Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/qw9Effr1eQsz_CUPU7ixnmDyvHk.roa
File: qw9Effr1eQsz_CUPU7ixnmDyvHk.roa (raw, json)
Hash identifier: 5rGJ4HjPOZ7RXlKKkP3ttZe/Np0GTNKrlHWLVY4a1no=
Subject key identifier: AB:0F:44:7D:FA:F5:79:0B:33:FC:25:0F:53:B8:B1:9E:60:F2:BC:79
Certificate issuer: /CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Certificate serial: 018CC4255EDCB443D49ABE6BC1C68485068E
Authority key identifier: E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/qw9Effr1eQsz_CUPU7ixnmDyvHk.roa
Signing time: Mon 01 Jan 2024 08:30:32 +0000
ROA not before: Mon 01 Jan 2024 08:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49385
IP address blocks: 94.231.220.0/24 maxlen: 24
94.231.221.0/24 maxlen: 24
94.231.222.0/24 maxlen: 24
94.231.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:5e:dc:b4:43:d4:9a:be:6b:c1:c6:84:85:06:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Validity
Not Before: Jan 1 08:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ab0f447dfaf5790b33fc250f53b8b19e60f2bc79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:16:e1:02:44:49:d2:8f:25:2d:52:fa:ff:72:
d0:07:62:05:e0:df:a2:5b:af:cc:e6:fb:94:8b:80:
c1:9b:2e:e5:db:90:01:a5:08:2e:f5:34:10:09:55:
bb:f5:09:de:58:05:13:14:f2:9b:92:79:6c:ac:9e:
d8:91:82:62:1e:cc:38:2b:2d:8e:26:75:db:8a:df:
c8:42:79:43:1f:71:39:ed:e0:b4:4b:2f:5d:1c:a2:
00:af:ff:e5:86:e6:19:29:b8:e7:0b:1c:4e:7e:dd:
ba:4a:65:8e:6d:df:8f:be:50:0e:18:1e:c2:fd:6e:
50:fc:12:25:2a:8b:12:45:a9:a9:1a:e7:a1:90:5b:
55:b8:7d:8e:ac:b4:18:5a:5d:92:bb:04:50:d1:eb:
71:cd:e0:d3:24:6a:e7:d3:87:11:05:79:06:5c:e0:
01:eb:a2:74:9a:b4:0c:ef:30:f5:51:96:33:34:4c:
e0:f2:2b:33:7f:db:4b:cd:32:80:0d:50:c3:f9:81:
f1:d7:25:40:c4:5f:3a:00:d0:c4:8f:2e:17:70:49:
d0:33:30:d7:8b:a8:53:1c:05:20:21:38:9c:e0:80:
a0:00:9a:48:41:1a:72:4c:cd:0f:41:92:34:5b:9e:
ad:85:aa:71:59:99:bf:7b:65:b1:d2:f4:9e:13:ba:
26:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:0F:44:7D:FA:F5:79:0B:33:FC:25:0F:53:B8:B1:9E:60:F2:BC:79
X509v3 Authority Key Identifier:
keyid:E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/qw9Effr1eQsz_CUPU7ixnmDyvHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.231.220.0/22
Signature Algorithm: sha256WithRSAEncryption
95:6e:fb:d4:0b:21:ac:cf:b9:a4:fc:cd:5c:1f:f0:96:e3:74:
a8:53:c0:d6:e7:96:17:8d:fe:5e:15:d9:94:83:4d:f2:5a:2e:
a6:58:69:85:6c:58:79:0b:a5:a0:d9:aa:a6:98:0f:b0:35:90:
31:50:e1:82:05:c3:ea:6a:e8:64:bd:99:3a:04:1c:62:17:e6:
23:26:86:b9:d5:a9:32:90:90:ad:55:c7:5d:8f:b8:1c:4c:7d:
52:9e:a6:fa:20:2d:a2:4b:e7:ac:d8:78:af:67:9a:c8:87:d4:
b2:22:5b:4b:8b:46:37:57:42:0e:91:80:70:0d:b6:0b:83:24:
32:1b:61:9a:bf:58:7f:bf:27:05:c7:24:3a:4c:ca:cd:47:c9:
39:4a:53:9c:99:63:d7:18:fb:d0:01:66:f0:f2:ec:b0:b0:b1:
1b:98:25:1b:af:99:22:28:4c:83:4d:82:c3:56:f3:01:54:49:
44:ca:71:b3:8e:00:ae:48:0c:eb:fa:03:f4:f7:18:94:f9:08:
a3:f4:7e:34:ca:b4:99:ed:ce:3a:d0:07:f7:94:06:c3:dc:4d:
da:e7:6b:ce:c1:b2:27:7d:4a:e4:8a:cc:c5:3e:47:98:81:b2:
24:8f:f7:63:13:41:77:b6:d4:17:04:2e:ec:45:e1:41:74:cf:
e0:fb:19:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV7ctEPUmr5rwcaEhQaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Yzc4ZmExOTkzZDQ1MTJmZTI0MzZiOGNlZGE4YmZjOTI5
ZDY1N2QwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjBmNDQ3ZGZhZjU3OTBiMzNmYzI1MGY1M2I4YjE5ZTYwZjJiYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRbhAkRJ0o8lLVL6/3LQB2IF4N+i
W6/M5vuUi4DBmy7l25ABpQgu9TQQCVW79QneWAUTFPKbknlsrJ7YkYJiHsw4Ky2O
JnXbit/IQnlDH3E57eC0Sy9dHKIAr//lhuYZKbjnCxxOft26SmWObd+PvlAOGB7C
/W5Q/BIlKosSRampGuehkFtVuH2OrLQYWl2SuwRQ0etxzeDTJGrn04cRBXkGXOAB
66J0mrQM7zD1UZYzNEzg8iszf9tLzTKADVDD+YHx1yVAxF86ANDEjy4XcEnQMzDX
i6hTHAUgITic4ICgAJpIQRpyTM0PQZI0W56thapxWZm/e2Wx0vSeE7om0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsPRH369XkLM/wlD1O4sZ5g8rx5MB8GA1UdIwQY
MBaAFOXHj6GZPUUS/iQ2uM7ai/ySnWV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEt
MGM5YWE2Njk2YjQ5LzEvcXc5RWZmcjFlUXN6X0NVUFU3aXhubUR5dkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEtMGM5YWE2Njk2YjQ5
LzEvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXufcMA0G
CSqGSIb3DQEBCwUAA4IBAQCVbvvUCyGsz7mk/M1cH/CW43SoU8DW55YXjf5eFdmU
g03yWi6mWGmFbFh5C6Wg2aqmmA+wNZAxUOGCBcPqauhkvZk6BBxiF+YjJoa51aky
kJCtVcddj7gcTH1Snqb6IC2iS+es2HivZ5rIh9SyIltLi0Y3V0IOkYBwDbYLgyQy
G2Gav1h/vycFxyQ6TMrNR8k5SlOcmWPXGPvQAWbw8uywsLEbmCUbr5kiKEyDTYLD
VvMBVElEynGzjgCuSAzr+gP09xiU+Qij9H40yrSZ7c460Af3lAbD3E3a52vOwbIn
fUrkiszFPkeYgbIkj/djE0F3ttQXBC7sReFBdM/g+xkE
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:56 2025 by rpki-client