Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ITgsWP5JXSgaz92ciyjd7hP3Qsg.roa
File: ITgsWP5JXSgaz92ciyjd7hP3Qsg.roa (raw, json)
Hash identifier: FxpKUYyLFoCStnwdEgMktyt1sKbcpni8MpLa8OJlel4=
Subject key identifier: 21:38:2C:58:FE:49:5D:28:1A:CF:DD:9C:8B:28:DD:EE:13:F7:42:C8
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B584B684800C84CC214D7B34836588
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ITgsWP5JXSgaz92ciyjd7hP3Qsg.roa
Signing time: Thu 02 Jan 2025 15:49:54 +0000
ROA not before: Thu 02 Jan 2025 15:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56630
IP address blocks: 94.241.128.0/22 maxlen: 24
94.241.184.0/22 maxlen: 24
178.253.8.0/22 maxlen: 24
178.253.48.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:84:b6:84:80:0c:84:cc:21:4d:7b:34:83:65:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21382c58fe495d281acfdd9c8b28ddee13f742c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:78:8c:ea:7e:a2:26:a8:03:6c:59:dd:fc:da:
c1:8e:cc:e9:f6:96:be:bf:42:fe:2d:c4:8e:15:37:
b3:6e:5c:21:dc:e9:bb:65:f6:8d:fb:e3:c6:0e:f6:
4d:97:8a:e7:74:ce:28:32:b8:6a:7c:42:b0:e1:19:
b1:ea:c2:07:d0:86:ef:9b:2e:0c:22:61:16:f1:1a:
f8:86:8d:61:6a:65:16:c7:3d:71:9a:7b:8a:1c:77:
f7:c4:69:87:a7:55:76:2c:f1:2c:d8:e9:12:2b:ee:
d0:6a:7c:71:37:1d:0d:44:c2:c0:57:90:dd:b1:94:
ff:b1:7e:c0:4f:e5:d2:d7:78:be:e1:11:5d:b7:53:
5a:64:2d:23:6c:de:1e:ff:36:e3:96:30:ee:4b:7e:
b7:82:fd:d9:f4:66:79:74:e6:84:96:af:22:ec:42:
1d:f0:25:2f:d9:37:09:7e:c8:a8:6f:bd:9f:87:dd:
3e:40:4a:56:82:bd:57:37:b0:2b:07:fa:44:e2:cc:
cd:6e:19:21:93:5c:1b:04:2c:8e:c7:ca:c5:97:85:
5a:7c:91:cd:4f:24:75:17:17:86:59:d3:d4:36:80:
23:2b:45:a0:a4:65:a9:f1:16:d3:be:26:ff:b4:99:
0a:50:4e:12:92:d0:33:1a:a0:a1:cf:7e:d0:85:65:
6c:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:38:2C:58:FE:49:5D:28:1A:CF:DD:9C:8B:28:DD:EE:13:F7:42:C8
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ITgsWP5JXSgaz92ciyjd7hP3Qsg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.128.0/22
94.241.184.0/22
178.253.8.0/22
178.253.48.0/22
Signature Algorithm: sha256WithRSAEncryption
56:8b:ad:e4:6d:0a:97:69:06:81:c0:e9:57:30:4d:cb:d5:8e:
a6:5d:df:3d:fc:31:f1:4c:1c:0d:76:aa:66:2b:a0:8e:4f:1e:
3b:e9:95:80:0d:34:a1:eb:91:4b:e3:95:23:a1:36:28:dd:8a:
41:61:d4:c9:b6:47:ec:8d:33:a1:f2:90:22:cb:08:63:36:e6:
f9:de:3b:51:3b:4d:94:ee:da:12:f4:dc:96:b8:f9:5e:e4:76:
8f:07:52:a6:6c:a2:41:52:5e:13:4d:b6:2e:02:d4:e1:d1:29:
85:2f:13:35:8c:ea:df:9e:e8:42:24:a0:d1:19:56:b3:ae:20:
a6:fb:29:cf:c2:6f:e3:d3:42:10:ff:3b:bd:c7:04:f3:07:dd:
5a:03:9a:03:69:8b:de:d5:18:95:bd:b2:56:e7:f7:80:dd:e7:
54:f2:18:64:3b:73:e6:95:cc:ae:ab:8e:b5:e3:8c:92:d8:e4:
38:1e:0d:a1:dd:e9:cd:59:8d:5f:e5:cd:26:d2:15:df:03:16:
f7:28:3e:69:46:55:f2:c3:fd:50:dd:5b:9f:00:1a:37:5d:52:
da:98:dc:69:ab:bc:fa:a1:7e:c8:7e:18:9b:23:10:32:d5:60:
34:f3:30:60:0c:62:ac:56:92:26:63:95:ac:ff:fe:a4:21:ed:
ef:d1:32:77
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQntYS2hIAMhMwhTXs0g2WIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTM4MmM1OGZlNDk1ZDI4MWFjZmRkOWM4YjI4ZGRlZTEzZjc0MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XiM6n6iJqgDbFnd/NrBjszp9pa+
v0L+LcSOFTezblwh3Om7ZfaN++PGDvZNl4rndM4oMrhqfEKw4Rmx6sIH0Ibvmy4M
ImEW8Rr4ho1hamUWxz1xmnuKHHf3xGmHp1V2LPEs2OkSK+7QanxxNx0NRMLAV5Dd
sZT/sX7AT+XS13i+4RFdt1NaZC0jbN4e/zbjljDuS363gv3Z9GZ5dOaElq8i7EId
8CUv2TcJfsiob72fh90+QEpWgr1XN7ArB/pE4szNbhkhk1wbBCyOx8rFl4VafJHN
TyR1FxeGWdPUNoAjK0WgpGWp8RbTvib/tJkKUE4SktAzGqChz37QhWVsSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCE4LFj+SV0oGs/dnIso3e4T90LIMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvSVRnc1dQNUpYU2dhejkyY2l5amQ3aFAzUXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCXvGAAwQC
XvG4AwQCsv0IAwQCsv0wMA0GCSqGSIb3DQEBCwUAA4IBAQBWi63kbQqXaQaBwOlX
ME3L1Y6mXd89/DHxTBwNdqpmK6COTx476ZWADTSh65FL45UjoTYo3YpBYdTJtkfs
jTOh8pAiywhjNub53jtRO02U7toS9NyWuPle5HaPB1KmbKJBUl4TTbYuAtTh0SmF
LxM1jOrfnuhCJKDRGVazriCm+ynPwm/j00IQ/zu9xwTzB91aA5oDaYve1RiVvbJW
5/eA3edU8hhkO3Pmlcyuq46144yS2OQ4Hg2h3enNWY1f5c0m0hXfAxb3KD5pRlXy
w/1Q3VufABo3XVLamNxpq7z6oX7IfhibIxAy1WA08zBgDGKsVpImY5Ws//6kIe3v
0TJ3
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:58:12 2025 by rpki-client