Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/W9LfqLt5JV9C8Tzy-Tq6FwxetLI.roa
File: W9LfqLt5JV9C8Tzy-Tq6FwxetLI.roa (raw, json)
Hash identifier: mWGcJepGVOQvZEJLM+1IJbS6xJ0c8v/8osDYFxX0jGo=
Subject key identifier: 5B:D2:DF:A8:BB:79:25:5F:42:F1:3C:F2:F9:3A:BA:17:0C:5E:B4:B2
Certificate issuer: /CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Certificate serial: 01856DE67380BE5EBEAE8DA72C9E1F97CAFB
Authority key identifier: 65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/W9LfqLt5JV9C8Tzy-Tq6FwxetLI.roa
Signing time: Sun 01 Jan 2023 15:14:57 +0000
ROA not before: Sun 01 Jan 2023 15:14:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51942
IP address blocks: 91.235.174.0/24 maxlen: 24
195.88.202.0/23 maxlen: 23
195.69.225.0/24 maxlen: 24
188.227.204.0/22 maxlen: 22
185.38.103.0/24 maxlen: 24
2a02:7f80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:e6:73:80:be:5e:be:ae:8d:a7:2c:9e:1f:97:ca:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Validity
Not Before: Jan 1 15:14:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5bd2dfa8bb79255f42f13cf2f93aba170c5eb4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:ae:8d:c4:34:99:57:8d:cd:62:93:3b:fa:da:
82:da:ab:b4:1e:c5:b1:60:8f:c5:ca:6a:7f:48:91:
ae:9c:a0:b8:a3:ae:b6:ae:f8:46:11:f1:a5:5c:ee:
0c:7a:a4:3c:74:60:8b:f7:a2:f7:70:5d:38:e2:df:
96:89:00:1a:bc:c1:01:cb:df:75:ca:56:c0:54:1b:
ff:76:11:b6:31:e3:01:ee:b6:77:45:12:3e:97:1c:
18:de:fc:50:72:66:14:39:98:30:2e:e2:c8:b6:6c:
f1:b2:30:92:52:a6:f2:ab:f8:62:8d:4c:2c:7a:ea:
39:92:eb:09:42:d7:69:d0:bd:94:2f:13:72:2e:81:
f5:b8:6e:a5:b8:99:8b:05:2f:96:0a:39:8e:2f:99:
f4:64:c7:0f:47:f8:dc:a9:84:b6:11:da:37:a7:8c:
87:af:85:c2:0d:ce:f8:5b:e8:b0:b9:4b:d7:e4:b5:
6b:8f:5a:a2:88:3f:f3:bc:62:72:82:cc:84:26:18:
a3:42:3a:28:89:95:4e:f9:4a:df:64:6f:d8:10:de:
19:44:47:cd:41:77:ec:75:8d:5a:c9:fc:e5:46:17:
d0:44:0f:ac:dd:e4:04:da:0f:65:a9:5c:e5:bd:86:
c6:e5:a4:0b:5a:28:1e:22:53:7e:54:20:0c:14:7a:
52:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:D2:DF:A8:BB:79:25:5F:42:F1:3C:F2:F9:3A:BA:17:0C:5E:B4:B2
X509v3 Authority Key Identifier:
keyid:65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/W9LfqLt5JV9C8Tzy-Tq6FwxetLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/ZboV1Huk9EgnZEctjZcUah67v4Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.235.174.0/24
185.38.103.0/24
188.227.204.0/22
195.69.225.0/24
195.88.202.0/23
IPv6:
2a02:7f80::/29
