Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/z9IcmIaDVKKSCL6tH8TJtmCZCtU.roa
File: z9IcmIaDVKKSCL6tH8TJtmCZCtU.roa (raw, json)
Hash identifier: 97Vo7DMS+oySP0V/G4LfjDOvc08jXepm0nMZY9B+bI8=
Subject key identifier: CF:D2:1C:98:86:83:54:A2:92:08:BE:AD:1F:C4:C9:B6:60:99:0A:D5
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 01856D4AA8C0DEEFCA46641D4DE358FD7363
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/z9IcmIaDVKKSCL6tH8TJtmCZCtU.roa
Signing time: Sun 01 Jan 2023 12:24:47 +0000
ROA not before: Sun 01 Jan 2023 12:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49024
IP address blocks: 185.154.28.0/22 maxlen: 24
95.131.120.0/21 maxlen: 24
2a02:c48::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:a8:c0:de:ef:ca:46:64:1d:4d:e3:58:fd:73:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jan 1 12:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cfd21c98868354a29208bead1fc4c9b660990ad5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:63:35:3a:05:d8:89:6e:d6:6e:f7:89:6f:42:
7e:cb:59:c3:0d:1f:60:5e:02:b2:1b:9c:8d:25:d2:
12:02:4e:53:32:01:7c:b1:b6:ee:1e:d6:e3:fa:60:
a5:2a:86:c1:e6:3c:81:c3:59:4b:ec:f9:95:a8:80:
2a:ce:57:2b:3b:77:e2:a0:28:09:4c:d8:af:8b:47:
7d:c4:45:16:ec:6e:c5:ff:fa:dc:f2:5d:7a:80:c6:
f4:18:85:bb:f7:96:f8:70:8f:3b:65:73:2e:44:11:
2d:55:53:7e:97:fb:eb:1a:18:48:06:c7:14:e5:b0:
93:41:57:bd:d0:3e:10:42:22:35:e6:a9:2d:64:2a:
be:6a:d1:8b:41:7c:86:31:9e:bc:31:22:65:07:66:
db:4c:ca:b4:78:87:89:ae:88:db:85:6b:d0:b3:75:
36:5f:40:d2:e5:13:e5:fd:97:8a:1a:a3:c2:71:7c:
a1:bc:c0:ce:ea:47:0d:33:63:1e:41:aa:b5:75:4a:
1d:03:71:79:95:d1:3f:c4:6f:27:e2:06:1c:05:c0:
77:84:d8:af:ea:93:9e:14:3e:ac:78:af:e1:ad:7b:
3f:87:65:d1:06:39:77:88:04:ee:98:28:51:40:42:
1a:6e:c0:e2:86:20:b7:92:95:09:43:bc:e2:cd:32:
7e:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:D2:1C:98:86:83:54:A2:92:08:BE:AD:1F:C4:C9:B6:60:99:0A:D5
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/z9IcmIaDVKKSCL6tH8TJtmCZCtU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
IPv6:
2a02:c48::/29
Signature Algorithm: sha256WithRSAEncryption
54:c3:37:8c:db:7d:dc:89:b7:85:f6:67:c3:a1:07:32:ca:f6:
ea:97:b3:6a:a1:e4:90:97:22:4d:bf:57:ac:da:10:52:ab:e1:
46:52:3b:78:11:5c:83:08:30:f6:b5:f1:95:50:e0:8a:b9:2a:
b8:96:c8:32:61:12:87:ac:e4:f5:10:fb:9c:d9:73:38:f0:8f:
64:3f:c2:15:64:66:95:8f:c7:c4:1c:5b:8d:87:c2:3a:01:1b:
11:b7:d9:8b:0e:55:52:50:05:d8:1a:58:09:fc:d1:03:b1:ec:
9d:48:e8:7f:46:00:33:52:47:de:b5:77:f1:75:d7:87:f0:5d:
3f:0e:5b:07:d6:97:c4:e9:e3:b7:a2:2d:10:33:5b:9e:87:83:
fe:18:5f:9b:40:54:05:c6:85:36:66:1d:fd:de:9c:70:b3:6f:
8d:b0:2e:9e:a5:df:d4:49:a2:bb:8c:06:15:ec:c6:05:fd:82:
02:d4:8e:47:ae:22:54:91:6a:08:70:c8:70:92:6a:60:54:a3:
eb:be:b5:6c:26:5b:f4:ff:c2:3d:35:80:cc:a0:d6:24:a5:36:
36:f9:94:48:31:0c:15:3d:d3:9d:a6:71:af:69:f5:dc:44:5f:
57:9e:34:cf:a4:02:14:51:c7:1f:2f:c4:d8:56:54:c7:5b:f8:
dd:98:44:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtSqjA3u/KRmQdTeNY/XNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjMwMTAxMTIyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQyMWM5ODg2ODM1NGEyOTIwOGJlYWQxZmM0YzliNjYwOTkwYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2M1OgXYiW7WbveJb0J+y1nDDR9g
XgKyG5yNJdISAk5TMgF8sbbuHtbj+mClKobB5jyBw1lL7PmVqIAqzlcrO3fioCgJ
TNivi0d9xEUW7G7F//rc8l16gMb0GIW795b4cI87ZXMuRBEtVVN+l/vrGhhIBscU
5bCTQVe90D4QQiI15qktZCq+atGLQXyGMZ68MSJlB2bbTMq0eIeJrojbhWvQs3U2
X0DS5RPl/ZeKGqPCcXyhvMDO6kcNM2MeQaq1dUodA3F5ldE/xG8n4gYcBcB3hNiv
6pOeFD6seK/hrXs/h2XRBjl3iATumChRQEIabsDihiC3kpUJQ7zizTJ++QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM/SHJiGg1Sikgi+rR/EybZgmQrVMB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEvejlJY21JYURWS0tTQ0w2dEg4VEp0bUNaQ3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4N4AwQC
uZocMA0EAgACMAcDBQMqAgxIMA0GCSqGSIb3DQEBCwUAA4IBAQBUwzeM233cibeF
9mfDoQcyyvbql7NqoeSQlyJNv1es2hBSq+FGUjt4EVyDCDD2tfGVUOCKuSq4lsgy
YRKHrOT1EPuc2XM48I9kP8IVZGaVj8fEHFuNh8I6ARsRt9mLDlVSUAXYGlgJ/NED
seydSOh/RgAzUkfetXfxddeH8F0/DlsH1pfE6eO3oi0QM1ueh4P+GF+bQFQFxoU2
Zh393pxws2+NsC6epd/USaK7jAYV7MYF/YIC1I5HriJUkWoIcMhwkmpgVKPrvrVs
Jlv0/8I9NYDMoNYkpTY2+ZRIMQwVPdOdpnGvafXcRF9XnjTPpAIUUccfL8TYVlTH
W/jdmESd
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:11:19 2025 by rpki-client