Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/G1KFKG2jZJg2w7vLVbZPngEnwig.roa
File: G1KFKG2jZJg2w7vLVbZPngEnwig.roa (raw, json)
Hash identifier: T7lh2b1EmxHvg3jdMywkEel4lqPlaSzs5aZJ0tEj7dI=
Subject key identifier: 1B:52:85:28:6D:A3:64:98:36:C3:BB:CB:55:B6:4F:9E:01:27:C2:28
Certificate issuer: /CN=b48184549e12e9934bffb7615bca3d0c25681360
Certificate serial: 019420D5DD935895D6F43B619B9070210BAA
Authority key identifier: B4:81:84:54:9E:12:E9:93:4B:FF:B7:61:5B:CA:3D:0C:25:68:13:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/G1KFKG2jZJg2w7vLVbZPngEnwig.roa
Signing time: Wed 01 Jan 2025 07:47:54 +0000
ROA not before: Wed 01 Jan 2025 07:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5409
IP address blocks: 185.95.80.0/22 maxlen: 22
195.2.160.0/19 maxlen: 19
212.126.192.0/19 maxlen: 19
213.218.0.0/19 maxlen: 19
2001:4180::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:dd:93:58:95:d6:f4:3b:61:9b:90:70:21:0b:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b48184549e12e9934bffb7615bca3d0c25681360
Validity
Not Before: Jan 1 07:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1b5285286da3649836c3bbcb55b64f9e0127c228
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:dc:bd:c5:9f:ca:11:e6:e3:ee:e0:51:de:f2:
86:89:d0:3e:4a:15:5d:c9:87:4f:0c:6e:95:e4:75:
90:11:20:b3:e3:6f:82:9b:26:c4:8a:68:91:b3:63:
f8:bd:38:28:a6:d6:96:3d:9a:54:61:06:dc:38:3c:
c4:52:32:17:2d:e6:74:58:8a:3d:5a:15:1f:6e:d7:
c9:d6:70:72:ed:7a:c2:16:da:80:f1:eb:be:67:8e:
e4:dd:e5:26:b1:cc:71:36:ac:3c:c7:69:00:47:d7:
4b:cc:4c:a0:84:2d:7d:b4:06:78:40:30:dd:95:32:
93:d2:8f:2e:4f:ea:4c:58:08:4f:41:62:6c:30:1a:
03:87:6a:e0:c2:b9:10:68:35:97:4e:44:b2:20:b6:
cb:4d:fc:32:6d:eb:48:3b:30:44:9e:3f:10:81:b4:
48:da:e7:79:62:df:7d:00:b6:e3:25:89:34:97:28:
c8:90:f9:d2:f2:40:e4:8d:ac:24:0c:e7:fe:4e:b6:
fd:25:e2:9b:e8:d9:32:c8:75:31:8e:ac:80:dd:2f:
2b:91:c0:28:06:5a:5f:04:80:4e:89:32:69:83:f0:
ea:e4:f2:f1:55:6a:4b:63:cc:a3:d3:81:37:d4:8a:
3f:c9:92:40:b5:1d:98:59:2f:db:c4:b2:5b:37:2c:
df:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:52:85:28:6D:A3:64:98:36:C3:BB:CB:55:B6:4F:9E:01:27:C2:28
X509v3 Authority Key Identifier:
keyid:B4:81:84:54:9E:12:E9:93:4B:FF:B7:61:5B:CA:3D:0C:25:68:13:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/G1KFKG2jZJg2w7vLVbZPngEnwig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f67177-78d5-4388-a21a-28263656c6de/1/tIGEVJ4S6ZNL_7dhW8o9DCVoE2A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.95.80.0/22
195.2.160.0/19
212.126.192.0/19
213.218.0.0/19
IPv6:
2001:4180::/32