Signature Algorithm: sha256WithRSAEncryption
9e:d7:bf:18:28:ec:ea:5a:4f:5e:ee:7b:b7:8e:b5:53:46:e9:
e5:20:d8:40:29:77:b0:79:6e:d0:73:08:99:d5:82:8f:84:44:
4a:d5:df:2d:5f:79:7f:e7:95:b8:a9:9a:cc:36:fa:cf:a2:64:
6c:03:6c:46:4e:28:12:4c:63:df:7d:84:37:aa:91:0d:36:47:
3d:fe:0d:fc:6a:4b:9b:c2:2f:2e:58:ab:3c:f9:71:30:d5:90:
4c:c7:f2:04:8d:3d:46:5a:f0:72:69:b1:0a:53:3c:0d:ac:3e:
3d:4c:1c:35:52:88:98:b4:e9:cb:e4:bf:1e:2f:fe:8a:f1:01:
58:96:5f:15:96:9b:72:83:84:50:90:2a:cc:c2:4b:22:23:f5:
94:4f:99:c8:bb:4e:61:07:7b:45:66:1c:66:17:68:ee:c2:a0:
42:8c:24:2a:b6:70:a9:c1:71:84:88:d3:eb:b9:a6:f8:b6:24:
41:29:b8:a0:4b:f8:73:a3:cd:b8:56:a1:6c:08:7e:52:8f:f8:
d6:ab:bb:2d:7e:58:37:75:13:1b:bb:7f:8f:f7:5e:28:c1:9c:
12:1e:3f:a2:57:f0:aa:9c:e9:3c:b0:bc:30:89:b6:b4:3e:ba:
7e:24:6e:12:81:22:3e:92:43:3f:28:19:08:12:e0:2e:12:84:
66:bb:d9:ee
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVt5nOAvl6+ro2nLJ4fl8r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmExNWQ0N2JhNGY0NDgyNzY0NDcyZDhkOTcxNDZhMWVi
YmJmODYwHhcNMjMwMTAxMTUxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQyZGZhOGJiNzkyNTVmNDJmMTNjZjJmOTNhYmExNzBjNWViNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlK6NxDSZV43NYpM7+tqC2qu0HsWx
YI/Fymp/SJGunKC4o662rvhGEfGlXO4MeqQ8dGCL96L3cF044t+WiQAavMEBy991
ylbAVBv/dhG2MeMB7rZ3RRI+lxwY3vxQcmYUOZgwLuLItmzxsjCSUqbyq/hijUws
euo5kusJQtdp0L2ULxNyLoH1uG6luJmLBS+WCjmOL5n0ZMcPR/jcqYS2Edo3p4yH
r4XCDc74W+iwuUvX5LVrj1qiiD/zvGJygsyEJhijQjooiZVO+UrfZG/YEN4ZREfN
QXfsdY1ayfzlRhfQRA+s3eQE2g9lqVzlvYbG5aQLWigeIlN+VCAMFHpSdQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFFvS36i7eSVfQvE88vk6uhcMXrSyMB8GA1UdIwQY
MBaAFGW6FdR7pPRIJ2RHLY2XFGoeu7+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAt
ZmUzYjkxOGMzMDk3LzEvVzlMZnFMdDVKVjlDOFR6eS1UcTZGd3hldExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAtZmUzYjkxOGMzMDk3
LzEvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW+uuAwQA
uSZnAwQCvOPMAwQAw0XhAwQBw1jKMA0EAgACMAcDBQMqAn+AMA0GCSqGSIb3DQEB
CwUAA4IBAQCe178YKOzqWk9e7nu3jrVTRunlINhAKXeweW7QcwiZ1YKPhERK1d8t
X3l/55W4qZrMNvrPomRsA2xGTigSTGPffYQ3qpENNkc9/g38akubwi8uWKs8+XEw
1ZBMx/IEjT1GWvByabEKUzwNrD49TBw1UoiYtOnL5L8eL/6K8QFYll8Vlptyg4RQ
kCrMwksiI/WUT5nIu05hB3tFZhxmF2juwqBCjCQqtnCpwXGEiNPruab4tiRBKbig
S/hzo824VqFsCH5Sj/jWq7stflg3dRMbu3+P914owZwSHj+iV/CqnOk8sLwwiba0
Prp+JG4SgSI+kkM/KBkIEuAuEoRmu9nu
-----END CERTIFICATE-----
Generated at Tue Apr 22 06:12:11 2025 by rpki-client