Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/wAW5f7Zexg_FNZkc-tPyGK_J5sQ.roa
File: wAW5f7Zexg_FNZkc-tPyGK_J5sQ.roa (raw, json)
Hash identifier: YxUcaY/TnSzm2UP/6WN8rFReqSIAWYV8LK21arvEXFI=
Subject key identifier: C0:05:B9:7F:B6:5E:C6:0F:C5:35:99:1C:FA:D3:F2:18:AF:C9:E6:C4
Certificate issuer: /CN=e94978779e930e01fbfe7e0c5fcb41611129d4e8
Certificate serial: 0C99C567
Authority key identifier: E9:49:78:77:9E:93:0E:01:FB:FE:7E:0C:5F:CB:41:61:11:29:D4:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6Ul4d56TDgH7_n4MX8tBYREp1Og.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/wAW5f7Zexg_FNZkc-tPyGK_J5sQ.roa
Signing time: Sun 13 Mar 2022 10:49:22 +0000
ROA not before: Sun 13 Mar 2022 10:49:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49801
IP address blocks: 87.247.172.0/23 maxlen: 23
87.247.168.0/21 maxlen: 21
87.247.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 211404135 (0xc99c567)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e94978779e930e01fbfe7e0c5fcb41611129d4e8
Validity
Not Before: Mar 13 10:49:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c005b97fb65ec60fc535991cfad3f218afc9e6c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:3c:71:d5:c6:a1:7d:82:60:72:c6:aa:1b:6c:
bb:17:b6:35:ae:0b:11:d0:b8:6e:2d:bd:35:f9:2c:
40:4f:81:73:28:a8:71:9f:9b:2a:4b:50:05:68:d8:
85:3f:a7:02:32:56:e0:e0:36:d7:bc:44:e1:38:ef:
a7:97:65:42:ef:93:4a:e7:c0:40:89:7f:3f:9a:f0:
ce:ca:26:ae:0c:ce:e8:c5:cf:58:d5:f0:23:2f:fa:
95:0f:e0:03:ac:ca:b2:34:ce:a1:dc:8a:66:5f:e4:
ab:0a:89:a9:c4:1a:4d:85:80:77:4b:38:35:34:15:
51:0f:89:ca:86:4d:89:a7:63:55:26:23:fc:28:3c:
60:d1:21:bc:4d:6a:ac:ed:20:52:56:ba:df:66:0e:
5a:4a:d6:f4:1b:b0:60:75:e6:cc:17:11:b7:c3:30:
38:8b:4b:40:94:35:52:5d:aa:5d:07:91:da:ec:f8:
30:c2:3c:b6:41:09:56:cd:0c:3b:45:63:27:f4:32:
cb:f3:44:d9:01:fc:4d:62:69:73:96:ef:f2:ca:5f:
7c:66:2c:3c:fb:39:bc:3c:9a:9f:af:36:69:8a:09:
5f:d4:40:ae:dd:29:ad:00:c8:25:6e:b6:22:2d:63:
92:20:86:87:e5:97:72:ac:d9:21:97:f1:59:0b:50:
2a:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:05:B9:7F:B6:5E:C6:0F:C5:35:99:1C:FA:D3:F2:18:AF:C9:E6:C4
X509v3 Authority Key Identifier:
keyid:E9:49:78:77:9E:93:0E:01:FB:FE:7E:0C:5F:CB:41:61:11:29:D4:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Ul4d56TDgH7_n4MX8tBYREp1Og.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/wAW5f7Zexg_FNZkc-tPyGK_J5sQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/78db29-e46d-41f4-87c7-95c42e4a84c0/1/6Ul4d56TDgH7_n4MX8tBYREp1Og.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.168.0/21
