Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/WQkANMF496No7xZOOP1MDgE25KU.roa
File: WQkANMF496No7xZOOP1MDgE25KU.roa (raw, json)
Hash identifier: 5ewHK/hMdLWBJdb/Dxf/vk6Nt2B0pduoWEAm6Z+rlNk=
Subject key identifier: 59:09:00:34:C1:78:F7:A3:68:EF:16:4E:38:FD:4C:0E:01:36:E4:A5
Certificate issuer: /CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Certificate serial: 0194258FC92C91DFEBDFC36B8261171073C5
Authority key identifier: 65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/WQkANMF496No7xZOOP1MDgE25KU.roa
Signing time: Thu 02 Jan 2025 05:49:27 +0000
ROA not before: Thu 02 Jan 2025 05:49:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51942
IP address blocks: 91.235.174.0/24 maxlen: 24
185.38.103.0/24 maxlen: 24
188.227.204.0/22 maxlen: 22
195.69.225.0/24 maxlen: 24
195.88.202.0/23 maxlen: 23
2a02:7f80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:c9:2c:91:df:eb:df:c3:6b:82:61:17:10:73:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65ba15d47ba4f4482764472d8d97146a1ebbbf86
Validity
Not Before: Jan 2 05:49:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=59090034c178f7a368ef164e38fd4c0e0136e4a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4a:bd:db:41:d5:28:3f:63:d8:b0:7d:bd:46:
49:e4:02:f5:17:44:82:4c:0b:3a:2c:6c:f7:06:0f:
4f:3b:e6:80:0a:e4:bf:df:47:85:b7:65:86:3b:06:
e0:3f:68:a8:25:ce:67:25:b5:f1:2d:5f:13:59:10:
f6:08:5b:12:88:11:62:53:90:33:fb:1c:1c:1b:a3:
98:4a:a2:8f:3a:3a:65:f5:15:9b:66:f0:bf:3f:36:
14:5d:23:0d:4f:21:82:44:66:4b:21:14:27:5c:af:
3a:0a:b5:2e:d2:5b:38:b9:21:52:5d:9c:a2:53:b2:
12:3b:f4:44:f1:eb:6f:e7:39:25:5d:d3:da:e2:85:
79:b4:f8:40:ee:fa:94:76:29:f8:4e:a6:f5:7a:fb:
1a:c3:1f:69:eb:cd:0a:b6:64:ad:95:d5:c3:a9:25:
54:b5:08:08:c2:25:de:47:a8:4c:21:e6:71:b1:a3:
eb:97:06:17:73:6a:1a:e8:9b:13:71:49:65:8c:21:
44:27:cd:5b:a1:84:ff:dd:cf:3e:62:8b:a9:34:ba:
0c:b9:ce:e3:03:01:38:e1:c7:57:26:22:87:fe:07:
ab:8a:aa:38:42:27:d3:fe:be:ab:25:a6:41:e9:3c:
2b:46:a9:f9:7d:9e:2d:5b:75:f1:ee:f7:65:eb:c6:
bd:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:09:00:34:C1:78:F7:A3:68:EF:16:4E:38:FD:4C:0E:01:36:E4:A5
X509v3 Authority Key Identifier:
keyid:65:BA:15:D4:7B:A4:F4:48:27:64:47:2D:8D:97:14:6A:1E:BB:BF:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZboV1Huk9EgnZEctjZcUah67v4Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/WQkANMF496No7xZOOP1MDgE25KU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3090dc-7d28-4228-8380-fe3b918c3097/1/ZboV1Huk9EgnZEctjZcUah67v4Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.235.174.0/24
