Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WQk5oio9klrtVcqnQjEjym90Nl0.roa
File: WQk5oio9klrtVcqnQjEjym90Nl0.roa (raw, json)
Hash identifier: jzB/ytA+mssUhykbHIy4SWegXvDBS9WwHx1A9jp1Nhc=
Subject key identifier: 59:09:39:A2:2A:3D:92:5A:ED:55:CA:A7:42:31:23:CA:6F:74:36:5D
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018E9D56A55590C58F69709703453E637CBD
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WQk5oio9klrtVcqnQjEjym90Nl0.roa
Signing time: Tue 02 Apr 2024 05:44:45 +0000
ROA not before: Tue 02 Apr 2024 05:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29066
IP address blocks: 2.56.102.0/24 maxlen: 24
2.56.103.0/24 maxlen: 24
2.59.22.0/24 maxlen: 24
2.59.23.0/24 maxlen: 24
45.9.117.0/24 maxlen: 24
45.9.118.0/24 maxlen: 24
45.9.119.0/24 maxlen: 24
45.9.120.0/24 maxlen: 24
45.152.203.0/24 maxlen: 24
193.39.244.0/24 maxlen: 24
2a0f:4a00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9d:56:a5:55:90:c5:8f:69:70:97:03:45:3e:63:7c:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Apr 2 05:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=590939a22a3d925aed55caa7423123ca6f74365d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:e5:3a:f2:52:1b:d1:f0:80:15:7c:37:9f:32:
c3:87:69:af:02:4f:c3:53:7c:cb:0b:e8:6e:15:b4:
40:43:b8:c7:42:20:84:92:30:ec:1b:3e:89:28:b4:
c7:70:45:4a:64:02:e5:88:30:d8:75:2a:fd:91:32:
88:68:f0:40:4b:e9:aa:5f:d9:b9:b9:0b:da:b4:bf:
21:6b:d2:a8:ae:cf:68:df:fd:9a:68:fe:20:9b:a2:
ff:dd:72:aa:b2:2f:8d:88:31:ee:aa:43:03:8d:f1:
9c:11:ca:77:24:3e:a3:b2:cb:d0:72:ab:36:de:e4:
7f:95:a6:99:02:e9:83:48:9d:9c:23:76:76:5a:c9:
39:75:a7:c5:bb:41:15:a8:2c:4e:c6:0b:41:09:dc:
14:16:ef:68:a7:56:da:c7:5c:93:de:ad:aa:19:93:
85:8b:5e:a5:59:49:16:ba:7a:79:e9:3d:df:da:9a:
93:5b:ad:54:2b:fe:03:c7:32:c8:64:87:e6:13:39:
84:89:70:d6:da:42:dd:36:93:b6:82:23:a5:72:59:
63:8e:29:bb:ab:09:a4:77:93:d8:4d:33:98:42:c7:
7b:95:08:01:b5:11:70:5e:92:20:26:c1:74:87:0f:
af:b0:5b:d4:ff:9b:57:31:2f:63:2c:35:24:67:26:
f4:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:09:39:A2:2A:3D:92:5A:ED:55:CA:A7:42:31:23:CA:6F:74:36:5D
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WQk5oio9klrtVcqnQjEjym90Nl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.102.0/23
2.59.22.0/23
45.9.117.0-45.9.120.255
45.152.203.0/24
193.39.244.0/24
IPv6:
2a0f:4a00::/29
Signature Algorithm: sha256WithRSAEncryption
9d:cf:66:b5:6f:6c:46:2f:f2:12:ac:67:67:17:94:77:6d:47:
f5:2d:1d:55:4c:9e:91:94:55:23:6b:9c:51:65:32:9f:da:eb:
91:da:82:4b:31:b7:c7:63:de:73:f9:a3:69:84:9a:fb:89:e6:
02:cc:af:2c:b8:d3:aa:9a:18:50:a8:7d:87:14:dc:03:dd:76:
a1:eb:d7:71:a5:1a:25:6a:c8:2c:d1:68:7f:3b:21:32:99:9e:
95:2e:1d:37:99:9a:98:31:7d:56:a9:6c:51:a0:8a:4e:d6:22:
86:34:93:7a:f4:b0:27:af:38:8b:fd:6f:a6:53:6e:b7:13:cd:
95:a7:8b:4d:aa:ca:bd:9b:a3:d2:cc:70:b4:91:70:72:e5:49:
35:a5:bf:9a:ba:b7:02:e8:b6:06:8b:c5:11:89:77:2b:02:0e:
48:1e:b7:97:48:4c:11:7c:98:42:cf:a2:1f:63:44:0e:81:b8:
33:f6:f9:9c:e9:d0:1a:6b:3b:3c:b1:75:97:b6:13:a9:e5:91:
20:7f:83:85:5a:b9:82:52:b0:39:0e:64:46:63:c0:a5:a0:a0:
80:93:7f:2f:fc:80:67:73:2e:39:aa:22:df:c1:80:3a:37:09:
5a:7c:83:f4:25:00:73:62:da:a3:ef:2c:51:86:cd:a6:03:42:
69:e2:17:ea
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAY6dVqVVkMWPaXCXA0U+Y3y9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNDAyMDU0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA5MzlhMjJhM2Q5MjVhZWQ1NWNhYTc0MjMxMjNjYTZmNzQzNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeU68lIb0fCAFXw3nzLDh2mvAk/D
U3zLC+huFbRAQ7jHQiCEkjDsGz6JKLTHcEVKZALliDDYdSr9kTKIaPBAS+mqX9m5
uQvatL8ha9Kors9o3/2aaP4gm6L/3XKqsi+NiDHuqkMDjfGcEcp3JD6jssvQcqs2
3uR/laaZAumDSJ2cI3Z2Wsk5dafFu0EVqCxOxgtBCdwUFu9op1bax1yT3q2qGZOF
i16lWUkWunp56T3f2pqTW61UK/4DxzLIZIfmEzmEiXDW2kLdNpO2giOlclljjim7
qwmkd5PYTTOYQsd7lQgBtRFwXpIgJsF0hw+vsFvU/5tXMS9jLDUkZyb0mQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFFkJOaIqPZJa7VXKp0IxI8pvdDZdMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvV1FrNW9pbzlrbHJ0VmNxblFqRWp5bTkwTmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQBAjhmAwQB
AjsWMAwDBAAtCXUDBAAtCXgDBAAtmMsDBADBJ/QwDQQCAAIwBwMFAyoPSgAwDQYJ
KoZIhvcNAQELBQADggEBAJ3PZrVvbEYv8hKsZ2cXlHdtR/UtHVVMnpGUVSNrnFFl
Mp/a65Hagksxt8dj3nP5o2mEmvuJ5gLMryy406qaGFCofYcU3APddqHr13GlGiVq
yCzRaH87ITKZnpUuHTeZmpgxfVapbFGgik7WIoY0k3r0sCevOIv9b6ZTbrcTzZWn
i02qyr2bo9LMcLSRcHLlSTWlv5q6twLotgaLxRGJdysCDkget5dITBF8mELPoh9j
RA6BuDP2+Zzp0BprOzyxdZe2E6nlkSB/g4VauYJSsDkOZEZjwKWgoICTfy/8gGdz
LjmqIt/BgDo3CVp8g/QlAHNi2qPvLFGGzaYDQmniF+o=
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:01:05 2025 by rpki-client