Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OTXJlfAO7w3-JiZyXLE0ZTyknAA.roa
File: OTXJlfAO7w3-JiZyXLE0ZTyknAA.roa (raw, json)
Hash identifier: Jma84VUsup3BK9QRlAVgrGSKhWQSUzpX6zky+sVEZKo=
Subject key identifier: 39:35:C9:95:F0:0E:EF:0D:FE:26:26:72:5C:B1:34:65:3C:A4:9C:00
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B58E1D3888BAEA2308A26885BB1029
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OTXJlfAO7w3-JiZyXLE0ZTyknAA.roa
Signing time: Thu 02 Jan 2025 15:49:57 +0000
ROA not before: Thu 02 Jan 2025 15:49:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 400909
IP address blocks: 94.241.162.0/23 maxlen: 23
178.253.26.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:8e:1d:38:88:ba:ea:23:08:a2:68:85:bb:10:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3935c995f00eef0dfe2626725cb134653ca49c00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:68:83:3f:67:d3:c9:45:2c:f5:c3:ff:86:58:
ab:ac:2c:18:6c:28:a1:36:bc:44:a4:f1:ac:34:11:
a8:3c:2c:e7:5e:bd:a7:e9:95:91:0a:af:77:70:b3:
7b:c7:38:77:4d:17:37:e0:ac:62:93:80:bb:a8:6b:
8d:f5:a5:da:d9:53:7a:ab:82:a0:ee:d1:b6:b2:6e:
e2:76:f2:c0:e4:c9:dd:56:69:3c:a1:79:74:fe:37:
8a:a7:09:f8:1d:58:83:93:92:af:ef:0f:4d:5f:19:
b6:99:d5:c4:e0:0d:35:d8:2d:4b:b5:2d:79:10:a1:
06:93:78:16:6d:40:09:e7:6b:86:88:98:2a:8b:43:
ae:fe:d9:ef:26:66:bc:c0:bc:6d:ef:a7:eb:92:83:
01:9b:4e:79:74:8e:51:1b:06:5f:c6:8b:66:c9:ba:
38:8e:9d:61:95:61:64:98:32:06:9c:b3:e8:2f:61:
05:39:6a:80:90:68:ba:4b:bf:9c:05:3e:e8:41:60:
78:23:46:01:e2:be:2b:8a:5c:1d:b2:b0:43:67:18:
08:57:70:9b:1a:e7:40:9c:74:c4:2c:44:c2:60:1e:
bb:52:37:fc:16:e4:62:47:de:41:17:28:81:6c:11:
10:48:c2:24:c1:4f:c9:c4:d4:b9:16:f3:ef:44:fa:
f3:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:35:C9:95:F0:0E:EF:0D:FE:26:26:72:5C:B1:34:65:3C:A4:9C:00
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OTXJlfAO7w3-JiZyXLE0ZTyknAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.162.0/23
178.253.26.0/23
Signature Algorithm: sha256WithRSAEncryption
38:5e:c1:22:2e:cf:5e:9a:3c:b3:1b:f9:86:2b:b3:91:4d:44:
b1:a5:f1:8a:31:59:c8:9f:3d:c8:d1:42:48:00:a3:92:b3:3b:
56:f3:89:ca:34:1a:fb:b7:9c:85:81:27:9d:43:69:94:71:73:
d2:6a:ed:0a:0c:69:8b:00:c3:30:bf:23:05:37:79:ae:ea:ba:
41:7d:f2:82:94:09:ac:5f:3e:91:05:86:9f:11:94:03:f7:b4:
56:e7:33:db:16:1f:aa:ec:22:fc:88:56:2f:e4:84:8d:81:51:
eb:57:8c:99:e7:b0:fa:59:70:66:be:98:c4:2d:2b:96:26:d7:
07:e8:5c:08:ff:30:c1:27:c7:a6:f9:e8:56:a3:91:8d:cf:c9:
c0:91:13:c2:98:9c:9e:95:b8:2c:d9:54:a1:6f:75:42:60:1f:
29:c7:09:bf:31:31:91:92:39:0c:54:0a:c2:99:a3:19:1d:30:
b5:35:e6:1c:81:67:ed:c6:57:01:a9:31:0d:77:28:d2:36:a3:
75:2f:4d:0f:d2:bb:92:7c:80:dc:c8:63:d8:a6:72:04:c5:28:
db:c8:80:17:08:7d:dc:26:a2:69:6b:fe:fc:60:ea:70:31:86:
f6:0f:cf:a1:8c:7a:8a:fc:d7:b6:27:6b:c7:00:67:a8:b5:b7:
1f:f1:5e:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntY4dOIi66iMIomiFuxApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM1Yzk5NWYwMGVlZjBkZmUyNjI2NzI1Y2IxMzQ2NTNjYTQ5YzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2iDP2fTyUUs9cP/hlirrCwYbCih
NrxEpPGsNBGoPCznXr2n6ZWRCq93cLN7xzh3TRc34Kxik4C7qGuN9aXa2VN6q4Kg
7tG2sm7idvLA5MndVmk8oXl0/jeKpwn4HViDk5Kv7w9NXxm2mdXE4A012C1LtS15
EKEGk3gWbUAJ52uGiJgqi0Ou/tnvJma8wLxt76frkoMBm055dI5RGwZfxotmybo4
jp1hlWFkmDIGnLPoL2EFOWqAkGi6S7+cBT7oQWB4I0YB4r4rilwdsrBDZxgIV3Cb
GudAnHTELETCYB67Ujf8FuRiR95BFyiBbBEQSMIkwU/JxNS5FvPvRPrzAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDk1yZXwDu8N/iYmclyxNGU8pJwAMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvT1RYSmxmQU83dzMtSmlaeVhMRTBaVHlrbkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXvGiAwQB
sv0aMA0GCSqGSIb3DQEBCwUAA4IBAQA4XsEiLs9emjyzG/mGK7ORTUSxpfGKMVnI
nz3I0UJIAKOSsztW84nKNBr7t5yFgSedQ2mUcXPSau0KDGmLAMMwvyMFN3mu6rpB
ffKClAmsXz6RBYafEZQD97RW5zPbFh+q7CL8iFYv5ISNgVHrV4yZ57D6WXBmvpjE
LSuWJtcH6FwI/zDBJ8em+ehWo5GNz8nAkRPCmJyelbgs2VShb3VCYB8pxwm/MTGR
kjkMVArCmaMZHTC1NeYcgWftxlcBqTENdyjSNqN1L00P0ruSfIDcyGPYpnIExSjb
yIAXCH3cJqJpa/78YOpwMYb2D8+hjHqK/Ne2J2vHAGeotbcf8V5U
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:50:41 2025 by rpki-client