Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EhJcp7Bn2IwlmuD7WFhh09ij7lA.roa
File: EhJcp7Bn2IwlmuD7WFhh09ij7lA.roa (raw, json)
Hash identifier: dPyXNzgE3TUDOmBkaLXiaaMsST3mPhTfK0feNt7FheE=
Subject key identifier: 12:12:5C:A7:B0:67:D8:8C:25:9A:E0:FB:58:58:61:D3:D8:A3:EE:50
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189AAD3FC3FB16C311BE8B3E46DF6FFB715
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EhJcp7Bn2IwlmuD7WFhh09ij7lA.roa
Signing time: Mon 31 Jul 2023 07:22:46 +0000
ROA not before: Mon 31 Jul 2023 07:22:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200385
IP address blocks: 141.98.4.0/24 maxlen: 24
94.103.126.0/24 maxlen: 24
195.178.121.0/24 maxlen: 24
87.120.5.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:aa:d3:fc:3f:b1:6c:31:1b:e8:b3:e4:6d:f6:ff:b7:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 31 07:22:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=12125ca7b067d88c259ae0fb585861d3d8a3ee50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:20:fa:02:69:d2:87:45:a7:c1:8f:2f:7c:0a:
9b:11:b1:b6:2f:23:dc:f1:09:5b:8d:67:db:5b:a5:
5f:4d:a2:56:29:99:e9:25:41:e8:08:df:4b:f3:1e:
37:b3:c1:a8:7e:f5:f2:42:af:7a:6b:97:bd:f5:68:
6a:a3:78:64:6f:e3:0c:cc:3b:0f:c8:7d:f2:39:c6:
8c:d3:b7:e2:93:38:21:20:85:97:05:d8:ab:58:55:
b3:72:8c:60:30:8a:e4:e9:09:05:9c:fe:b1:75:a3:
50:e0:eb:b7:96:74:3c:1f:61:e4:42:9d:99:3b:04:
24:a3:b0:3d:3f:29:f1:8c:e6:bd:1f:ee:2e:c6:76:
74:54:ed:71:b6:a2:82:3d:0d:85:7c:47:eb:63:07:
2b:2f:eb:ce:50:01:ac:cd:3d:ff:34:9e:b7:b2:53:
c5:59:da:c0:08:00:a3:d4:2d:ed:6c:e1:56:a5:8a:
d8:5d:3a:31:ba:ac:44:3c:53:56:dd:99:90:6b:12:
c6:ba:9a:2f:81:04:f1:06:0b:6c:f2:24:01:01:18:
bd:48:4b:64:29:60:ae:81:ea:63:36:20:36:3c:ae:
74:9c:56:06:99:7e:ca:25:a4:d7:35:23:48:04:2f:
df:78:42:97:22:dc:25:cb:39:9c:14:18:93:a3:52:
5e:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:12:5C:A7:B0:67:D8:8C:25:9A:E0:FB:58:58:61:D3:D8:A3:EE:50
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EhJcp7Bn2IwlmuD7WFhh09ij7lA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.5.0/24
94.103.126.0/24
141.98.4.0/24
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:8e:9b:e8:42:fe:7f:e3:23:2d:13:d6:f5:a0:4f:3b:88:2d:
f3:90:98:cb:d9:db:10:66:42:df:48:1e:c2:0b:ce:a5:85:84:
b6:b9:0e:1b:8f:e9:fb:34:04:7c:49:e2:20:d4:89:4d:a6:cb:
3c:59:88:f2:41:6f:65:68:81:bc:73:f1:9c:a6:41:3e:4b:e2:
94:ce:44:20:5d:bd:87:ca:a1:05:1a:f6:cb:9d:ce:52:9b:a9:
6a:05:9e:7a:e4:65:54:43:8f:9e:d9:26:4f:0f:31:ff:5a:98:
5f:e9:90:31:c2:31:cc:96:3f:49:2a:c2:b2:f7:be:ed:4f:d3:
a0:25:3e:fe:ec:e5:55:66:89:c7:6e:dc:28:56:65:e5:eb:b3:
59:67:3d:fd:53:63:71:c2:54:c0:6d:8a:1a:1f:46:53:7f:00:
f6:14:c4:5f:55:3d:7c:0e:99:fc:92:58:4b:db:c4:b0:1e:77:
1b:ce:13:03:70:2b:de:d7:0a:6e:39:a3:81:65:1f:67:a0:2e:
73:46:e8:ee:02:fa:ee:b2:8b:3b:52:b2:14:3b:14:14:12:13:
5d:04:a3:e9:82:15:ac:05:27:24:8a:c8:5b:3d:57:02:9e:be:
1c:1f:97:6a:a5:9f:6b:9a:d8:db:47:9f:46:bb:ab:f5:a3:00:
33:c7:0c:a9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYmq0/w/sWwxG+iz5G32/7cVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzMxMDcyMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjEyNWNhN2IwNjdkODhjMjU5YWUwZmI1ODU4NjFkM2Q4YTNlZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCD6AmnSh0WnwY8vfAqbEbG2LyPc
8QlbjWfbW6VfTaJWKZnpJUHoCN9L8x43s8GofvXyQq96a5e99Whqo3hkb+MMzDsP
yH3yOcaM07fikzghIIWXBdirWFWzcoxgMIrk6QkFnP6xdaNQ4Ou3lnQ8H2HkQp2Z
OwQko7A9PynxjOa9H+4uxnZ0VO1xtqKCPQ2FfEfrYwcrL+vOUAGszT3/NJ63slPF
WdrACACj1C3tbOFWpYrYXToxuqxEPFNW3ZmQaxLGupovgQTxBgts8iQBARi9SEtk
KWCugepjNiA2PK50nFYGmX7KJaTXNSNIBC/feEKXItwlyzmcFBiTo1Je9wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBISXKewZ9iMJZrg+1hYYdPYo+5QMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRWhKY3A3Qm4ySXdsbXVEN1dGaGgwOWlqN2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAV3gFAwQA
Xmd+AwQAjWIEAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IBAQAtjpvoQv5/4yMtE9b1
oE87iC3zkJjL2dsQZkLfSB7CC86lhYS2uQ4bj+n7NAR8SeIg1IlNpss8WYjyQW9l
aIG8c/GcpkE+S+KUzkQgXb2HyqEFGvbLnc5Sm6lqBZ565GVUQ4+e2SZPDzH/Wphf
6ZAxwjHMlj9JKsKy977tT9OgJT7+7OVVZonHbtwoVmXl67NZZz39U2NxwlTAbYoa
H0ZTfwD2FMRfVT18Dpn8klhL28SwHncbzhMDcCve1wpuOaOBZR9noC5zRujuAvru
sos7UrIUOxQUEhNdBKPpghWsBSckishbPVcCnr4cH5dqpZ9rmtjbR59Gu6v1owAz
xwyp
-----END CERTIFICATE-----
Generated at Tue May 13 17:20:54 2025 by rpki-client