Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/EMwLAQOUEZDIgMxgnzb2ePQH424.roa
File: EMwLAQOUEZDIgMxgnzb2ePQH424.roa (raw, json)
Hash identifier: lLAnQtNeCY24D1LUe0p+bgtjiV7qqf+RLfbJeD2Bsj0=
Subject key identifier: 10:CC:0B:01:03:94:11:90:C8:80:CC:60:9F:36:F6:78:F4:07:E3:6E
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 019423D75F7C336CCBA53BD62A120A02AA0E
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/EMwLAQOUEZDIgMxgnzb2ePQH424.roa
Signing time: Wed 01 Jan 2025 21:48:24 +0000
ROA not before: Wed 01 Jan 2025 21:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39378
IP address blocks: 94.247.44.0/24 maxlen: 24
185.90.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:5f:7c:33:6c:cb:a5:3b:d6:2a:12:0a:02:aa:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Jan 1 21:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=10cc0b0103941190c880cc609f36f678f407e36e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:8a:85:f3:02:23:5a:1a:49:1e:33:26:07:c7:
5d:aa:72:9a:b6:a9:16:b7:12:e3:85:5b:34:8b:3c:
39:6f:b1:00:88:d6:29:7b:60:0c:45:44:aa:60:3d:
eb:c0:68:44:ae:81:10:b6:06:18:66:d5:d3:43:0c:
5f:65:50:f6:ae:4d:87:7c:f5:97:c9:11:a4:c8:58:
e1:ad:90:4d:9a:8c:f1:e9:95:e7:24:d2:32:46:ec:
7c:66:d7:70:09:60:95:b1:91:60:d6:bb:98:09:a5:
a5:e8:29:e7:3b:01:fe:68:cf:e9:0d:1e:ed:59:b4:
7c:f6:7d:3d:da:1f:ce:3c:4e:cf:21:97:14:18:4b:
78:73:a5:31:3c:7e:91:f4:2c:68:1c:5d:3a:a3:be:
44:6f:f7:6b:e6:9c:c6:0d:c3:18:48:22:08:e8:46:
8e:59:7b:e6:2a:56:66:a8:c1:37:0f:df:cc:56:e6:
00:bb:a7:66:92:bb:6e:f4:8a:f0:1c:0f:64:98:c7:
ff:d7:2c:b1:5e:5f:31:31:8d:2f:26:ac:41:d0:6f:
8e:56:82:65:17:30:95:a0:43:4f:89:4a:af:4d:20:
de:16:e8:00:19:5f:4f:ea:95:55:08:83:41:2e:e7:
5d:6d:4c:a8:eb:f1:eb:da:c6:74:0c:9b:73:d8:d0:
70:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:CC:0B:01:03:94:11:90:C8:80:CC:60:9F:36:F6:78:F4:07:E3:6E
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/EMwLAQOUEZDIgMxgnzb2ePQH424.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.247.44.0/24
185.90.162.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:cb:30:b5:b5:64:1a:7e:c3:7a:e6:0c:c9:fc:c4:51:f6:b5:
fc:69:7b:53:fe:ff:02:5a:20:e0:7c:e8:f6:c1:e0:14:da:71:
59:7e:5e:19:ba:59:9d:43:f3:f0:c7:94:3f:c2:3a:d4:14:d9:
e2:6b:6a:61:63:bb:c0:95:59:8d:f4:b3:07:00:19:77:cf:dd:
87:cf:1b:9c:0e:fa:0e:9e:67:b9:70:82:ae:3e:f1:5b:9b:f0:
37:0a:51:24:ee:10:50:39:3c:d7:c9:8a:7e:65:81:8c:34:3d:
db:20:e5:29:34:24:f8:a3:6d:9e:46:29:10:e8:cd:c9:1e:9d:
1f:bb:68:04:4d:6a:7f:33:f2:77:b3:92:cd:4c:a3:2f:e6:7a:
63:03:82:c8:bf:d0:75:a2:48:fb:e2:5d:13:1f:f3:c4:87:74:
47:7a:27:b4:47:50:98:f9:c9:b1:75:fd:83:65:a8:ef:a1:ec:
19:f4:46:ca:43:1c:d8:36:11:8c:8c:0b:24:61:d1:2c:bb:4d:
01:0a:f5:8c:d1:b2:10:35:31:b6:42:6f:23:9a:48:da:36:e3:
74:77:72:52:f3:35:71:40:e8:15:60:6f:02:b6:0d:c2:18:d9:
ef:01:a5:58:36:85:3a:ff:d6:8e:11:54:5e:e8:a3:c5:81:23:
0e:f4:d2:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1198M2zLpTvWKhIKAqoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGNjMGIwMTAzOTQxMTkwYzg4MGNjNjA5ZjM2ZjY3OGY0MDdlMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YqF8wIjWhpJHjMmB8ddqnKatqkW
txLjhVs0izw5b7EAiNYpe2AMRUSqYD3rwGhEroEQtgYYZtXTQwxfZVD2rk2HfPWX
yRGkyFjhrZBNmozx6ZXnJNIyRux8ZtdwCWCVsZFg1ruYCaWl6CnnOwH+aM/pDR7t
WbR89n092h/OPE7PIZcUGEt4c6UxPH6R9CxoHF06o75Eb/dr5pzGDcMYSCII6EaO
WXvmKlZmqME3D9/MVuYAu6dmkrtu9IrwHA9kmMf/1yyxXl8xMY0vJqxB0G+OVoJl
FzCVoENPiUqvTSDeFugAGV9P6pVVCINBLuddbUyo6/Hr2sZ0DJtz2NBwqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBDMCwEDlBGQyIDMYJ829nj0B+NuMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRU13TEFRT1VFWkRJZ014Z256YjJlUFFINDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXvcsAwQA
uVqiMA0GCSqGSIb3DQEBCwUAA4IBAQB/yzC1tWQafsN65gzJ/MRR9rX8aXtT/v8C
WiDgfOj2weAU2nFZfl4ZulmdQ/Pwx5Q/wjrUFNnia2phY7vAlVmN9LMHABl3z92H
zxucDvoOnme5cIKuPvFbm/A3ClEk7hBQOTzXyYp+ZYGMND3bIOUpNCT4o22eRikQ
6M3JHp0fu2gETWp/M/J3s5LNTKMv5npjA4LIv9B1okj74l0TH/PEh3RHeie0R1CY
+cmxdf2DZajvoewZ9EbKQxzYNhGMjAskYdEsu00BCvWM0bIQNTG2Qm8jmkjaNuN0
d3JS8zVxQOgVYG8Ctg3CGNnvAaVYNoU6/9aOEVRe6KPFgSMO9NJT
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:06:25 2025 by rpki-client