Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nYlhK-lO0LPeA5mpnMvRUB0RXlc.roa
File: nYlhK-lO0LPeA5mpnMvRUB0RXlc.roa (raw, json)
Hash identifier: SCo8cwT4QHWQXarFbai1EduuklSninVAVfBfdM0gkv8=
Subject key identifier: 9D:89:61:2B:E9:4E:D0:B3:DE:03:99:A9:9C:CB:D1:50:1D:11:5E:57
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B588CCF3CF8DA809B8850EA8123CC7
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nYlhK-lO0LPeA5mpnMvRUB0RXlc.roa
Signing time: Thu 02 Jan 2025 15:49:55 +0000
ROA not before: Thu 02 Jan 2025 15:49:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201936
IP address blocks: 94.241.132.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:88:cc:f3:cf:8d:a8:09:b8:85:0e:a8:12:3c:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d89612be94ed0b3de0399a99ccbd1501d115e57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d2:ef:ff:0b:de:02:ae:c2:36:16:71:80:82:
4d:a0:ad:c2:99:23:f1:35:f1:3c:4e:6a:9c:85:97:
ec:5a:94:4b:1c:7a:68:84:ee:6b:67:3d:97:6d:b0:
3c:31:58:c8:95:a6:c4:5f:77:c7:2e:84:33:87:db:
0f:27:f7:b2:65:1e:f4:d9:38:84:3b:8b:73:ff:08:
a7:4f:bf:6e:fa:5e:ad:fd:06:21:f4:1a:89:de:73:
04:83:79:ac:59:1c:40:8f:9f:ff:a8:46:7b:65:d0:
ec:ae:e5:92:9d:ec:7c:88:07:3a:f6:2c:9e:ce:83:
cf:21:7c:f5:7d:9c:42:ea:64:28:10:1b:6d:9c:bc:
97:40:81:d7:fb:f1:b1:fc:ac:55:e5:43:5e:71:11:
34:88:15:1a:9f:f0:06:71:c8:f3:41:6a:e8:45:e3:
8d:a0:e6:56:8c:80:14:e4:23:00:0d:62:71:59:7a:
e7:8a:21:69:9f:d9:da:b6:40:61:84:34:b0:6b:9a:
ca:3b:cb:61:9e:a2:08:e6:a8:5c:ea:d6:10:91:fa:
b9:27:03:ba:11:c6:dd:f6:52:0b:02:a4:aa:9a:e4:
fe:f6:ab:26:c3:3b:05:74:86:5c:da:89:0d:84:37:
13:6e:70:82:1d:6e:d4:f2:a0:cb:f2:5a:f3:67:29:
74:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:89:61:2B:E9:4E:D0:B3:DE:03:99:A9:9C:CB:D1:50:1D:11:5E:57
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nYlhK-lO0LPeA5mpnMvRUB0RXlc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.241.132.0/22
Signature Algorithm: sha256WithRSAEncryption
86:62:fd:b5:d1:62:94:8c:88:82:8c:54:49:4f:11:fc:b1:6d:
34:d2:80:55:5a:ff:ab:8f:a9:59:a8:13:57:ae:e2:5e:9f:06:
33:58:f5:46:45:ba:22:97:42:6c:0e:9b:7e:30:56:88:16:ad:
11:09:77:25:40:90:70:d3:a0:de:ad:66:44:d2:58:a3:bc:2b:
de:84:55:d5:97:5a:34:64:b9:ce:cf:71:eb:59:db:44:df:ac:
06:86:57:66:25:73:53:7b:16:f8:5f:f6:46:67:5c:51:2a:cf:
5c:34:7a:8d:c6:6e:4e:ca:97:d2:6c:a0:90:b4:cc:3b:14:f3:
06:66:14:77:2e:9f:a7:b0:fc:9c:97:b5:f5:7a:bb:38:65:26:
09:e6:ce:f5:01:f0:95:5e:67:77:ac:45:89:f6:65:c2:2e:c7:
cb:88:04:f7:ba:15:b3:ad:b1:5f:82:48:eb:5c:d0:14:91:ac:
44:c7:0f:fc:33:3d:21:74:d8:69:3b:09:61:5f:e7:47:7a:a0:
82:8e:88:91:9e:8e:fe:bc:a8:83:2d:2a:51:2d:93:73:13:ee:
dd:18:fd:54:ec:e4:00:b3:38:e0:28:e1:ce:cc:56:1b:27:7a:
d3:88:5c:20:da:3b:52:eb:79:59:7f:67:69:0b:11:3a:7a:bf:
fe:cb:32:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYjM88+NqAm4hQ6oEjzHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDg5NjEyYmU5NGVkMGIzZGUwMzk5YTk5Y2NiZDE1MDFkMTE1ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9Lv/wveAq7CNhZxgIJNoK3CmSPx
NfE8TmqchZfsWpRLHHpohO5rZz2XbbA8MVjIlabEX3fHLoQzh9sPJ/eyZR702TiE
O4tz/winT79u+l6t/QYh9BqJ3nMEg3msWRxAj5//qEZ7ZdDsruWSnex8iAc69iye
zoPPIXz1fZxC6mQoEBttnLyXQIHX+/Gx/KxV5UNecRE0iBUan/AGccjzQWroReON
oOZWjIAU5CMADWJxWXrniiFpn9natkBhhDSwa5rKO8thnqII5qhc6tYQkfq5JwO6
Ecbd9lILAqSqmuT+9qsmwzsFdIZc2okNhDcTbnCCHW7U8qDL8lrzZyl0CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2JYSvpTtCz3gOZqZzL0VAdEV5XMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbllsaEstbE8wTFBlQTVtcG5NdlJVQjBSWGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvGEMA0G
CSqGSIb3DQEBCwUAA4IBAQCGYv210WKUjIiCjFRJTxH8sW000oBVWv+rj6lZqBNX
ruJenwYzWPVGRboil0JsDpt+MFaIFq0RCXclQJBw06DerWZE0lijvCvehFXVl1o0
ZLnOz3HrWdtE36wGhldmJXNTexb4X/ZGZ1xRKs9cNHqNxm5OypfSbKCQtMw7FPMG
ZhR3Lp+nsPycl7X1ers4ZSYJ5s71AfCVXmd3rEWJ9mXCLsfLiAT3uhWzrbFfgkjr
XNAUkaxExw/8Mz0hdNhpOwlhX+dHeqCCjoiRno7+vKiDLSpRLZNzE+7dGP1U7OQA
szjgKOHOzFYbJ3rTiFwg2jtS63lZf2dpCxE6er/+yzIb
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:40:29 2025 by rpki-client