Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ytMrj-kwMC_IbRs3tqtxyZtg3v8.roa
File: ytMrj-kwMC_IbRs3tqtxyZtg3v8.roa (raw, json)
Hash identifier: jra56KUBr1rw8yvlOloiE709A7687vkckcUKbnOkJYE=
Subject key identifier: CA:D3:2B:8F:E9:30:30:2F:C8:6D:1B:37:B6:AB:71:C9:9B:60:DE:FF
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 01895196E777C45F7FF41D31E4ADE1B703B1
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ytMrj-kwMC_IbRs3tqtxyZtg3v8.roa
Signing time: Thu 13 Jul 2023 23:29:51 +0000
ROA not before: Thu 13 Jul 2023 23:29:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49024
IP address blocks: 185.154.28.0/22 maxlen: 24
95.131.120.0/21 maxlen: 24
2a02:c4c::/30 maxlen: 30
2a02:c4a::/31 maxlen: 31
2a02:c4a::/32 maxlen: 32
2a02:c49::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:51:96:e7:77:c4:5f:7f:f4:1d:31:e4:ad:e1:b7:03:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jul 13 23:29:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cad32b8fe930302fc86d1b37b6ab71c99b60deff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:ed:4e:e1:fc:b1:c4:5e:87:cd:5e:5b:38:37:
0d:50:92:ff:45:a1:4c:ed:14:cb:d8:ea:eb:51:6f:
ec:84:79:6d:ff:d8:fa:4f:ba:69:5e:e6:6c:e4:20:
2a:32:a4:15:8e:e1:55:e8:dd:43:c8:a9:b5:ad:81:
27:30:bc:ff:78:3c:8d:82:60:94:fc:b7:28:dd:8c:
ed:90:4f:63:fa:7e:d7:12:b1:69:10:4e:16:d2:40:
df:b9:49:41:b7:8a:be:b6:9c:48:ad:8d:6e:56:2f:
9f:cb:70:7c:67:23:fe:75:c1:18:30:5d:54:12:fc:
68:99:62:bd:2b:76:22:84:1a:e1:d3:a9:2c:01:b1:
bb:2d:9c:cd:b9:fe:26:c3:82:9d:06:01:d0:4d:1e:
4c:9b:87:3c:80:e5:74:7e:56:13:a6:e4:4b:57:43:
ed:1e:a2:dd:a8:fc:e8:49:76:cc:2c:a5:59:90:e3:
cb:4f:f2:9c:78:e0:01:22:56:90:42:33:dc:fb:df:
5c:e9:03:75:d7:68:92:a1:31:dc:89:67:88:d3:29:
b6:55:31:3e:cb:0d:09:84:da:0d:f1:35:0e:72:55:
5a:77:e9:5b:09:95:0c:50:d8:89:c5:5d:8c:9c:89:
b1:08:76:fb:24:33:f3:fe:1b:bc:75:d5:31:d2:02:
64:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:D3:2B:8F:E9:30:30:2F:C8:6D:1B:37:B6:AB:71:C9:9B:60:DE:FF
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ytMrj-kwMC_IbRs3tqtxyZtg3v8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
IPv6:
2a02:c49::-2a02:c4f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4c:70:1f:2c:ce:3b:3b:01:72:ad:cd:24:2b:7f:59:4f:22:41:
96:c4:b7:af:9e:77:2e:b5:aa:5a:4f:f7:cb:a0:d6:d2:ae:79:
18:12:e2:af:c6:c7:7d:f5:80:e5:e3:53:31:86:38:12:ec:10:
8c:3e:a5:96:52:73:38:85:7a:07:01:57:ab:2a:bc:81:0b:4f:
46:51:dc:77:7a:40:da:a8:4c:3f:cb:f4:23:e3:63:77:ef:56:
5d:fc:68:91:a6:e3:56:e0:7c:f9:60:e5:bc:42:6e:83:f1:7c:
99:38:93:e5:39:3a:c5:b3:fb:57:8d:40:58:94:b1:df:a0:f4:
23:c1:1c:63:b1:c7:5d:72:b3:8e:c8:20:18:fe:fe:f9:87:ca:
ec:b6:91:52:2e:f4:96:42:65:20:3c:97:a8:80:e7:dd:40:16:
e9:43:61:1f:f2:e4:29:a6:3b:aa:3d:75:89:53:f3:5c:c9:55:
17:c5:59:2d:e0:06:d0:06:9e:7c:e7:d6:50:62:0f:e0:44:7a:
71:10:3f:18:36:9a:34:52:ac:aa:49:75:9b:10:25:ee:6e:50:
44:85:74:80:8b:42:2e:67:95:33:b8:48:f4:4f:f2:6e:6a:3e:
1e:fe:8f:0c:34:30:bb:95:d3:2e:07:be:4f:79:26:64:e0:96:
fc:5b:3d:8c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYlRlud3xF9/9B0x5K3htwOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjMwNzEzMjMyOTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQzMmI4ZmU5MzAzMDJmYzg2ZDFiMzdiNmFiNzFjOTliNjBkZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhe1O4fyxxF6HzV5bODcNUJL/RaFM
7RTL2OrrUW/shHlt/9j6T7ppXuZs5CAqMqQVjuFV6N1DyKm1rYEnMLz/eDyNgmCU
/Lco3YztkE9j+n7XErFpEE4W0kDfuUlBt4q+tpxIrY1uVi+fy3B8ZyP+dcEYMF1U
EvxomWK9K3YihBrh06ksAbG7LZzNuf4mw4KdBgHQTR5Mm4c8gOV0flYTpuRLV0Pt
HqLdqPzoSXbMLKVZkOPLT/KceOABIlaQQjPc+99c6QN112iSoTHciWeI0ym2VTE+
yw0JhNoN8TUOclVad+lbCZUMUNiJxV2MnImxCHb7JDPz/hu8ddUx0gJkIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMrTK4/pMDAvyG0bN7arccmbYN7/MB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEveXRNcmota3dNQ19JYlJzM3RxdHh5WnRnM3Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQDX4N4AwQC
uZocMBYEAgACMBAwDgMFACoCDEkDBQQqAgxAMA0GCSqGSIb3DQEBCwUAA4IBAQBM
cB8szjs7AXKtzSQrf1lPIkGWxLevnncutapaT/fLoNbSrnkYEuKvxsd99YDl41Mx
hjgS7BCMPqWWUnM4hXoHAVerKryBC09GUdx3ekDaqEw/y/Qj42N371Zd/GiRpuNW
4Hz5YOW8Qm6D8XyZOJPlOTrFs/tXjUBYlLHfoPQjwRxjscddcrOOyCAY/v75h8rs
tpFSLvSWQmUgPJeogOfdQBbpQ2Ef8uQppjuqPXWJU/NcyVUXxVkt4AbQBp5859ZQ
Yg/gRHpxED8YNpo0UqyqSXWbECXublBEhXSAi0IuZ5UzuEj0T/Juaj4e/o8MNDC7
ldMuB75PeSZk4Jb8Wz2M
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:54:04 2025 by rpki-client