Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/gZkaR3cN-PtluUmV1qtp0xLYCa8.roa
File: gZkaR3cN-PtluUmV1qtp0xLYCa8.roa (raw, json)
Hash identifier: RPnEkR3ScqGA0a7hak1mrZqpLByMHo3H0ZlO2IQU+X0=
Subject key identifier: 81:99:1A:47:77:0D:F8:FB:65:B9:49:95:D6:AB:69:D3:12:D8:09:AF
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B583CF75F84D522659A841F025B7FF
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/gZkaR3cN-PtluUmV1qtp0xLYCa8.roa
Signing time: Thu 02 Jan 2025 15:49:54 +0000
ROA not before: Thu 02 Jan 2025 15:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48716
IP address blocks: 94.241.138.0/24 maxlen: 24
94.241.139.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:83:cf:75:f8:4d:52:26:59:a8:41:f0:25:b7:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=81991a47770df8fb65b94995d6ab69d312d809af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:7e:34:f6:4c:3a:e1:c7:96:27:9e:5d:60:4f:
36:2e:90:3a:12:eb:39:cc:6f:05:b5:ed:97:84:5d:
df:40:e1:ce:49:11:b1:fb:d7:7c:ac:77:3e:f8:50:
6c:81:d6:fa:5a:f9:9f:ee:13:85:10:da:e7:04:f2:
93:2c:9e:66:6a:ec:86:0a:cd:88:52:e0:21:de:50:
5d:22:5d:5d:fe:21:4a:fa:8f:5b:4a:43:e8:0a:69:
8b:34:5b:ef:6a:35:16:c6:99:d3:13:62:7a:ab:49:
91:ed:7c:97:73:0c:cf:a1:ab:72:00:51:47:89:c7:
29:70:5d:9a:5c:9c:00:34:a8:ba:3a:c2:68:91:bf:
b4:00:33:38:0e:03:78:27:04:c2:61:1d:8f:a2:69:
e5:2e:fe:41:44:23:95:3a:5b:ae:8b:f7:97:bc:fb:
0a:31:9c:0f:87:75:1d:3b:97:35:21:55:f6:16:a8:
d7:a8:3a:14:93:cf:d1:d8:df:bf:15:30:5d:22:b2:
80:c8:b9:45:c2:3b:ab:b2:8b:27:7c:05:27:bd:a4:
03:cb:18:b5:6d:af:23:f2:8f:22:dd:e1:0a:77:fe:
8d:4f:b8:f2:ea:d0:ce:01:aa:5d:49:e1:b0:f9:57:
54:33:f1:d1:3d:ac:13:0e:bc:f2:5b:e9:2f:ad:31:
21:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:99:1A:47:77:0D:F8:FB:65:B9:49:95:D6:AB:69:D3:12:D8:09:AF
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/gZkaR3cN-PtluUmV1qtp0xLYCa8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.138.0/23
Signature Algorithm: sha256WithRSAEncryption
92:e8:8b:6b:88:e1:89:f2:06:d8:81:ef:c8:e1:89:19:b8:9b:
7f:35:a5:4a:f1:ee:b6:78:16:0d:e8:49:05:2c:01:b4:e7:00:
42:37:5f:18:e3:d6:f5:a6:a7:36:7b:c2:e0:97:25:01:20:5d:
2b:e4:22:31:18:1d:8b:78:00:71:70:34:a5:1d:6e:50:bd:42:
ce:ce:ac:d8:23:66:24:bd:15:ce:19:69:07:1c:a3:15:38:96:
95:39:5c:84:36:7b:e3:fc:5c:4e:63:ac:40:e7:c3:6f:22:75:
d1:ae:e4:e8:a8:73:00:3e:4f:4f:3f:c7:4d:33:4c:2f:58:7a:
61:41:25:d4:ab:99:0e:b8:7a:a3:5e:da:c5:51:cc:d3:23:1e:
e1:a7:a7:09:9e:e9:d9:cb:fa:f9:6b:06:0a:f1:e8:ef:a4:fa:
a0:a7:92:93:df:8b:0d:15:2f:38:3b:ca:bb:f8:d6:a4:c5:0c:
3a:28:d5:79:3f:a1:23:a1:98:1c:06:71:d2:08:9f:58:ff:85:
6e:b6:ea:30:e4:4a:6f:a5:6f:09:fc:ad:7e:29:55:35:77:a1:
22:ac:58:89:65:87:4b:29:fb:38:6c:e4:0c:69:d5:93:bb:8b:
e6:43:5c:94:ea:01:83:3a:16:2d:e4:65:29:aa:9a:01:67:91:
41:41:00:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYPPdfhNUiZZqEHwJbf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTk5MWE0Nzc3MGRmOGZiNjViOTQ5OTVkNmFiNjlkMzEyZDgwOWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH409kw64ceWJ55dYE82LpA6Eus5
zG8Fte2XhF3fQOHOSRGx+9d8rHc++FBsgdb6Wvmf7hOFENrnBPKTLJ5mauyGCs2I
UuAh3lBdIl1d/iFK+o9bSkPoCmmLNFvvajUWxpnTE2J6q0mR7XyXcwzPoatyAFFH
iccpcF2aXJwANKi6OsJokb+0ADM4DgN4JwTCYR2PomnlLv5BRCOVOluui/eXvPsK
MZwPh3UdO5c1IVX2FqjXqDoUk8/R2N+/FTBdIrKAyLlFwjursosnfAUnvaQDyxi1
ba8j8o8i3eEKd/6NT7jy6tDOAapdSeGw+VdUM/HRPawTDrzyW+kvrTEhtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGZGkd3Dfj7ZblJldaradMS2AmvMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZ1prYVIzY04tUHRsdVVtVjFxdHAweExZQ2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGKMA0G
CSqGSIb3DQEBCwUAA4IBAQCS6ItriOGJ8gbYge/I4YkZuJt/NaVK8e62eBYN6EkF
LAG05wBCN18Y49b1pqc2e8LglyUBIF0r5CIxGB2LeABxcDSlHW5QvULOzqzYI2Yk
vRXOGWkHHKMVOJaVOVyENnvj/FxOY6xA58NvInXRruToqHMAPk9PP8dNM0wvWHph
QSXUq5kOuHqjXtrFUczTIx7hp6cJnunZy/r5awYK8ejvpPqgp5KT34sNFS84O8q7
+NakxQw6KNV5P6EjoZgcBnHSCJ9Y/4Vutuow5EpvpW8J/K1+KVU1d6EirFiJZYdL
Kfs4bOQMadWTu4vmQ1yU6gGDOhYt5GUpqpoBZ5FBQQC4
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:58:00 2025 by rpki-client