Signature Algorithm: sha256WithRSAEncryption
4d:00:68:a0:ec:4f:5b:fd:a2:cf:3e:b5:f1:bb:82:9e:f6:76:
94:72:ff:4a:97:19:85:78:6e:9f:12:8a:fe:93:61:ec:88:64:
94:2a:e0:86:d1:1d:7f:02:79:76:b8:9b:97:5b:b9:82:61:95:
e2:90:fb:66:ef:af:5e:c9:7f:09:01:94:38:76:ff:9a:57:c2:
92:db:cd:cd:0f:5a:6e:1a:3e:37:5c:74:3e:8e:73:1e:05:49:
67:98:ed:01:e0:1d:86:5d:16:c0:64:6f:f1:1c:47:25:52:11:
cc:a9:0c:08:7b:38:78:d6:97:75:b5:ea:f5:c3:45:63:91:37:
cd:f3:3e:2d:df:cc:1a:07:09:e5:0e:a1:f8:6d:ae:f6:a7:a2:
16:47:0b:d0:ca:9f:f0:c7:38:2b:91:b3:76:78:f5:8a:5e:d5:
c2:e5:da:75:0c:44:6b:8a:f0:62:02:0e:78:fa:a0:96:bb:da:
d2:3c:c2:f0:d8:8d:e9:b6:b7:80:c7:91:5d:66:c5:5d:46:f9:
5f:ec:c5:b7:ca:09:db:cf:93:97:6b:15:da:cc:09:92:f1:e7:
17:68:37:93:96:31:eb:ae:e9:72:8d:88:6c:ef:0b:4e:6a:6e:
c9:a8:21:c6:f9:8c:2c:b8:60:6c:98:3c:35:69:cc:d0:41:39:
e7:c6:20:be
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQg1d2TWJXW9Dthm5BwIQuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODE4NDU0OWUxMmU5OTM0YmZmYjc2MTViY2EzZDBjMjU2
ODEzNjAwHhcNMjUwMTAxMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjUyODUyODZkYTM2NDk4MzZjM2JiY2I1NWI2NGY5ZTAxMjdjMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNy9xZ/KEebj7uBR3vKGidA+ShVd
yYdPDG6V5HWQESCz42+CmybEimiRs2P4vTgoptaWPZpUYQbcODzEUjIXLeZ0WIo9
WhUfbtfJ1nBy7XrCFtqA8eu+Z47k3eUmscxxNqw8x2kAR9dLzEyghC19tAZ4QDDd
lTKT0o8uT+pMWAhPQWJsMBoDh2rgwrkQaDWXTkSyILbLTfwybetIOzBEnj8QgbRI
2ud5Yt99ALbjJYk0lyjIkPnS8kDkjawkDOf+Trb9JeKb6NkyyHUxjqyA3S8rkcAo
BlpfBIBOiTJpg/Dq5PLxVWpLY8yj04E31Io/yZJAtR2YWS/bxLJbNyzfswIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFBtShShto2SYNsO7y1W2T54BJ8IoMB8GA1UdIwQY
MBaAFLSBhFSeEumTS/+3YVvKPQwlaBNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElHRVZKNFM2Wk5MXzdkaFc4bzlEQ1ZvRTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mNjcxNzctNzhkNS00Mzg4LWEyMWEt
MjgyNjM2NTZjNmRlLzEvRzFLRktHMmpaSmcydzd2TFZiWlBuZ0Vud2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mNjcxNzctNzhkNS00Mzg4LWEyMWEtMjgyNjM2NTZjNmRl
LzEvdElHRVZKNFM2Wk5MXzdkaFc4bzlEQ1ZvRTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuV9QAwQF
wwKgAwQF1H7AAwQF1doAMA0EAgACMAcDBQAgAUGAMA0GCSqGSIb3DQEBCwUAA4IB
AQBNAGig7E9b/aLPPrXxu4Ke9naUcv9KlxmFeG6fEor+k2HsiGSUKuCG0R1/Anl2
uJuXW7mCYZXikPtm769eyX8JAZQ4dv+aV8KS283ND1puGj43XHQ+jnMeBUlnmO0B
4B2GXRbAZG/xHEclUhHMqQwIezh41pd1ter1w0VjkTfN8z4t38waBwnlDqH4ba72
p6IWRwvQyp/wxzgrkbN2ePWKXtXC5dp1DERrivBiAg54+qCWu9rSPMLw2I3ptreA
x5FdZsVdRvlf7MW3ygnbz5OXaxXazAmS8ecXaDeTljHrrulyjYhs7wtOam7JqCHG
+YwsuGBsmDw1aczQQTnnxiC+
-----END CERTIFICATE-----
Generated at Tue Apr 22 19:27:32 2025 by rpki-client