Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/QIFNRbw5BwYMDFXo8Sec2dW6g4I.roa
File: QIFNRbw5BwYMDFXo8Sec2dW6g4I.roa (raw, json)
Hash identifier: i7CusN/9Lu4r9j1sjQz83MQPROts0tzRlj8TilrgPvE=
Subject key identifier: 40:81:4D:45:BC:39:07:06:0C:0C:55:E8:F1:27:9C:D9:D5:BA:83:82
Certificate issuer: /CN=0c7161e622f63c0db8568d8cb4c4d7c0d9808346
Certificate serial: 03C80BE1
Authority key identifier: 0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/QIFNRbw5BwYMDFXo8Sec2dW6g4I.roa
Signing time: Sat 01 Jan 2022 11:53:53 +0000
ROA not before: Sat 01 Jan 2022 11:53:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212122
IP address blocks: 195.7.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 63441889 (0x3c80be1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c7161e622f63c0db8568d8cb4c4d7c0d9808346
Validity
Not Before: Jan 1 11:53:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=40814d45bc3907060c0c55e8f1279cd9d5ba8382
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:18:38:2d:ed:61:65:e6:b4:ae:a9:61:c2:81:
eb:d2:62:61:14:5e:a0:40:8d:9e:dc:23:92:e9:f4:
bb:96:05:56:7a:10:71:0b:8f:b9:68:d2:46:3d:99:
9d:e3:d0:0a:33:26:af:c6:bc:9a:e8:ed:98:78:85:
6c:ea:da:c0:c8:bf:0e:83:01:1e:68:c1:6b:8d:25:
c9:6d:44:b2:23:12:c2:8c:1c:f0:81:67:7a:54:4d:
9e:d6:57:22:95:77:2f:17:5e:31:b4:4e:49:b9:aa:
bb:ee:14:fb:37:39:98:30:97:e5:46:e9:d8:38:c3:
67:37:17:f5:9a:38:ea:fe:4c:48:48:26:f5:fa:d3:
98:c3:93:d7:c0:b3:bf:97:de:b1:16:45:33:1f:3b:
d1:30:3e:29:db:57:47:ce:24:2c:67:ba:6c:c8:6c:
3f:5b:c0:ae:29:db:21:79:d9:ad:7e:99:cc:9a:51:
e9:54:53:ca:cd:ba:11:52:ef:1d:15:75:31:ff:c3:
27:c8:4b:8c:f8:3c:eb:96:d6:eb:bc:4a:6b:95:fc:
7d:15:4b:18:3b:76:29:e7:c2:9a:7c:d6:42:3b:e0:
8d:0c:f0:2a:74:6c:69:47:a6:51:11:27:3b:f5:35:
b5:08:5d:9c:c8:64:a8:57:e9:85:63:91:82:7e:8a:
84:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:81:4D:45:BC:39:07:06:0C:0C:55:E8:F1:27:9C:D9:D5:BA:83:82
X509v3 Authority Key Identifier:
keyid:0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/QIFNRbw5BwYMDFXo8Sec2dW6g4I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.7.10.0/24
Signature Algorithm: sha256WithRSAEncryption
60:ae:d5:a8:d6:95:7f:34:b3:f0:45:8c:a9:af:22:27:bc:d4:
87:73:a4:e3:60:a7:80:d5:83:e9:d3:b0:44:0c:7c:0d:99:64:
dd:57:e8:e5:01:b5:3c:d4:8d:ab:d8:2a:72:62:1b:ac:cb:c0:
d0:6e:eb:00:ae:48:f1:35:e3:b9:65:5a:54:7e:44:6a:78:f4:
f0:1e:6e:2d:d4:5a:21:3b:90:8d:dc:2f:1f:c7:11:3b:c0:c0:
3d:56:05:00:52:09:77:45:73:92:51:57:f0:9f:00:57:78:e4:
cb:ae:7e:0e:59:12:18:78:8e:0e:04:26:b5:48:6d:50:e4:06:
d4:a3:29:55:e7:28:9c:48:64:6c:c0:c8:60:33:e8:13:59:e8:
0e:78:19:2a:76:9f:34:53:f0:8b:1d:9d:04:40:48:db:8b:4a:
b6:e9:a1:36:a5:89:c2:db:6c:02:c9:71:42:3b:e6:05:3c:85:
35:9e:f3:41:a0:49:10:82:96:e4:31:c6:7e:36:2c:38:6d:d0:
83:d8:fa:90:2d:12:fd:7a:80:44:d2:c8:55:ba:55:4a:73:f2:
53:d4:e7:9d:fe:63:b2:88:01:37:ba:59:a2:8e:cf:c1:00:c6:
d1:08:eb:19:2f:0c:34:10:9f:58:ce:75:55:59:67:76:3d:76:
e3:5a:22:41
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA8gL4TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzcxNjFlNjIyZjYzYzBkYjg1NjhkOGNiNGM0ZDdjMGQ5ODA4MzQ2MB4XDTIyMDEw
MTExNTM1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDA4MTRkNDViYzM5
MDcwNjBjMGM1NWU4ZjEyNzljZDlkNWJhODM4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKkYOC3tYWXmtK6pYcKB69JiYRReoECNntwjkun0u5YFVnoQ
cQuPuWjSRj2ZnePQCjMmr8a8mujtmHiFbOrawMi/DoMBHmjBa40lyW1EsiMSwowc
8IFnelRNntZXIpV3LxdeMbROSbmqu+4U+zc5mDCX5Ubp2DjDZzcX9Zo46v5MSEgm
9frTmMOT18Czv5fesRZFMx870TA+KdtXR84kLGe6bMhsP1vArinbIXnZrX6ZzJpR
6VRTys26EVLvHRV1Mf/DJ8hLjPg865bW67xKa5X8fRVLGDt2KefCmnzWQjvgjQzw
KnRsaUemUREnO/U1tQhdnMhkqFfphWORgn6KhKsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRAgU1FvDkHBgwMVejxJ5zZ1bqDgjAfBgNVHSMEGDAWgBQMcWHmIvY8DbhW
jYy0xNfA2YCDRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RIRmg1aUwyUEEyNFZvMk10TVRYd05tQWcwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTEvMDFmMDhjLTA2NWUtNGFjMS04ZTgwLWIxNWUzZjA5ZTAxYi8x
L1FJRk5SYnc1QndZTURGWG84U2VjMmRXNmc0SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEv
MDFmMDhjLTA2NWUtNGFjMS04ZTgwLWIxNWUzZjA5ZTAxYi8xL0RIRmg1aUwyUEEy
NFZvMk10TVRYd05tQWcwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMHCjANBgkqhkiG9w0BAQsFAAOC
AQEAYK7VqNaVfzSz8EWMqa8iJ7zUh3Ok42CngNWD6dOwRAx8DZlk3Vfo5QG1PNSN
q9gqcmIbrMvA0G7rAK5I8TXjuWVaVH5Eanj08B5uLdRaITuQjdwvH8cRO8DAPVYF
AFIJd0VzklFX8J8AV3jky65+DlkSGHiODgQmtUhtUOQG1KMpVeconEhkbMDIYDPo
E1noDngZKnafNFPwix2dBEBI24tKtumhNqWJwttsAslxQjvmBTyFNZ7zQaBJEIKW
5DHGfjYsOG3Qg9j6kC0S/XqARNLIVbpVSnPyU9Tnnf5jsogBN7pZoo7PwQDG0Qjr
GS8MNBCfWM51VVlndj1241oiQQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:23:44 2025 by rpki-client