Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/lareWHjA2lA3LHJiLqweUH2zgG4.roa
File: lareWHjA2lA3LHJiLqweUH2zgG4.roa (raw, json)
Hash identifier: P1m7jGyr6Qc0Npiv0x6iAwioZxwM+7rJGXaC0nXLUUw=
Subject key identifier: 95:AA:DE:58:78:C0:DA:50:37:2C:72:62:2E:AC:1E:50:7D:B3:80:6E
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B5872786578AD04BA8F4FAA6195A40
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/lareWHjA2lA3LHJiLqweUH2zgG4.roa
Signing time: Thu 02 Jan 2025 15:49:55 +0000
ROA not before: Thu 02 Jan 2025 15:49:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60781
IP address blocks: 94.241.164.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:87:27:86:57:8a:d0:4b:a8:f4:fa:a6:19:5a:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95aade5878c0da50372c72622eac1e507db3806e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:40:99:61:bf:d6:15:3f:0c:48:7a:2d:be:65:
84:e1:d2:cd:1b:66:ef:ae:a5:df:d6:0d:00:01:f2:
9f:45:e1:d9:9d:85:f7:20:58:2b:68:5e:ca:94:c8:
e5:78:a8:e1:b5:b7:9e:ab:97:28:34:64:9e:28:50:
d9:d9:0f:75:a1:5a:20:c8:f5:4e:b7:f3:27:4e:07:
94:f0:b5:b1:4c:27:22:50:08:f7:c8:1d:39:49:02:
dc:a5:77:5c:60:10:69:42:99:d4:c4:b1:1d:55:40:
ff:27:ef:6a:68:44:5d:b8:83:e8:96:fb:54:3d:1c:
bb:c7:b2:ba:a9:0e:cc:4f:46:71:5b:7f:d9:36:9b:
f3:59:fd:95:7b:73:35:2c:6e:4b:4d:aa:a7:3e:3e:
07:82:12:44:5e:d6:69:f6:23:79:a3:d8:77:c4:9c:
6a:92:8f:c1:13:cb:c9:41:72:0e:8b:f1:69:59:7a:
65:ba:ca:ac:5f:fd:7c:4f:fb:12:3b:4c:5a:c6:da:
4f:93:dc:ba:f7:05:77:f7:0e:2a:e9:bd:ec:d5:20:
79:a2:93:ab:65:ff:e7:ae:9f:6d:ee:48:92:35:a6:
fb:ce:a1:20:08:d9:9d:54:e7:e1:17:e3:b8:c2:9b:
92:e3:41:9b:04:46:85:a8:34:26:72:30:ba:ac:a9:
eb:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:AA:DE:58:78:C0:DA:50:37:2C:72:62:2E:AC:1E:50:7D:B3:80:6E
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/lareWHjA2lA3LHJiLqweUH2zgG4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.164.0/23
Signature Algorithm: sha256WithRSAEncryption
7b:b3:e0:16:e6:08:28:da:d3:08:be:84:90:24:3c:5f:7c:83:
17:d4:22:9f:c2:c0:7b:90:ea:14:a5:b3:66:47:1b:57:e8:99:
1d:d9:09:6f:98:e4:f9:5f:72:84:dd:b7:ed:d2:aa:54:5f:ac:
15:33:b5:70:e1:f8:28:47:6d:16:a1:66:f2:2e:07:f7:97:8d:
fa:37:24:dc:8d:1e:14:54:e9:c5:ec:59:66:fb:a7:44:b1:b5:
a7:83:50:ba:4f:d2:61:08:74:53:b2:2c:e3:88:65:7d:a4:64:
5b:df:62:c7:5b:86:34:ff:f5:84:b2:17:0c:4f:d0:3b:2e:67:
b3:bb:c0:82:31:ee:b7:5c:aa:06:b0:a2:80:b7:c6:98:14:2d:
2b:f6:ba:0a:6c:92:08:09:ea:82:e3:21:64:2a:81:d2:db:0e:
3c:0e:1a:24:89:e6:a9:4b:78:2b:f5:35:66:db:91:62:1e:25:
85:e4:87:08:7b:be:75:35:d4:94:77:a3:14:88:36:10:de:c5:
b1:17:e0:fa:2a:e2:c9:78:c7:0b:67:1c:1a:59:f3:95:ac:fb:
4e:f2:9c:42:10:5a:4d:13:64:a5:49:70:57:8f:49:32:9a:3a:
c5:dc:0e:97:94:5f:c2:78:79:5f:f3:29:21:bc:05:93:ae:a7:
d8:de:5e:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYcnhleK0Euo9PqmGVpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWFhZGU1ODc4YzBkYTUwMzcyYzcyNjIyZWFjMWU1MDdkYjM4MDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ECZYb/WFT8MSHotvmWE4dLNG2bv
rqXf1g0AAfKfReHZnYX3IFgraF7KlMjleKjhtbeeq5coNGSeKFDZ2Q91oVogyPVO
t/MnTgeU8LWxTCciUAj3yB05SQLcpXdcYBBpQpnUxLEdVUD/J+9qaERduIPolvtU
PRy7x7K6qQ7MT0ZxW3/ZNpvzWf2Ve3M1LG5LTaqnPj4HghJEXtZp9iN5o9h3xJxq
ko/BE8vJQXIOi/FpWXplusqsX/18T/sSO0xaxtpPk9y69wV39w4q6b3s1SB5opOr
Zf/nrp9t7kiSNab7zqEgCNmdVOfhF+O4wpuS40GbBEaFqDQmcjC6rKnrTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWq3lh4wNpQNyxyYi6sHlB9s4BuMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbGFyZVdIakEybEEzTEhKaUxxd2VVSDJ6Z0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGkMA0G
CSqGSIb3DQEBCwUAA4IBAQB7s+AW5ggo2tMIvoSQJDxffIMX1CKfwsB7kOoUpbNm
RxtX6Jkd2QlvmOT5X3KE3bft0qpUX6wVM7Vw4fgoR20WoWbyLgf3l436NyTcjR4U
VOnF7Flm+6dEsbWng1C6T9JhCHRTsizjiGV9pGRb32LHW4Y0//WEshcMT9A7Lmez
u8CCMe63XKoGsKKAt8aYFC0r9roKbJIICeqC4yFkKoHS2w48DhokieapS3gr9TVm
25FiHiWF5IcIe751NdSUd6MUiDYQ3sWxF+D6KuLJeMcLZxwaWfOVrPtO8pxCEFpN
E2SlSXBXj0kymjrF3A6XlF/CeHlf8ykhvAWTrqfY3l5k
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:49:10 2025 by rpki-client