfEckToJdbAZEbM5GIS5/Ba4kUF5lNt2OIsBuwCfzlmkInapQ5jA28NmyK0ryn
CJo5+/IY5sdBlF+tHXtJh8tflX6/Nn0Q3Psrq0wkGwhGCv4ygJfiZ0F6fVn4HQnK
UHV62XZYQgZDQjrVeQERAkgYGQu4Eu70io5c20MCYTdvvbL3+S4squF25wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKYWa3v3AXuXVFodVUaplZuwU380MB8GA1UdIwQY
MBaAFNUMpSE0E8cKnoO0eoKnxFed1MGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVF5bElUUVR4d3FlZzdSNmdxZkVWNTNVd1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8yMmY4MGYtM2EwOC00OWM2LWI0MDUt
MzU0YjExYWYyMzNlLzEvcGhacmVfY0JlNWRVV2gxVlJxbVZtN0JUZnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8yMmY4MGYtM2EwOC00OWM2LWI0MDUtMzU0YjExYWYyMzNl
LzEvMVF5bElUUVR4d3FlZzdSNmdxZkVWNTNVd1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTV1AMA0E
AgACMAcDBQAqAQNQMA0GCSqGSIb3DQEBCwUAA4IBAQBx8dh/12D3bCSOSJzSrL21
CzZmT/neiYgFwCgiYpPkPGxH0Js2+CTZvjrzcNS4Asc+8wK+sEwz86+06at/+ylX
DurHwBMecTIIcUSez5eBqJcoA7Y6lcIIcRjJ+SDC1txz8mSVi/zyzBbZoMRxOvwR
ob7o7nIch6tyiav5rQ5PgH3DvKgnGcj8sadm1O2JGOwIMed9pACb6VxVSlsvUSwO
Avkxd88wlU/slwGQBU1d1YpVsr8Y94OKjObVtR4iuuS4EQpmayA+OzWtjPsj2mBf
Mnyfnci/63sVsKPLbxmuD3nbhR+DZQXkbfpqXRyhqt/HCjWWPcXtUr/P7XkYAZ8B
-----END CERTIFICATE-----
Generated at Fri Apr 18 12:47:42 2025 by rpki-client