Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-T3syvN586TJdP5zhzVjckeru8M.roa
File: 1-T3syvN586TJdP5zhzVjckeru8M.roa (raw, json)
Hash identifier: FL3B6F6TjvA0TqxkWsxu1CkIiZXDw+hFpAfpwNm5JxQ=
Subject key identifier: F9:3D:EC:CA:F3:79:F3:A4:C9:74:FE:73:87:35:63:72:47:AB:BB:C3
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B5861831F89000F38628ECBA570357
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-T3syvN586TJdP5zhzVjckeru8M.roa
Signing time: Thu 02 Jan 2025 15:49:55 +0000
ROA not before: Thu 02 Jan 2025 15:49:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 94.241.172.0/24 maxlen: 24
94.241.173.0/24 maxlen: 24
94.241.174.0/24 maxlen: 24
94.241.175.0/24 maxlen: 24
178.253.22.0/24 maxlen: 24
178.253.23.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:86:18:31:f8:90:00:f3:86:28:ec:ba:57:03:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f93deccaf379f3a4c974fe738735637247abbbc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:61:2b:7c:aa:36:6c:c2:2f:12:d4:83:60:c8:
1f:8f:84:93:a8:a3:8e:c1:0c:4e:f1:12:b9:dd:21:
f0:b8:17:6f:a7:34:32:5a:58:d5:ee:5b:da:af:cd:
b7:03:bf:86:fd:70:2a:d4:fe:5a:82:13:65:a6:0b:
c5:21:32:05:61:56:29:bf:89:f4:57:65:d3:3d:99:
93:91:bb:3a:86:75:b0:fd:e4:98:36:85:9b:97:ad:
33:2d:a6:1c:3f:4f:83:72:c7:ef:e0:82:c0:59:8c:
f2:5e:fa:c1:74:22:86:36:c7:fe:e3:49:c0:57:44:
6b:c5:a0:33:8c:60:e0:19:fa:6d:46:c7:c8:11:90:
c0:dc:c5:05:02:fe:d6:d0:5d:5f:0b:ff:ae:cb:fa:
9e:16:8d:70:fd:71:59:65:da:b8:18:d9:32:89:b0:
41:5e:a3:29:9c:a9:68:d8:91:13:b9:24:8c:2a:42:
91:93:ae:03:c9:f4:f5:3a:aa:12:d6:46:55:ec:61:
a4:5b:31:3f:c0:fd:b3:5a:27:f3:3f:8a:32:e3:b4:
76:25:8b:83:70:7e:db:f7:02:b7:20:7d:1b:75:f3:
bd:0e:ac:07:13:23:82:0e:6e:9a:b3:59:ae:b6:d0:
6f:72:92:11:a3:5f:2e:0e:48:70:a9:08:4c:32:57:
15:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:3D:EC:CA:F3:79:F3:A4:C9:74:FE:73:87:35:63:72:47:AB:BB:C3
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1-T3syvN586TJdP5zhzVjckeru8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.172.0/22
178.253.22.0/23
Signature Algorithm: sha256WithRSAEncryption
61:72:17:15:ff:8b:95:2a:1a:88:f6:16:ee:9b:ac:69:f3:7a:
3c:f1:09:91:24:ab:2d:9f:53:1c:9e:2c:50:9b:91:0f:94:67:
76:49:23:8e:b6:f3:9a:41:44:9b:f3:37:3c:72:85:58:09:2f:
67:1b:0d:a1:73:28:05:45:40:44:10:97:e4:dd:60:75:88:c3:
fa:4d:9d:40:52:4a:f2:b6:9f:14:31:bc:50:e2:a7:2f:94:cd:
58:eb:11:f0:d3:e1:89:4e:9f:5d:d0:8e:86:c8:f3:1b:91:02:
98:89:66:4b:87:ee:02:6c:32:c6:30:0e:d6:7f:e8:b2:f0:d7:
fd:9c:d1:2c:62:92:5c:9e:bd:88:e8:97:fe:1d:37:39:30:42:
21:9a:b1:0d:12:71:10:c9:c5:f1:84:e9:c5:c8:cf:c8:db:6e:
f1:0d:f7:dd:75:aa:e3:3f:51:7f:70:fe:ee:9c:fd:74:65:bc:
d2:5c:a5:07:62:09:6b:62:e6:15:16:f8:a8:09:2e:8b:af:1b:
d5:05:f1:17:7b:db:e4:4d:8c:dd:6c:60:14:d2:36:d8:0c:91:
dc:52:d9:38:0e:23:74:4f:fc:bf:6f:e6:16:ed:a1:51:36:4a:
d8:e8:58:c0:43:e2:8b:b3:fe:db:c4:5c:c4:3b:ef:ee:68:06:
ac:87:b8:f5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQntYYYMfiQAPOGKOy6VwNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTNkZWNjYWYzNzlmM2E0Yzk3NGZlNzM4NzM1NjM3MjQ3YWJiYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WErfKo2bMIvEtSDYMgfj4STqKOO
wQxO8RK53SHwuBdvpzQyWljV7lvar823A7+G/XAq1P5aghNlpgvFITIFYVYpv4n0
V2XTPZmTkbs6hnWw/eSYNoWbl60zLaYcP0+Dcsfv4ILAWYzyXvrBdCKGNsf+40nA
V0RrxaAzjGDgGfptRsfIEZDA3MUFAv7W0F1fC/+uy/qeFo1w/XFZZdq4GNkyibBB
XqMpnKlo2JETuSSMKkKRk64DyfT1OqoS1kZV7GGkWzE/wP2zWifzP4oy47R2JYuD
cH7b9wK3IH0bdfO9DqwHEyOCDm6as1muttBvcpIRo18uDkhwqQhMMlcV0wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPk97MrzefOkyXT+c4c1Y3JHq7vDMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvMS1UM3N5dk41ODZUSmRQNXpoelZqY2tlcnU4TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQz
NC8xL3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAl7xrAME
AbL9FjANBgkqhkiG9w0BAQsFAAOCAQEAYXIXFf+LlSoaiPYW7pusafN6PPEJkSSr
LZ9THJ4sUJuRD5RndkkjjrbzmkFEm/M3PHKFWAkvZxsNoXMoBUVARBCX5N1gdYjD
+k2dQFJK8rafFDG8UOKnL5TNWOsR8NPhiU6fXdCOhsjzG5ECmIlmS4fuAmwyxjAO
1n/osvDX/ZzRLGKSXJ69iOiX/h03OTBCIZqxDRJxEMnF8YTpxcjPyNtu8Q333XWq
4z9Rf3D+7pz9dGW80lylB2IJa2LmFRb4qAkui68b1QXxF3vb5E2M3WxgFNI22AyR
3FLZOA4jdE/8v2/mFu2hUTZK2OhYwEPii7P+28RcxDvv7mgGrIe49Q==
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:51:18 2025 by rpki-client