Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_h5xrS_lmxByYTsdhAsiugH51HQ.roa
File: _h5xrS_lmxByYTsdhAsiugH51HQ.roa (raw, json)
Hash identifier: SzB5duprtZv0Gj+XJzjIOOS+LLjvSoDUdSJMUZ7jNBs=
Subject key identifier: FE:1E:71:AD:2F:E5:9B:10:72:61:3B:1D:84:0B:22:BA:01:F9:D4:74
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187EBDCC1FBCDABACA29A400398DE5E7107
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_h5xrS_lmxByYTsdhAsiugH51HQ.roa
Signing time: Fri 05 May 2023 12:22:05 +0000
ROA not before: Fri 05 May 2023 12:22:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60721
IP address blocks: 87.120.89.0/24 maxlen: 24
87.121.57.0/24 maxlen: 24
87.121.56.0/24 maxlen: 24
45.66.229.0/24 maxlen: 24
87.120.32.0/24 maxlen: 24
87.121.100.0/24 maxlen: 24
87.120.35.0/24 maxlen: 24
87.121.101.0/24 maxlen: 24
87.120.34.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:eb:dc:c1:fb:cd:ab:ac:a2:9a:40:03:98:de:5e:71:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 5 12:22:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fe1e71ad2fe59b1072613b1d840b22ba01f9d474
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:8c:39:c3:a7:8d:89:5a:53:eb:36:2e:3c:70:
96:69:40:e9:97:b3:f3:b2:07:4a:7a:32:b5:36:62:
db:2e:f5:3f:df:0c:ab:ba:f2:42:95:5e:19:7b:27:
42:95:b6:67:1c:23:d3:c4:29:7e:15:54:c8:12:4c:
b9:a2:d0:06:8f:26:f5:9c:71:65:50:c6:ed:a1:1d:
67:ec:8d:00:74:10:9a:6c:52:88:51:b5:c0:40:e9:
a3:64:11:ce:f1:14:2d:b3:60:77:40:db:52:41:bc:
92:d6:50:50:84:9c:1a:a3:12:ee:f1:1f:b3:69:f9:
c8:41:d9:c6:a8:8d:60:73:6c:be:0f:27:cb:99:6f:
9f:3e:fe:85:72:ab:73:6f:01:42:b8:03:a7:74:6e:
82:1d:df:85:ee:4b:f1:25:a5:e3:5f:9a:26:4e:b7:
46:55:a7:a5:cc:11:4e:a1:d4:0b:61:6e:96:b8:5d:
35:66:a8:b6:43:9b:d5:76:44:40:bc:f4:ae:38:39:
71:80:f9:f2:29:4f:e2:db:81:39:87:49:eb:a5:dd:
ec:15:70:cd:1f:7a:fd:23:cb:14:67:b0:4c:77:e3:
d9:f2:02:08:bf:de:07:16:d9:46:2d:4d:a9:d2:30:
41:d2:e1:fa:a2:9c:d9:25:43:fb:b3:b3:dc:9c:f8:
2d:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:1E:71:AD:2F:E5:9B:10:72:61:3B:1D:84:0B:22:BA:01:F9:D4:74
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_h5xrS_lmxByYTsdhAsiugH51HQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.229.0/24
87.120.32.0/24
87.120.34.0/23
87.120.89.0/24
87.121.56.0/23
87.121.100.0/23
Signature Algorithm: sha256WithRSAEncryption
8b:7d:31:27:6a:9d:2f:55:0e:b8:09:36:3d:69:53:b0:b4:8d:
3d:29:45:55:86:79:44:22:8b:98:7a:7b:22:6e:46:74:8e:24:
5e:0d:23:fd:94:75:1d:ac:bc:41:ad:74:6e:12:52:51:1f:ad:
41:a2:ef:e7:ed:63:71:08:ad:ce:d1:43:0e:b5:fd:29:2e:b4:
e2:03:9e:07:ab:3c:fb:5a:98:dd:81:56:d9:bf:ce:e5:ac:e2:
7f:c8:34:30:61:4f:11:c1:1e:bc:fc:e1:8c:67:14:33:09:d9:
7a:4d:2f:09:cf:b3:be:83:a8:4d:31:d8:8c:5b:7e:4c:88:21:
46:12:39:03:ba:59:34:80:a4:4f:a3:07:74:ef:9e:e8:ac:6c:
20:64:a7:56:f3:d5:e9:2b:a5:49:0e:f1:07:ca:9b:b3:4d:e8:
0c:13:69:d5:6d:f0:8f:e9:5d:3b:50:ec:c7:b1:28:15:7b:39:
0c:90:cd:66:fa:ac:52:0d:6d:a3:61:39:5d:b7:37:25:1f:29:
e2:3a:9b:d8:e7:8a:fa:4c:53:6a:c0:ba:a9:95:fa:4a:be:3b:
c7:76:d4:c9:74:f8:eb:f3:eb:3a:d0:18:dd:10:72:35:aa:77:
aa:3f:2f:9c:c0:54:bb:65:39:80:70:b9:8f:47:31:b9:ce:0a:
c7:92:18:fc
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYfr3MH7zausoppAA5jeXnEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA1MTIyMjA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTFlNzFhZDJmZTU5YjEwNzI2MTNiMWQ4NDBiMjJiYTAxZjlkNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIw5w6eNiVpT6zYuPHCWaUDpl7Pz
sgdKejK1NmLbLvU/3wyruvJClV4ZeydClbZnHCPTxCl+FVTIEky5otAGjyb1nHFl
UMbtoR1n7I0AdBCabFKIUbXAQOmjZBHO8RQts2B3QNtSQbyS1lBQhJwaoxLu8R+z
afnIQdnGqI1gc2y+DyfLmW+fPv6FcqtzbwFCuAOndG6CHd+F7kvxJaXjX5omTrdG
VaelzBFOodQLYW6WuF01Zqi2Q5vVdkRAvPSuODlxgPnyKU/i24E5h0nrpd3sFXDN
H3r9I8sUZ7BMd+PZ8gIIv94HFtlGLU2p0jBB0uH6opzZJUP7s7PcnPgtUQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFP4eca0v5ZsQcmE7HYQLIroB+dR0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX2g1eHJTX2xteEJ5WVRzZGhBc2l1Z0g1MUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALULlAwQA
V3ggAwQBV3giAwQAV3hZAwQBV3k4AwQBV3lkMA0GCSqGSIb3DQEBCwUAA4IBAQCL
fTEnap0vVQ64CTY9aVOwtI09KUVVhnlEIouYensibkZ0jiReDSP9lHUdrLxBrXRu
ElJRH61Bou/n7WNxCK3O0UMOtf0pLrTiA54Hqzz7WpjdgVbZv87lrOJ/yDQwYU8R
wR68/OGMZxQzCdl6TS8Jz7O+g6hNMdiMW35MiCFGEjkDulk0gKRPowd0757orGwg
ZKdW89XpK6VJDvEHypuzTegME2nVbfCP6V07UOzHsSgVezkMkM1m+qxSDW2jYTld
tzclHyniOpvY54r6TFNqwLqplfpKvjvHdtTJdPjr8+s60BjdEHI1qneqPy+cwFS7
ZTmAcLmPRzG5zgrHkhj8
-----END CERTIFICATE-----
Generated at Tue May 13 18:58:34 2025 by rpki-client