185.38.103.0/24
188.227.204.0/22
195.69.225.0/24
195.88.202.0/23
IPv6:
2a02:7f80::/29
Signature Algorithm: sha256WithRSAEncryption
9b:be:cd:11:cb:b6:53:6e:0a:cb:a3:53:b7:91:11:dd:b7:c6:
08:b7:e2:01:cf:22:85:a1:c9:d3:da:f4:ae:63:a0:9e:b5:a6:
b5:02:89:a3:6a:4a:8d:39:9f:5e:10:33:9f:ec:f9:c6:d2:0c:
a9:7c:62:1f:7a:cf:06:b7:22:98:e9:59:c9:07:7e:65:56:28:
83:67:f9:c7:48:0f:14:bf:b3:02:ef:e0:e7:b5:86:ee:d2:91:
44:a9:99:3a:17:fe:b8:f7:1c:c2:72:5c:43:2d:fb:8f:7a:93:
7a:bd:f8:d7:0c:2c:93:84:ac:57:98:1d:9c:a4:6d:ac:7e:93:
76:c6:84:02:22:65:13:66:12:25:a5:49:1c:25:87:64:bc:de:
3e:8b:22:aa:62:16:80:c5:7f:e2:c0:69:2a:d8:e9:8f:ec:cd:
14:dd:4c:e1:fe:58:28:32:bb:37:ca:02:89:a3:e5:a5:7a:0d:
c5:75:e8:b1:35:e9:61:db:45:1f:55:e8:3e:1d:25:14:82:0e:
85:2b:e0:23:35:ca:28:6f:36:0c:87:a6:90:41:08:03:57:4c:
f2:e1:79:16:ce:ff:b1:99:41:ec:7d:57:65:18:08:4e:67:65:
7e:c7:04:76:16:98:20:1a:99:d2:4d:b3:a5:47:3b:26:df:64:
18:c2:ab:49
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQlj8kskd/r38NrgmEXEHPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmExNWQ0N2JhNGY0NDgyNzY0NDcyZDhkOTcxNDZhMWVi
YmJmODYwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA5MDAzNGMxNzhmN2EzNjhlZjE2NGUzOGZkNGMwZTAxMzZlNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0q920HVKD9j2LB9vUZJ5AL1F0SC
TAs6LGz3Bg9PO+aACuS/30eFt2WGOwbgP2ioJc5nJbXxLV8TWRD2CFsSiBFiU5Az
+xwcG6OYSqKPOjpl9RWbZvC/PzYUXSMNTyGCRGZLIRQnXK86CrUu0ls4uSFSXZyi
U7ISO/RE8etv5zklXdPa4oV5tPhA7vqUdin4Tqb1evsawx9p680KtmStldXDqSVU
tQgIwiXeR6hMIeZxsaPrlwYXc2oa6JsTcUlljCFEJ81boYT/3c8+YoupNLoMuc7j
AwE44cdXJiKH/geriqo4QifT/r6rJaZB6TwrRqn5fZ4tW3Xx7vdl68a9BQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFFkJADTBePejaO8WTjj9TA4BNuSlMB8GA1UdIwQY
MBaAFGW6FdR7pPRIJ2RHLY2XFGoeu7+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAt
ZmUzYjkxOGMzMDk3LzEvV1FrQU5NRjQ5Nk5vN3haT09QMU1EZ0UyNUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zMDkwZGMtN2QyOC00MjI4LTgzODAtZmUzYjkxOGMzMDk3
LzEvWmJvVjFIdWs5RWduWkVjdGpaY1VhaDY3djRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW+uuAwQA
uSZnAwQCvOPMAwQAw0XhAwQBw1jKMA0EAgACMAcDBQMqAn+AMA0GCSqGSIb3DQEB
CwUAA4IBAQCbvs0Ry7ZTbgrLo1O3kRHdt8YIt+IBzyKFocnT2vSuY6Cetaa1Aomj
akqNOZ9eEDOf7PnG0gypfGIfes8GtyKY6VnJB35lViiDZ/nHSA8Uv7MC7+DntYbu
0pFEqZk6F/649xzCclxDLfuPepN6vfjXDCyThKxXmB2cpG2sfpN2xoQCImUTZhIl
pUkcJYdkvN4+iyKqYhaAxX/iwGkq2OmP7M0U3Uzh/lgoMrs3ygKJo+Wleg3Fdeix
Nelh20UfVeg+HSUUgg6FK+AjNcoobzYMh6aQQQgDV0zy4XkWzv+xmUHsfVdlGAhO
Z2V+xwR2FpggGpnSTbOlRzsm32QYwqtJ
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:17:49 2025 by rpki-client