Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FN7UtUDMYoR_YRJprj0rBcYAigw.roa
File: FN7UtUDMYoR_YRJprj0rBcYAigw.roa (raw, json)
Hash identifier: pXQEvBRMJLtBhvgaU1517EgROEKoZvfHj3UZq77eulQ=
Subject key identifier: 14:DE:D4:B5:40:CC:62:84:7F:61:12:69:AE:3D:2B:05:C6:00:8A:0C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CB0ADA2E3BC2243E899248EABD1E0E55F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FN7UtUDMYoR_YRJprj0rBcYAigw.roa
Signing time: Thu 28 Dec 2023 13:46:58 +0000
ROA not before: Thu 28 Dec 2023 13:46:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200105
IP address blocks: 87.121.124.0/23 maxlen: 24
91.200.192.0/22 maxlen: 24
45.129.84.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b0:ad:a2:e3:bc:22:43:e8:99:24:8e:ab:d1:e0:e5:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 28 13:46:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=14ded4b540cc62847f611269ae3d2b05c6008a0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:bd:19:7a:2f:51:a3:a9:24:26:ee:75:81:fe:
f0:44:67:9d:19:30:25:ce:37:3d:2f:dc:5a:5f:12:
f3:48:de:ba:7b:37:50:27:0e:d1:76:85:a6:72:48:
53:12:89:e2:5d:42:70:fc:0b:7b:11:92:5e:07:36:
1a:9d:dc:20:85:34:51:97:79:71:03:4e:26:91:38:
ae:b6:9e:65:2f:91:61:b0:a0:bb:49:3f:25:50:e3:
fe:d0:b4:1c:03:01:0b:54:be:21:cd:93:68:53:ce:
5e:28:c2:93:cd:74:b1:64:e7:bd:04:f2:32:4e:b5:
4f:d5:19:08:2d:31:b4:f9:cc:67:99:af:b3:2b:8a:
38:56:ac:37:7b:20:2a:a8:72:2f:aa:0a:f3:5c:a7:
d6:96:a8:5e:f4:4d:08:b9:11:7d:aa:89:60:bc:c6:
4b:a2:58:94:99:b4:88:07:54:75:26:f9:27:f3:f8:
53:39:52:46:a6:cd:e3:e2:4e:2b:bd:95:08:c1:46:
2e:7d:49:1d:f6:64:67:88:e5:0f:ff:f7:e4:92:d6:
eb:5b:8d:20:42:e8:93:33:5f:bd:82:20:fb:29:b3:
28:75:94:35:f5:f0:09:ef:99:86:fd:0d:66:5e:1c:
65:14:ca:64:47:d9:69:8d:7a:56:dd:4e:6f:6a:77:
9e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:DE:D4:B5:40:CC:62:84:7F:61:12:69:AE:3D:2B:05:C6:00:8A:0C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FN7UtUDMYoR_YRJprj0rBcYAigw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.84.0/24
87.121.124.0/23
91.200.192.0/22
94.154.172.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:35:b3:b8:7f:1c:36:a3:e4:a7:95:e5:09:5f:e2:ef:13:3d:
15:6f:1e:06:c5:ef:1b:4b:25:ce:be:bf:40:1d:9d:58:f0:c3:
59:a7:08:39:05:eb:85:db:70:25:9e:a5:c5:e5:64:df:97:61:
4b:40:27:0c:d2:4b:1c:79:70:7b:58:0f:08:22:a5:0f:66:2b:
c4:77:45:40:d2:21:42:45:cc:d3:1e:3f:ba:0c:96:85:26:71:
6e:d9:14:6c:66:41:96:55:bd:29:0f:73:bb:96:29:e7:44:13:
f5:ed:50:10:ee:d3:8b:6a:15:43:67:70:90:81:17:af:57:66:
ee:a6:2b:82:17:f8:26:79:be:a2:82:8a:a4:a7:66:12:e6:ca:
fc:70:03:20:03:be:81:a5:f3:0d:f5:53:dc:b6:2e:12:6f:46:
51:f6:0f:c4:3c:3b:6c:54:a1:74:52:16:87:4f:f0:14:0c:a1:
47:e6:5f:7d:7b:ba:b3:8d:7f:9b:a6:aa:47:3e:dd:ab:86:ac:
35:d6:da:21:3b:14:eb:de:8f:2b:bb:67:81:22:ea:83:e5:ea:
f4:fe:0e:33:ff:d6:f4:4f:37:82:9b:52:0f:ac:dd:0f:0a:25:
79:f4:2c:73:da:32:b8:58:29:ad:ba:51:50:95:07:9e:9a:1c:
cd:00:30:cb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYywraLjvCJD6JkkjqvR4OVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjI4MTM0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRlZDRiNTQwY2M2Mjg0N2Y2MTEyNjlhZTNkMmIwNWM2MDA4YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr0Zei9Ro6kkJu51gf7wRGedGTAl
zjc9L9xaXxLzSN66ezdQJw7RdoWmckhTEoniXUJw/At7EZJeBzYandwghTRRl3lx
A04mkTiutp5lL5FhsKC7ST8lUOP+0LQcAwELVL4hzZNoU85eKMKTzXSxZOe9BPIy
TrVP1RkILTG0+cxnma+zK4o4Vqw3eyAqqHIvqgrzXKfWlqhe9E0IuRF9qolgvMZL
oliUmbSIB1R1Jvkn8/hTOVJGps3j4k4rvZUIwUYufUkd9mRniOUP//fkktbrW40g
QuiTM1+9giD7KbModZQ19fAJ75mG/Q1mXhxlFMpkR9lpjXpW3U5vaneeRwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBTe1LVAzGKEf2ESaa49KwXGAIoMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRk43VXRVRE1Zb1JfWVJKcHJqMHJCY1lBaWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYFUAwQB
V3l8AwQCW8jAAwQAXpqsMA0GCSqGSIb3DQEBCwUAA4IBAQB6NbO4fxw2o+SnleUJ
X+LvEz0Vbx4Gxe8bSyXOvr9AHZ1Y8MNZpwg5BeuF23AlnqXF5WTfl2FLQCcM0ksc
eXB7WA8IIqUPZivEd0VA0iFCRczTHj+6DJaFJnFu2RRsZkGWVb0pD3O7linnRBP1
7VAQ7tOLahVDZ3CQgRevV2bupiuCF/gmeb6igoqkp2YS5sr8cAMgA76BpfMN9VPc
ti4Sb0ZR9g/EPDtsVKF0UhaHT/AUDKFH5l99e7qzjX+bpqpHPt2rhqw11tohOxTr
3o8ru2eBIuqD5er0/g4z/9b0TzeCm1IPrN0PCiV59Cxz2jK4WCmtulFQlQeemhzN
ADDL
-----END CERTIFICATE-----
Generated at Tue May 13 16:19:49 2025 by rpki-client