Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/gAcTHJf95-gBm4cT3Fp1DQdsjb8.roa
File: gAcTHJf95-gBm4cT3Fp1DQdsjb8.roa (raw, json)
Hash identifier: 1mfZxnr0Yvik8aAMq8bU1dPUM8JmGpGNa8Epod1Z2V8=
Subject key identifier: 80:07:13:1C:97:FD:E7:E8:01:9B:87:13:DC:5A:75:0D:07:6C:8D:BF
Certificate issuer: /CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Certificate serial: 0185729ED3DF57908B121368608C9EA17220
Authority key identifier: 4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/gAcTHJf95-gBm4cT3Fp1DQdsjb8.roa
Signing time: Mon 02 Jan 2023 13:14:49 +0000
ROA not before: Mon 02 Jan 2023 13:14:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48960
IP address blocks: 95.173.192.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:d3:df:57:90:8b:12:13:68:60:8c:9e:a1:72:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Validity
Not Before: Jan 2 13:14:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8007131c97fde7e8019b8713dc5a750d076c8dbf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:5d:d6:9a:96:7d:d6:db:f5:76:11:22:e7:87:
ac:d5:cd:a0:78:e6:37:75:9a:a0:f8:26:bb:8b:9f:
90:19:34:d9:0b:c0:0f:e6:ae:58:10:f4:8f:ca:b1:
55:26:46:47:77:c5:92:d2:76:65:10:72:be:b7:fb:
61:04:34:27:54:e7:bb:fa:68:d1:18:ae:a6:da:3d:
04:7e:82:dc:7f:b1:b9:cb:2c:f3:55:7e:36:63:af:
3f:0f:5d:ea:28:be:89:0f:46:8e:e2:9e:44:bc:b4:
d4:7e:b7:55:5d:00:38:7f:52:f3:5a:48:a8:4b:df:
f9:8f:f1:c0:b1:f1:fc:7d:9c:01:cd:fb:53:63:84:
be:7d:79:6d:00:da:b1:89:22:33:48:36:a3:ae:96:
2e:85:2a:42:6b:50:d4:ca:b3:8b:2a:63:59:5c:4b:
19:78:3a:c9:c8:1f:2b:ce:ab:d0:f6:ab:ee:e8:84:
dc:a8:10:18:2f:50:c5:01:52:cc:4c:c8:e6:c3:b7:
13:4f:6d:9b:2f:e3:fd:24:a7:96:36:e3:f4:5d:bb:
27:bd:16:6f:fe:62:c9:14:ab:7f:0f:fa:af:32:09:
c8:0d:bb:5d:6a:97:ee:81:9b:d4:55:f2:6d:8d:ce:
d8:2a:d6:d2:be:3b:7a:6a:af:0c:db:30:8f:3e:ca:
46:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:07:13:1C:97:FD:E7:E8:01:9B:87:13:DC:5A:75:0D:07:6C:8D:BF
X509v3 Authority Key Identifier:
keyid:4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/gAcTHJf95-gBm4cT3Fp1DQdsjb8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.173.192.0/21
Signature Algorithm: sha256WithRSAEncryption
5d:a4:fc:3a:1e:af:c5:5a:af:de:a3:b0:65:39:d4:36:30:8e:
18:a3:47:1a:41:37:45:b4:87:bc:e4:8a:f3:f8:ce:2e:0a:9d:
ab:be:98:83:ec:dc:70:2b:d4:c2:20:ca:71:8c:94:19:44:b3:
78:7c:87:ff:52:41:62:1a:bb:b3:d1:a3:c5:54:af:e9:f5:ec:
99:8f:f3:9f:b6:0a:a3:df:31:c2:26:09:1d:01:ec:55:60:52:
c5:dd:5e:cf:cf:54:88:4c:87:15:e3:09:58:53:f8:a8:80:a5:
44:09:d8:83:77:74:14:26:bd:90:52:b6:fb:f4:cb:02:a3:12:
21:54:4e:6a:66:49:07:b6:20:dd:da:f3:38:2d:9c:3b:62:d8:
18:d8:1d:37:b1:4b:c7:09:00:11:51:8f:10:4b:83:fb:f9:b1:
80:44:12:32:bb:fc:ee:b0:74:fe:e7:72:b1:3b:b7:7f:ba:72:
76:cc:5b:69:5c:8c:56:7b:f1:cb:6d:da:fd:8d:4d:80:2e:96:
3a:1f:5c:a7:99:2a:ed:73:55:af:0b:d5:0b:d5:b9:1c:78:52:
c4:90:42:2e:17:af:ae:66:da:26:88:76:f6:27:9a:ff:b6:e9:
16:90:71:6c:9c:23:95:04:43:08:cb:a2:62:80:48:6e:74:6f:
1a:c9:3e:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyntPfV5CLEhNoYIyeoXIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWVjZmVjOWY1NGU0ZWMzOWMyMDA1ZWY0ZTYzZTcwYjUx
ZmFlZDQwHhcNMjMwMTAyMTMxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA3MTMxYzk3ZmRlN2U4MDE5Yjg3MTNkYzVhNzUwZDA3NmM4ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh13WmpZ91tv1dhEi54es1c2geOY3
dZqg+Ca7i5+QGTTZC8AP5q5YEPSPyrFVJkZHd8WS0nZlEHK+t/thBDQnVOe7+mjR
GK6m2j0EfoLcf7G5yyzzVX42Y68/D13qKL6JD0aO4p5EvLTUfrdVXQA4f1LzWkio
S9/5j/HAsfH8fZwBzftTY4S+fXltANqxiSIzSDajrpYuhSpCa1DUyrOLKmNZXEsZ
eDrJyB8rzqvQ9qvu6ITcqBAYL1DFAVLMTMjmw7cTT22bL+P9JKeWNuP0XbsnvRZv
/mLJFKt/D/qvMgnIDbtdapfugZvUVfJtjc7YKtbSvjt6aq8M2zCPPspGsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAHExyX/efoAZuHE9xadQ0HbI2/MB8GA1UdIwQY
MBaAFE5ez+yfVOTsOcIAXvTmPnC1H67UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYt
ZWNhZDNiNzE0OTM4LzEvZ0FjVEhKZjk1LWdCbTRjVDNGcDFEUWRzamI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYtZWNhZDNiNzE0OTM4
LzEvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX63AMA0G
CSqGSIb3DQEBCwUAA4IBAQBdpPw6Hq/FWq/eo7BlOdQ2MI4Yo0caQTdFtIe85Irz
+M4uCp2rvpiD7NxwK9TCIMpxjJQZRLN4fIf/UkFiGruz0aPFVK/p9eyZj/Oftgqj
3zHCJgkdAexVYFLF3V7Pz1SITIcV4wlYU/iogKVECdiDd3QUJr2QUrb79MsCoxIh
VE5qZkkHtiDd2vM4LZw7YtgY2B03sUvHCQARUY8QS4P7+bGARBIyu/zusHT+53Kx
O7d/unJ2zFtpXIxWe/HLbdr9jU2ALpY6H1ynmSrtc1WvC9UL1bkceFLEkEIuF6+u
ZtomiHb2J5r/tukWkHFsnCOVBEMIy6JigEhudG8ayT7s
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:58:26 2025 by rpki-client