Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/2cd4cc-f498-4dae-9e24-8af66f488bbc/1/fOyNY-gEhtYfegT8-AQjKelbmFQ.roa
File: fOyNY-gEhtYfegT8-AQjKelbmFQ.roa (raw, json)
Hash identifier: c8MaNUcbaCrN+nedmgwSd8wk/ycTEeyjLbB+sZnV2V8=
Subject key identifier: 7C:EC:8D:63:E8:04:86:D6:1F:7A:04:FC:F8:04:23:29:E9:5B:98:54
Certificate issuer: /CN=7c7bec7205df88d077086f4a8fb5aece75cbb661
Certificate serial: 01856EC1FBDB8C39415AF14A8255FEB29D6E
Authority key identifier: 7C:7B:EC:72:05:DF:88:D0:77:08:6F:4A:8F:B5:AE:CE:75:CB:B6:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fHvscgXfiNB3CG9Kj7WuznXLtmE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/2cd4cc-f498-4dae-9e24-8af66f488bbc/1/fOyNY-gEhtYfegT8-AQjKelbmFQ.roa
Signing time: Sun 01 Jan 2023 19:14:44 +0000
ROA not before: Sun 01 Jan 2023 19:14:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41009
IP address blocks: 195.189.60.0/22 maxlen: 22
2001:67c:1bcc::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:c1:fb:db:8c:39:41:5a:f1:4a:82:55:fe:b2:9d:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c7bec7205df88d077086f4a8fb5aece75cbb661
Validity
Not Before: Jan 1 19:14:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7cec8d63e80486d61f7a04fcf8042329e95b9854
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:13:4c:ad:16:ce:eb:42:c2:20:a2:d6:38:05:
c4:6c:4e:39:e8:47:9e:91:da:65:2f:02:e4:bb:e5:
fc:b0:e3:31:6d:d2:08:8f:69:13:51:d7:84:86:9b:
85:e8:25:80:0e:0b:0d:20:e0:b0:40:51:99:62:31:
5a:75:9b:00:e3:6f:f1:96:83:ec:58:e9:73:21:2d:
b4:05:08:93:4e:82:11:cb:76:9d:6c:e6:bf:17:48:
14:91:9e:5c:84:a2:16:ce:04:8d:12:2c:5e:ee:b0:
06:fd:50:e3:bc:8e:88:c6:cf:39:72:ac:e8:99:0c:
e6:8b:b2:24:24:96:49:0c:67:b2:e1:9f:64:1c:68:
92:a8:03:af:aa:1d:d5:f1:26:93:f5:d4:45:da:f0:
04:ce:0d:87:d5:03:1c:e0:ee:26:76:a8:c4:e9:39:
6c:b6:83:02:47:45:ed:ce:da:1c:4d:52:08:c7:0d:
87:c8:0e:e9:3d:7e:44:50:3b:56:85:25:fa:16:f0:
e3:27:df:8e:06:ba:b6:53:fc:ba:1c:58:d0:dc:bf:
4d:1d:22:72:10:6e:fc:51:ea:85:d4:5d:b2:2b:95:
a7:68:a0:75:a8:82:4c:88:3b:02:ab:5e:db:6d:4a:
87:a8:26:db:0a:91:1f:88:44:fc:e8:62:0f:b8:b9:
6a:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:EC:8D:63:E8:04:86:D6:1F:7A:04:FC:F8:04:23:29:E9:5B:98:54
X509v3 Authority Key Identifier:
keyid:7C:7B:EC:72:05:DF:88:D0:77:08:6F:4A:8F:B5:AE:CE:75:CB:B6:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fHvscgXfiNB3CG9Kj7WuznXLtmE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/2cd4cc-f498-4dae-9e24-8af66f488bbc/1/fOyNY-gEhtYfegT8-AQjKelbmFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/2cd4cc-f498-4dae-9e24-8af66f488bbc/1/fHvscgXfiNB3CG9Kj7WuznXLtmE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.189.60.0/22
