Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4hm65dJPZQ3WGXbZZeLwCCeYuLg.roa
File: 4hm65dJPZQ3WGXbZZeLwCCeYuLg.roa (raw, json)
Hash identifier: hRVMUmvNSTNVON/+7t0ti1H9lkgUXsQbXAyVFG7+jfM=
Subject key identifier: E2:19:BA:E5:D2:4F:65:0D:D6:19:76:D9:65:E2:F0:08:27:98:B8:B8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01892F79430E7572AAAEBF32C3742014CD42
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4hm65dJPZQ3WGXbZZeLwCCeYuLg.roa
Signing time: Fri 07 Jul 2023 08:30:23 +0000
ROA not before: Fri 07 Jul 2023 08:30:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 91.92.24.0/24 maxlen: 24
91.92.24.0/23 maxlen: 23
91.92.25.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2f:79:43:0e:75:72:aa:ae:bf:32:c3:74:20:14:cd:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 7 08:30:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e219bae5d24f650dd61976d965e2f0082798b8b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ca:fe:8e:56:22:0f:bb:47:a5:fa:cc:91:5e:
f0:cb:fe:e0:71:41:c7:0d:6d:67:a0:52:17:95:00:
d0:57:c8:e5:03:3d:4a:cb:ca:ce:5b:b9:74:65:38:
08:d2:90:0f:e8:0e:ea:16:55:7b:af:0c:03:8b:22:
a6:21:84:c5:bc:20:ea:f0:2d:5f:ef:88:74:5c:4d:
e5:ff:ed:e8:00:de:fc:4e:1a:18:0d:20:e4:3e:96:
71:27:46:3b:fd:49:41:2e:38:ee:14:b1:7c:52:28:
9f:69:1f:32:d6:10:3a:36:24:bc:4c:2c:84:f5:98:
72:66:b2:0e:40:bd:23:38:6e:ba:c1:04:92:41:3a:
3a:f6:56:22:2c:d2:71:8e:00:48:70:b8:29:0f:9b:
01:68:36:72:c3:b1:2e:0c:a5:8e:31:eb:a9:b3:3e:
7d:8b:8d:a8:47:9f:9d:31:c2:39:5a:f5:76:2e:b9:
26:a5:0c:66:d5:03:57:43:0d:22:d3:7f:02:7b:e9:
ea:df:c5:2d:c9:f2:98:60:8c:e9:3f:27:cc:a7:53:
31:32:12:79:fc:30:10:51:c4:22:cf:81:96:d4:40:
6f:57:f5:f1:a5:c6:98:cd:b0:a0:0b:3d:51:c0:93:
a7:c3:f7:ec:55:56:be:0e:7f:be:d1:83:fb:b2:9d:
3d:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:19:BA:E5:D2:4F:65:0D:D6:19:76:D9:65:E2:F0:08:27:98:B8:B8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4hm65dJPZQ3WGXbZZeLwCCeYuLg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.87.0/24
91.92.24.0/23
93.123.116.0/24
94.154.163.0/24
171.22.19.0/24
176.125.255.0/24
193.149.28.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:f1:c2:18:d0:32:27:fc:40:cb:ee:58:de:5f:35:fa:2f:0f:
40:69:08:55:76:00:b3:4d:1c:2d:dd:cc:5b:1d:93:ca:c4:7b:
eb:8f:71:46:a5:cb:28:95:55:34:84:b8:d7:d1:ce:e9:d0:57:
b8:ed:56:4c:98:cc:ab:b8:a7:e8:54:29:cc:bc:78:fe:0d:47:
50:f0:c6:17:e2:c0:de:0b:6e:52:8e:6d:1f:6f:8b:aa:3c:3e:
c9:5a:fe:03:2d:fa:1d:40:64:f7:6c:44:33:01:40:44:35:3f:
ef:eb:40:0c:63:9d:b6:b8:09:a2:1c:aa:20:ff:12:72:ba:ba:
c9:b6:54:05:33:e3:1c:93:64:ef:0d:d4:7a:41:3e:15:4f:f5:
78:60:1b:ee:1b:d4:c5:b8:7f:8d:f4:65:2c:0c:38:57:8c:e5:
c1:7c:8d:e8:ec:7a:f8:af:54:ec:de:a5:c7:8a:28:31:9c:be:
4d:f3:b2:25:c6:2b:72:d9:7e:74:d7:44:cb:49:c5:2e:04:f7:
31:b1:9b:a7:22:31:f6:dc:a9:72:a8:ef:41:e2:b0:b6:90:7a:
df:ca:f9:d8:6c:ec:45:34:91:41:17:ce:42:8a:17:99:ac:64:
af:9e:45:26:6e:89:71:7a:8f:7c:c6:c8:8c:17:29:ff:65:23:
a7:ce:e9:a5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkveUMOdXKqrr8yw3QgFM1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzA3MDgzMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE5YmFlNWQyNGY2NTBkZDYxOTc2ZDk2NWUyZjAwODI3OThiOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcr+jlYiD7tHpfrMkV7wy/7gcUHH
DW1noFIXlQDQV8jlAz1Ky8rOW7l0ZTgI0pAP6A7qFlV7rwwDiyKmIYTFvCDq8C1f
74h0XE3l/+3oAN78ThoYDSDkPpZxJ0Y7/UlBLjjuFLF8UiifaR8y1hA6NiS8TCyE
9ZhyZrIOQL0jOG66wQSSQTo69lYiLNJxjgBIcLgpD5sBaDZyw7EuDKWOMeupsz59
i42oR5+dMcI5WvV2LrkmpQxm1QNXQw0i038Ce+nq38UtyfKYYIzpPyfMp1MxMhJ5
/DAQUcQiz4GW1EBvV/XxpcaYzbCgCz1RwJOnw/fsVVa+Dn++0YP7sp09OwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOIZuuXST2UN1hl22WXi8AgnmLi4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNGhtNjVkSlBaUTNXR1hiWlplTHdDQ2VZdUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAV3hXAwQB
W1wYAwQAXXt0AwQAXpqjAwQAqxYTAwQAsH3/AwQCwZUcMA0GCSqGSIb3DQEBCwUA
A4IBAQAO8cIY0DIn/EDL7ljeXzX6Lw9AaQhVdgCzTRwt3cxbHZPKxHvrj3FGpcso
lVU0hLjX0c7p0Fe47VZMmMyruKfoVCnMvHj+DUdQ8MYX4sDeC25Sjm0fb4uqPD7J
Wv4DLfodQGT3bEQzAUBENT/v60AMY522uAmiHKog/xJyurrJtlQFM+Mck2TvDdR6
QT4VT/V4YBvuG9TFuH+N9GUsDDhXjOXBfI3o7Hr4r1Ts3qXHiigxnL5N87Ilxity
2X5010TLScUuBPcxsZunIjH23KlyqO9B4rC2kHrfyvnYbOxFNJFBF85CiheZrGSv
nkUmbolxeo98xsiMFyn/ZSOnzuml
-----END CERTIFICATE-----
Generated at Tue May 13 20:39:18 2025 by rpki-client