Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/1iAY7ChgwTTDtaiMAA7yeXTYBgo.roa
File: 1iAY7ChgwTTDtaiMAA7yeXTYBgo.roa (raw, json)
Hash identifier: c0XWrSSH/0cQCncTzDXVKomaPgLQAkdhoKBvBugiIGA=
Subject key identifier: D6:20:18:EC:28:60:C1:34:C3:B5:A8:8C:00:0E:F2:79:74:D8:06:0A
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 018CC64B4D5C1351ECD711CB346DEC1C7149
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/1iAY7ChgwTTDtaiMAA7yeXTYBgo.roa
Signing time: Mon 01 Jan 2024 18:31:12 +0000
ROA not before: Mon 01 Jan 2024 18:31:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49024
IP address blocks: 185.154.28.0/22 maxlen: 24
95.131.120.0/21 maxlen: 24
2a02:c4c::/30 maxlen: 30
2a02:c4a::/31 maxlen: 31
2a02:c4a::/32 maxlen: 32
2a02:c49::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:4d:5c:13:51:ec:d7:11:cb:34:6d:ec:1c:71:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jan 1 18:31:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d62018ec2860c134c3b5a88c000ef27974d8060a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:fd:53:b9:fa:87:86:4a:df:a1:d3:5f:c9:1d:
3f:30:eb:21:75:d8:9a:4b:53:3c:60:9f:d6:0e:c9:
f9:bd:3d:81:6b:a4:11:e7:0a:52:23:a6:c7:28:da:
10:10:ea:71:19:c1:05:2b:9e:43:cb:9a:62:0d:bb:
08:9c:42:8a:f9:21:7e:96:74:82:e5:80:3d:5b:e4:
62:42:65:6b:c4:78:91:75:92:75:a2:c1:85:a7:3a:
8b:76:2d:99:66:1a:ed:20:c1:a8:93:f2:40:c0:74:
ef:7e:d7:0f:a7:3a:8a:08:07:22:ce:5f:2b:aa:af:
7c:30:ba:0e:c6:79:2a:c4:93:dd:99:4d:fb:4f:17:
d5:63:eb:e5:b9:db:20:b9:86:15:33:9b:1d:62:99:
e5:58:69:4d:53:ed:ea:b2:40:d2:73:62:58:97:26:
b1:40:41:1c:fb:94:2c:e9:73:39:31:f5:2b:2c:f6:
38:00:35:a7:cd:18:55:a2:6b:90:79:07:21:ea:5d:
72:80:d3:80:37:59:69:c1:ba:09:77:54:c8:cd:32:
9d:51:af:41:12:c0:6b:69:20:06:af:82:3e:8b:78:
61:e3:17:3c:25:a5:3a:34:a6:3c:a2:12:f6:98:0a:
6f:04:ef:ae:00:6b:86:88:81:cc:53:0b:85:80:24:
37:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:20:18:EC:28:60:C1:34:C3:B5:A8:8C:00:0E:F2:79:74:D8:06:0A
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/1iAY7ChgwTTDtaiMAA7yeXTYBgo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
IPv6:
2a02:c49::-2a02:c4f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6c:18:1e:78:e9:18:9a:2e:76:7b:93:7c:41:5f:19:a8:88:64:
ca:12:8e:8e:f5:38:3c:8f:81:de:4a:a1:6f:ae:31:50:69:c6:
ca:69:86:f7:f3:97:a1:c8:2f:2a:11:44:b1:fc:3d:2d:cd:e4:
b3:fc:a4:0a:ff:a7:cd:52:68:88:45:db:a8:27:12:ae:d7:d6:
95:8f:ed:ca:32:76:20:a6:10:6f:f8:65:bb:15:01:47:b7:2d:
f6:3a:bf:db:da:d3:79:95:cc:47:78:07:b2:ea:3d:cd:c4:75:
fc:f0:42:92:4f:1e:6f:08:91:89:bf:8e:32:97:02:d9:3c:69:
f0:51:fb:07:38:36:93:5e:f6:1d:74:3b:e1:9c:e3:98:f8:bb:
fa:c1:29:11:88:65:ae:f8:8d:a7:77:34:68:c5:d7:99:49:f1:
95:a6:b1:51:27:a5:d5:e9:f0:fd:dd:9c:2f:d8:eb:ba:fe:7f:
95:45:b1:5e:7f:18:38:b6:df:0a:27:1b:03:2e:e4:de:62:db:
49:11:dc:b2:82:4f:25:1f:b2:bb:ef:60:32:aa:19:b6:ac:fa:
ca:26:ed:b9:16:dd:37:50:d0:c1:00:2f:c9:57:84:5f:29:c4:
8b:79:10:71:7c:75:4d:ef:2b:c1:d1:1f:99:4c:b9:68:ca:6e:
0d:41:7d:75
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzGS01cE1Hs1xHLNG3sHHFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjIwMThlYzI4NjBjMTM0YzNiNWE4OGMwMDBlZjI3OTc0ZDgwNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv1TufqHhkrfodNfyR0/MOshddia
S1M8YJ/WDsn5vT2Ba6QR5wpSI6bHKNoQEOpxGcEFK55Dy5piDbsInEKK+SF+lnSC
5YA9W+RiQmVrxHiRdZJ1osGFpzqLdi2ZZhrtIMGok/JAwHTvftcPpzqKCAcizl8r
qq98MLoOxnkqxJPdmU37TxfVY+vludsguYYVM5sdYpnlWGlNU+3qskDSc2JYlyax
QEEc+5Qs6XM5MfUrLPY4ADWnzRhVomuQeQch6l1ygNOAN1lpwboJd1TIzTKdUa9B
EsBraSAGr4I+i3hh4xc8JaU6NKY8ohL2mApvBO+uAGuGiIHMUwuFgCQ3iQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNYgGOwoYME0w7WojAAO8nl02AYKMB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEvMWlBWTdDaGd3VFREdGFpTUFBN3llWFRZQmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQDX4N4AwQC
uZocMBYEAgACMBAwDgMFACoCDEkDBQQqAgxAMA0GCSqGSIb3DQEBCwUAA4IBAQBs
GB546RiaLnZ7k3xBXxmoiGTKEo6O9Tg8j4HeSqFvrjFQacbKaYb385ehyC8qEUSx
/D0tzeSz/KQK/6fNUmiIRduoJxKu19aVj+3KMnYgphBv+GW7FQFHty32Or/b2tN5
lcxHeAey6j3NxHX88EKSTx5vCJGJv44ylwLZPGnwUfsHODaTXvYddDvhnOOY+Lv6
wSkRiGWu+I2ndzRoxdeZSfGVprFRJ6XV6fD93Zwv2Ou6/n+VRbFefxg4tt8KJxsD
LuTeYttJEdyygk8lH7K772Ayqhm2rPrKJu25Ft03UNDBAC/JV4RfKcSLeRBxfHVN
7yvB0R+ZTLloym4NQX11
-----END CERTIFICATE-----
Generated at Sun Apr 20 14:50:11 2025 by rpki-client