Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/bEPSD1JUf7phf4lPY6LfinRqfvY.roa
File: bEPSD1JUf7phf4lPY6LfinRqfvY.roa (raw, json)
Hash identifier: 1Ji9+RFbtSuoTLb1iQ/aloRSthio6B2F+gfY9h/S1uY=
Subject key identifier: 6C:43:D2:0F:52:54:7F:BA:61:7F:89:4F:63:A2:DF:8A:74:6A:7E:F6
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 09171E87
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/bEPSD1JUf7phf4lPY6LfinRqfvY.roa
Signing time: Sat 01 Jan 2022 01:50:51 +0000
ROA not before: Sat 01 Jan 2022 01:50:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49024
IP address blocks: 185.154.28.0/22 maxlen: 24
95.131.120.0/21 maxlen: 24
2a02:c48::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 152510087 (0x9171e87)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jan 1 01:50:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6c43d20f52547fba617f894f63a2df8a746a7ef6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:94:8b:33:bb:46:e6:61:0a:9a:94:ff:27:de:
2e:2b:d0:93:1f:27:ba:47:42:48:9d:1a:f5:e2:4f:
85:bb:69:91:07:af:3f:0d:90:a1:f5:16:8e:61:13:
5e:a7:d2:8c:6c:bc:83:13:0a:44:94:c1:92:69:53:
0c:50:70:cc:ac:46:2f:62:ec:8e:44:a2:37:29:70:
bc:66:ef:5f:00:bd:22:9a:8e:58:18:ce:58:0e:cd:
20:cf:4b:05:16:f9:d3:1b:ee:90:ba:b9:6c:e6:35:
13:0b:36:af:43:26:ac:15:3f:ed:38:78:ce:6a:ee:
76:4d:7f:06:7c:73:0b:4c:1e:91:0b:c3:74:e8:dd:
2e:b2:1f:f9:95:fc:76:c6:2e:7e:e9:7d:00:8a:2c:
8b:5a:1e:b7:49:e0:26:f4:e2:91:f7:1b:d8:7f:e8:
e1:8e:bd:49:6c:2d:a2:be:fd:20:1a:99:19:34:b1:
ea:77:31:c7:fc:8f:fc:b6:c0:4d:08:01:c3:4f:09:
ab:92:8f:0f:0d:f4:71:28:08:93:2c:e4:a5:54:39:
32:72:98:ab:e9:c7:94:5f:68:c6:4c:ed:67:7c:9e:
07:71:77:b6:7f:3c:5c:58:7c:22:4a:d0:b7:ce:3f:
ce:26:46:9d:94:f7:f0:9e:78:4f:18:0d:c3:14:d3:
83:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:43:D2:0F:52:54:7F:BA:61:7F:89:4F:63:A2:DF:8A:74:6A:7E:F6
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/bEPSD1JUf7phf4lPY6LfinRqfvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
IPv6:
2a02:c48::/29
Signature Algorithm: sha256WithRSAEncryption
68:eb:63:ff:8a:38:49:05:e1:8c:f4:e1:76:6e:6a:3b:ba:25:
bd:15:a8:aa:41:65:ba:db:7f:92:8d:f3:d7:3b:cf:37:ef:09:
d2:58:9c:41:6b:08:44:b6:8b:a1:a4:97:df:47:23:35:b6:d7:
16:2b:7b:49:a0:00:36:df:1e:da:f9:b3:2d:01:b8:b8:4d:86:
11:e0:32:21:9e:4d:f5:a4:a3:21:f1:2c:98:ea:d2:af:fd:cf:
97:1a:3d:db:af:85:5a:57:b7:ee:19:42:20:88:30:93:d2:17:
20:2c:1b:3d:0d:ef:eb:1c:71:77:7d:bc:34:10:7d:d6:38:bc:
ac:1d:2f:d3:44:81:a4:b8:a2:cb:87:d4:ef:4c:21:ad:f7:f8:
7d:1e:f0:27:ea:dc:48:32:5e:76:d9:11:34:de:eb:21:ba:66:
b0:c1:7b:ba:d7:de:7e:54:2b:e0:d1:11:0a:da:17:18:6a:cc:
eb:e5:a8:35:9a:00:08:2a:ed:db:86:8a:28:8f:25:53:ce:03:
9d:81:cd:97:e7:52:a2:0a:54:f5:e3:3e:b5:6d:5a:cc:d3:b1:
9e:56:b6:f9:14:fe:98:bd:b7:dd:11:75:07:04:03:7e:bc:fc:
94:44:83:4b:dc:e4:ff:4e:7d:bb:f4:3b:c2:91:52:28:51:35:
ad:30:f3:db
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIECRcehzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MDJmNTllY2E2NDI5M2QyYzkxNmU3YWJiMDllMDUyZTJjYjFjYjYzMB4XDTIyMDEw
MTAxNTA1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmM0M2QyMGY1MjU0
N2ZiYTYxN2Y4OTRmNjNhMmRmOGE3NDZhN2VmNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+UizO7RuZhCpqU/yfeLivQkx8nukdCSJ0a9eJPhbtpkQev
Pw2QofUWjmETXqfSjGy8gxMKRJTBkmlTDFBwzKxGL2LsjkSiNylwvGbvXwC9IpqO
WBjOWA7NIM9LBRb50xvukLq5bOY1Ews2r0MmrBU/7Th4zmrudk1/BnxzC0wekQvD
dOjdLrIf+ZX8dsYuful9AIosi1oet0ngJvTikfcb2H/o4Y69SWwtor79IBqZGTSx
6ncxx/yP/LbATQgBw08Jq5KPDw30cSgIkyzkpVQ5MnKYq+nHlF9oxkztZ3yeB3F3
tn88XFh8IkrQt84/ziZGnZT38J54TxgNwxTTg2UCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBRsQ9IPUlR/umF/iU9jot+KdGp+9jAfBgNVHSMEGDAWgBTAL1nspkKT0skW
56uwngUuLLHLYzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dDOVo3S1pDazlMSkZ1ZXJzSjRGTGl5eHkyTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTUvNThiMjBhLTQ1MmItNGYyYi1hYWI1LTdkMTNjMDcyZDk2Yi8x
L2JFUFNEMUpVZjdwaGY0bFBZNkxmaW5ScWZ2WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUv
NThiMjBhLTQ1MmItNGYyYi1hYWI1LTdkMTNjMDcyZDk2Yi8xL3dDOVo3S1pDazlM
SkZ1ZXJzSjRGTGl5eHkyTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEA1+DeAMEArmaHDANBAIAAjAHAwUD
KgIMSDANBgkqhkiG9w0BAQsFAAOCAQEAaOtj/4o4SQXhjPThdm5qO7olvRWoqkFl
utt/ko3z1zvPN+8J0licQWsIRLaLoaSX30cjNbbXFit7SaAANt8e2vmzLQG4uE2G
EeAyIZ5N9aSjIfEsmOrSr/3Plxo926+FWle37hlCIIgwk9IXICwbPQ3v6xxxd328
NBB91ji8rB0v00SBpLiiy4fU70whrff4fR7wJ+rcSDJedtkRNN7rIbpmsMF7utfe
flQr4NERCtoXGGrM6+WoNZoACCrt24aKKI8lU84DnYHNl+dSogpU9eM+tW1azNOx
nla2+RT+mL233RF1BwQDfrz8lESDS9zk/059u/Q7wpFSKFE1rTDz2w==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:17:15 2025 by rpki-client