Signature Algorithm: sha256WithRSAEncryption
89:d3:58:3c:7f:b3:90:69:a8:23:03:27:d5:2a:c0:da:9a:e8:
4b:e4:90:33:14:ef:e8:2c:f9:bb:45:1c:76:0c:7d:ab:12:a3:
44:43:4b:a2:21:dd:a0:a1:d0:0e:f5:9c:cc:7d:6a:3f:af:51:
5f:da:81:69:d3:5d:86:fd:d4:77:10:20:62:81:3d:ce:05:92:
da:75:82:eb:aa:3b:3a:c9:67:a8:c0:f8:93:fb:f7:04:2e:2a:
61:28:0a:4d:38:da:22:4a:61:fe:53:be:13:d6:90:5a:9f:56:
63:eb:a4:ff:a4:89:23:be:4a:80:80:eb:2c:67:af:77:07:08:
ff:14:35:c5:58:7d:54:54:a4:38:05:7a:81:33:b4:ba:d5:fd:
9e:18:ba:57:cd:7d:9d:48:c4:8f:04:cd:6e:ed:6b:91:d7:63:
0c:52:d1:7d:25:c1:36:d0:f6:b6:c5:5a:7e:b0:6c:fc:e9:29:
9f:b8:2a:db:d3:4f:14:25:d7:57:2f:d7:d3:8b:93:a4:46:e6:
25:2f:91:94:3b:ad:b5:2d:05:0d:91:69:bf:2c:14:1a:18:86:
04:bc:ce:87:75:50:94:d6:0b:20:d0:f5:2e:6d:c3:59:84:a2:
87:28:aa:81:d0:a3:27:f5:2b:0b:5c:ec:ef:bb:95:67:9c:3f:
e4:da:72:52
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDJnFZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
OTQ5Nzg3NzllOTMwZTAxZmJmZTdlMGM1ZmNiNDE2MTExMjlkNGU4MB4XDTIyMDMx
MzEwNDkyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzAwNWI5N2ZiNjVl
YzYwZmM1MzU5OTFjZmFkM2YyMThhZmM5ZTZjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ08cdXGoX2CYHLGqhtsuxe2Na4LEdC4bi29NfksQE+Bcyio
cZ+bKktQBWjYhT+nAjJW4OA217xE4Tjvp5dlQu+TSufAQIl/P5rwzsomrgzO6MXP
WNXwIy/6lQ/gA6zKsjTOodyKZl/kqwqJqcQaTYWAd0s4NTQVUQ+JyoZNiadjVSYj
/Cg8YNEhvE1qrO0gUla632YOWkrW9BuwYHXmzBcRt8MwOItLQJQ1Ul2qXQeR2uz4
MMI8tkEJVs0MO0VjJ/Qyy/NE2QH8TWJpc5bv8spffGYsPPs5vDyan682aYoJX9RA
rt0prQDIJW62Ii1jkiCGh+WXcqzZIZfxWQtQKqUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTABbl/tl7GD8U1mRz60/IYr8nmxDAfBgNVHSMEGDAWgBTpSXh3npMOAfv+
fgxfy0FhESnU6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZVbDRkNTZURGdIN19uNE1YOHRCWVJFcDFPZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNzhkYjI5LWU0NmQtNDFmNC04N2M3LTk1YzQyZTRhODRjMC8x
L3dBVzVmN1pleGdfRk5aa2MtdFB5R0tfSjVzUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NzhkYjI5LWU0NmQtNDFmNC04N2M3LTk1YzQyZTRhODRjMC8xLzZVbDRkNTZURGdI
N19uNE1YOHRCWVJFcDFPZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1f3qDANBgkqhkiG9w0BAQsFAAOC
AQEAidNYPH+zkGmoIwMn1SrA2proS+SQMxTv6Cz5u0Ucdgx9qxKjRENLoiHdoKHQ
DvWczH1qP69RX9qBadNdhv3UdxAgYoE9zgWS2nWC66o7OslnqMD4k/v3BC4qYSgK
TTjaIkph/lO+E9aQWp9WY+uk/6SJI75KgIDrLGevdwcI/xQ1xVh9VFSkOAV6gTO0
utX9nhi6V819nUjEjwTNbu1rkddjDFLRfSXBNtD2tsVafrBs/Okpn7gq29NPFCXX
Vy/X04uTpEbmJS+RlDuttS0FDZFpvywUGhiGBLzOh3VQlNYLIND1Lm3DWYSihyiq
gdCjJ/UrC1zs77uVZ5w/5NpyUg==
-----END CERTIFICATE-----
Generated at Sun Apr 13 02:56:30 2025 by rpki-client