IPv6:
2001:67c:1bcc::/48
Signature Algorithm: sha256WithRSAEncryption
ac:a4:1d:22:f1:0b:bf:2a:c2:09:f4:3f:92:30:84:cc:a1:fd:
b8:35:e7:16:74:a8:6d:42:ef:b5:c3:09:a9:94:7b:2c:46:b0:
6f:b2:0b:06:53:7f:5c:84:87:86:7e:66:cf:db:3c:08:a6:c8:
19:aa:99:75:ee:31:76:f1:fc:82:60:b5:0e:e5:f7:09:71:18:
36:e4:13:6d:1e:22:89:1d:1b:ca:5f:1e:a9:20:30:39:19:8e:
5b:c1:a5:b1:74:d8:03:8f:4e:c6:8f:2a:e2:d4:7a:75:32:8e:
89:a4:a3:cf:b7:d4:7b:d9:61:3d:51:9b:4e:57:ca:c1:d9:3c:
68:c1:3d:ca:2c:c3:bb:68:47:27:8d:09:78:6f:9d:14:c7:b4:
fb:f1:ef:ce:e7:35:85:6c:78:90:9b:54:96:00:fc:9e:2f:9c:
9b:a1:f0:19:a5:6c:85:da:35:11:76:33:f5:a0:99:d4:8a:a7:
39:4c:37:19:66:55:78:f2:52:00:06:61:3e:95:e4:de:b1:71:
88:a7:bc:5c:c7:f4:96:18:41:35:e8:9a:a3:e6:f5:ae:38:30:
ed:e1:a7:f5:13:90:76:d2:c5:23:22:1a:22:73:d0:2e:fc:98:
6a:2b:3e:7e:af:e1:04:8d:ec:55:c8:d0:cd:f1:8a:88:89:5c:
85:ff:0c:e1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVuwfvbjDlBWvFKglX+sp1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjN2JlYzcyMDVkZjg4ZDA3NzA4NmY0YThmYjVhZWNlNzVj
YmI2NjEwHhcNMjMwMTAxMTkxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VjOGQ2M2U4MDQ4NmQ2MWY3YTA0ZmNmODA0MjMyOWU5NWI5ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRNMrRbO60LCIKLWOAXEbE456Eee
kdplLwLku+X8sOMxbdIIj2kTUdeEhpuF6CWADgsNIOCwQFGZYjFadZsA42/xloPs
WOlzIS20BQiTToIRy3adbOa/F0gUkZ5chKIWzgSNEixe7rAG/VDjvI6Ixs85cqzo
mQzmi7IkJJZJDGey4Z9kHGiSqAOvqh3V8SaT9dRF2vAEzg2H1QMc4O4mdqjE6Tls
toMCR0XtztocTVIIxw2HyA7pPX5EUDtWhSX6FvDjJ9+OBrq2U/y6HFjQ3L9NHSJy
EG78UeqF1F2yK5WnaKB1qIJMiDsCq17bbUqHqCbbCpEfiET86GIPuLlqqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHzsjWPoBIbWH3oE/PgEIynpW5hUMB8GA1UdIwQY
MBaAFHx77HIF34jQdwhvSo+1rs51y7ZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkh2c2NnWGZpTkIzQ0c5S2o3V3V6blhMdG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8yY2Q0Y2MtZjQ5OC00ZGFlLTllMjQt
OGFmNjZmNDg4YmJjLzEvZk95TlktZ0VodFlmZWdUOC1BUWpLZWxibUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8yY2Q0Y2MtZjQ5OC00ZGFlLTllMjQtOGFmNjZmNDg4YmJj
LzEvZkh2c2NnWGZpTkIzQ0c5S2o3V3V6blhMdG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCw708MA8E
AgACMAkDBwAgAQZ8G8wwDQYJKoZIhvcNAQELBQADggEBAKykHSLxC78qwgn0P5Iw
hMyh/bg15xZ0qG1C77XDCamUeyxGsG+yCwZTf1yEh4Z+Zs/bPAimyBmqmXXuMXbx
/IJgtQ7l9wlxGDbkE20eIokdG8pfHqkgMDkZjlvBpbF02AOPTsaPKuLUenUyjomk
o8+31HvZYT1Rm05XysHZPGjBPcosw7toRyeNCXhvnRTHtPvx787nNYVseJCbVJYA
/J4vnJuh8BmlbIXaNRF2M/WgmdSKpzlMNxlmVXjyUgAGYT6V5N6xcYinvFzH9JYY
QTXomqPm9a44MO3hp/UTkHbSxSMiGiJz0C78mGorPn6v4QSN7FXI0M3xioiJXIX/
DOE=
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:12:47 2025 by rpki-client