Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/VPpHI4z7Zppf6kKjCCUlxZQu0qM.roa
File: VPpHI4z7Zppf6kKjCCUlxZQu0qM.roa (raw, json)
Hash identifier: 0d0vhvAe4h7Zi7BKYSqaLQM7O721NkmxAbt1mgPS6uA=
Subject key identifier: 54:FA:47:23:8C:FB:66:9A:5F:EA:42:A3:08:25:25:C5:94:2E:D2:A3
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 018D3A8242A6E5283035DDEA5A7B02844561
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/VPpHI4z7Zppf6kKjCCUlxZQu0qM.roa
Signing time: Wed 24 Jan 2024 08:07:11 +0000
ROA not before: Wed 24 Jan 2024 08:07:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49024
IP address blocks: 95.131.122.0/23 maxlen: 24
185.154.28.0/22 maxlen: 24
2a02:c49::/32 maxlen: 32
2a02:c4a::/31 maxlen: 31
2a02:c4a::/32 maxlen: 32
2a02:c4c::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3a:82:42:a6:e5:28:30:35:dd:ea:5a:7b:02:84:45:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jan 24 08:07:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=54fa47238cfb669a5fea42a3082525c5942ed2a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:2a:d6:ed:74:fb:e5:17:3d:13:70:39:06:8f:
d9:92:0e:69:3b:3e:27:83:ed:ad:86:88:e3:9c:85:
ab:3a:4f:21:dd:f9:16:36:17:77:2a:ee:8d:df:bb:
5f:b3:f7:07:f3:4f:64:b5:5c:e3:8b:03:f2:3b:2a:
a2:54:15:66:4a:22:c5:46:5a:98:33:de:47:eb:12:
9a:e0:b9:50:59:8c:c5:95:e2:9f:ae:d6:02:21:94:
9a:c0:3a:df:4b:82:f3:8b:d3:ba:d8:83:30:a5:fa:
6f:23:af:95:b8:91:bf:59:ab:69:62:af:20:4f:ae:
67:1e:80:13:46:bc:cf:5a:d7:68:4d:7e:8f:37:7f:
af:18:48:f6:0a:6e:b8:a5:71:6f:e3:03:4b:76:4a:
9d:e9:cd:4d:ae:6b:25:87:b6:d4:e2:e5:e5:d0:14:
e1:f7:00:48:4b:44:38:14:ef:b8:e8:c4:4d:de:c2:
08:73:de:80:e0:e2:50:53:54:94:53:6a:05:d0:e2:
32:f2:20:09:18:f0:94:0c:2f:28:2e:f2:2c:d9:25:
0c:b3:3e:03:95:a5:c6:23:6e:00:07:6b:e2:7f:11:
26:ba:d6:d7:6f:42:cc:9b:74:e9:1b:e2:3e:dd:36:
f3:be:3c:75:3e:69:6e:b2:92:e8:73:1b:be:39:ea:
19:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:FA:47:23:8C:FB:66:9A:5F:EA:42:A3:08:25:25:C5:94:2E:D2:A3
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/VPpHI4z7Zppf6kKjCCUlxZQu0qM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.122.0/23
185.154.28.0/22
IPv6:
2a02:c49::-2a02:c4f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8a:1b:42:4c:66:18:7d:0e:21:89:b2:33:e3:d5:5e:21:02:f2:
86:d9:b4:07:ca:e0:bf:f6:3b:a1:24:67:14:f6:f7:70:c9:9c:
b8:d2:05:60:2f:00:76:fb:83:07:af:77:c1:52:53:1c:ce:7f:
db:86:4e:15:61:40:a4:6a:22:b2:13:c5:6a:1a:ff:4e:77:12:
b3:a5:d1:7e:f0:df:53:ea:50:2c:0e:dd:88:7a:16:82:7e:04:
81:f4:f3:08:51:db:8c:e0:13:12:18:ed:b5:0c:97:cc:3e:b8:
44:82:0a:65:79:60:ef:32:e1:00:1c:01:9c:8f:51:60:c8:e0:
31:4c:51:a5:cf:c5:b8:05:ff:b2:7a:e7:cd:ca:f9:4d:6c:39:
5d:30:5b:17:e7:d1:8a:87:99:16:57:57:3f:02:99:d8:73:b2:
6d:81:38:ae:a3:de:10:3f:32:1f:bb:d0:e5:59:91:8e:2c:cd:
a0:0c:5c:f3:d2:ea:86:33:3b:c5:02:a1:e4:48:02:f7:73:1c:
01:ba:bb:d1:c3:cd:02:2c:ad:48:f2:48:7c:f5:3f:01:ba:9a:
da:74:ef:2c:ab:7f:c3:b9:d7:7e:65:49:9a:0f:fc:31:b5:37:
fc:6b:b4:38:75:8d:74:bd:b2:f7:13:c6:9f:aa:7a:01:e6:5c:
88:2b:8d:b1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY06gkKm5SgwNd3qWnsChEVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjQwMTI0MDgwNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGZhNDcyMzhjZmI2NjlhNWZlYTQyYTMwODI1MjVjNTk0MmVkMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSrW7XT75Rc9E3A5Bo/Zkg5pOz4n
g+2thojjnIWrOk8h3fkWNhd3Ku6N37tfs/cH809ktVzjiwPyOyqiVBVmSiLFRlqY
M95H6xKa4LlQWYzFleKfrtYCIZSawDrfS4Lzi9O62IMwpfpvI6+VuJG/WatpYq8g
T65nHoATRrzPWtdoTX6PN3+vGEj2Cm64pXFv4wNLdkqd6c1Nrmslh7bU4uXl0BTh
9wBIS0Q4FO+46MRN3sIIc96A4OJQU1SUU2oF0OIy8iAJGPCUDC8oLvIs2SUMsz4D
laXGI24AB2vifxEmutbXb0LMm3TpG+I+3Tbzvjx1PmluspLocxu+OeoZeQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFT6RyOM+2aaX+pCowglJcWULtKjMB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEvVlBwSEk0ejdacHBmNmtLakNDVWx4WlF1MHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQBX4N6AwQC
uZocMBYEAgACMBAwDgMFACoCDEkDBQQqAgxAMA0GCSqGSIb3DQEBCwUAA4IBAQCK
G0JMZhh9DiGJsjPj1V4hAvKG2bQHyuC/9juhJGcU9vdwyZy40gVgLwB2+4MHr3fB
UlMczn/bhk4VYUCkaiKyE8VqGv9OdxKzpdF+8N9T6lAsDt2IehaCfgSB9PMIUduM
4BMSGO21DJfMPrhEggpleWDvMuEAHAGcj1FgyOAxTFGlz8W4Bf+yeufNyvlNbDld
MFsX59GKh5kWV1c/ApnYc7JtgTiuo94QPzIfu9DlWZGOLM2gDFzz0uqGMzvFAqHk
SAL3cxwBurvRw80CLK1I8kh89T8BupradO8sq3/Dudd+ZUmaD/wxtTf8a7Q4dY10
vbL3E8afqnoB5lyIK42x
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:31:30 2025 by rpki-client