Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/YpXxZd-Nu_oxpWcAxy1lHAEDRTQ.roa
File: YpXxZd-Nu_oxpWcAxy1lHAEDRTQ.roa (raw, json)
Hash identifier: KPMr4qSluUk6QYPhQl91pUcjOrzjRGn9JO9RIIV9fWE=
Subject key identifier: 62:95:F1:65:DF:8D:BB:FA:31:A5:67:00:C7:2D:65:1C:01:03:45:34
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 0189495384EAC6A634CEB992CDB4F154D29A
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/YpXxZd-Nu_oxpWcAxy1lHAEDRTQ.roa
Signing time: Wed 12 Jul 2023 08:59:17 +0000
ROA not before: Wed 12 Jul 2023 08:59:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49024
IP address blocks: 185.154.28.0/22 maxlen: 24
95.131.120.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:49:53:84:ea:c6:a6:34:ce:b9:92:cd:b4:f1:54:d2:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jul 12 08:59:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6295f165df8dbbfa31a56700c72d651c01034534
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e4:b0:36:01:8a:ed:ad:a8:68:08:8a:98:02:
7b:2c:71:11:2c:00:f3:c0:86:8a:97:64:8b:52:25:
c3:5e:a3:ed:93:c1:7a:31:5a:6d:28:38:c2:b8:19:
4c:f4:2f:ab:a7:63:04:2a:2d:6c:51:40:27:c2:3c:
ae:80:89:5d:3d:ef:c8:c9:89:f1:e1:da:19:33:e9:
96:d7:43:ec:ca:31:bb:b0:05:3e:dc:80:61:55:41:
4d:1f:7c:0b:5d:03:b4:c6:02:37:78:b2:2e:89:b6:
2b:10:94:3f:53:31:12:49:b4:6f:41:a6:f0:57:96:
3a:04:66:c3:b7:15:0f:86:2c:c0:3e:0e:fd:8c:e5:
59:28:35:4b:dd:15:c8:f8:71:88:25:cc:57:9b:3d:
3f:5b:ed:9a:31:3f:99:7a:30:8f:be:85:b3:3f:64:
32:e8:d3:32:d8:6b:3c:1a:b0:ab:d3:99:c0:c2:a7:
07:9e:62:7e:a4:5c:72:4e:4b:a8:ed:48:57:8f:2a:
63:89:af:d0:68:df:89:51:7b:51:35:2f:d1:26:3f:
3a:b3:71:1d:5f:d6:6d:4b:46:49:1e:93:1f:3a:19:
f2:d8:cf:e3:47:a2:b8:48:5e:f7:e2:95:44:73:7d:
63:81:07:ab:9a:c5:50:b0:55:c9:67:14:06:55:c3:
79:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:95:F1:65:DF:8D:BB:FA:31:A5:67:00:C7:2D:65:1C:01:03:45:34
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/YpXxZd-Nu_oxpWcAxy1lHAEDRTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
Signature Algorithm: sha256WithRSAEncryption
09:c8:9a:52:4b:9a:61:8a:c8:7e:de:c2:7b:fa:97:f4:c5:5e:
87:de:51:a4:2f:a7:9e:5c:e7:5e:a0:de:36:f8:16:20:ed:b4:
33:66:2f:8a:50:77:20:37:6c:a8:5f:dd:a6:0b:5f:9a:31:ec:
e1:37:b1:4d:40:1a:4e:07:ac:9b:00:3c:86:68:b2:b5:c2:1a:
78:ad:f9:1f:5b:45:2f:f8:18:0a:5b:b0:b0:f9:a7:99:fd:8b:
93:e6:93:95:33:b9:52:af:db:ba:87:0c:9a:67:de:88:66:57:
be:88:12:6e:e3:de:82:7b:e1:87:04:4f:db:02:f5:b7:f5:ee:
0b:e3:1a:d2:c0:42:85:83:0d:cf:b4:6a:74:9d:9c:81:27:6c:
67:d8:d0:a5:f6:d0:21:41:b0:47:2a:cc:44:f3:cc:07:ee:fb:
d5:22:ae:f9:70:ee:d9:56:29:89:70:42:f4:f8:96:73:de:72:
9a:bb:9e:72:5b:dc:d4:c3:8f:4c:dc:27:b9:ff:29:bb:a7:93:
3b:d5:79:b6:d8:b5:5d:fd:5d:38:9e:2c:f8:31:3e:6f:ca:3e:
da:ae:1e:2e:87:6e:c3:94:1d:ae:99:01:5e:da:05:a3:a5:52:
27:33:3b:63:bb:1a:3a:06:51:32:3e:10:32:99:58:c5:76:76:
8e:60:5a:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYlJU4TqxqY0zrmSzbTxVNKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjMwNzEyMDg1OTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjk1ZjE2NWRmOGRiYmZhMzFhNTY3MDBjNzJkNjUxYzAxMDM0NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuSwNgGK7a2oaAiKmAJ7LHERLADz
wIaKl2SLUiXDXqPtk8F6MVptKDjCuBlM9C+rp2MEKi1sUUAnwjyugIldPe/IyYnx
4doZM+mW10PsyjG7sAU+3IBhVUFNH3wLXQO0xgI3eLIuibYrEJQ/UzESSbRvQabw
V5Y6BGbDtxUPhizAPg79jOVZKDVL3RXI+HGIJcxXmz0/W+2aMT+ZejCPvoWzP2Qy
6NMy2Gs8GrCr05nAwqcHnmJ+pFxyTkuo7UhXjypjia/QaN+JUXtRNS/RJj86s3Ed
X9ZtS0ZJHpMfOhny2M/jR6K4SF734pVEc31jgQermsVQsFXJZxQGVcN5RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGKV8WXfjbv6MaVnAMctZRwBA0U0MB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEvWXBYeFpkLU51X294cFdjQXh5MWxIQUVEUlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX4N4AwQC
uZocMA0GCSqGSIb3DQEBCwUAA4IBAQAJyJpSS5phish+3sJ7+pf0xV6H3lGkL6ee
XOdeoN42+BYg7bQzZi+KUHcgN2yoX92mC1+aMezhN7FNQBpOB6ybADyGaLK1whp4
rfkfW0Uv+BgKW7Cw+aeZ/YuT5pOVM7lSr9u6hwyaZ96IZle+iBJu496Ce+GHBE/b
AvW39e4L4xrSwEKFgw3PtGp0nZyBJ2xn2NCl9tAhQbBHKsxE88wH7vvVIq75cO7Z
VimJcEL0+JZz3nKau55yW9zUw49M3Ce5/ym7p5M71Xm22LVd/V04niz4MT5vyj7a
rh4uh27DlB2umQFe2gWjpVInMztjuxo6BlEyPhAymVjFdnaOYFp0
-----END CERTIFICATE-----
Generated at Mon May 12 11:32:17 2025 by rpki-client