Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rUIkkrg0u2hw-AC8bobcU3M6iqU.roa
File: rUIkkrg0u2hw-AC8bobcU3M6iqU.roa (raw, json)
Hash identifier: omjxRYhszL8sT1La9sygAdfeJvnFqQNwuM5pAMw/l5M=
Subject key identifier: AD:42:24:92:B8:34:BB:68:70:F8:00:BC:6E:86:DC:53:73:3A:8A:A5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01942824715C5CE457A6D9CD3213264801AA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rUIkkrg0u2hw-AC8bobcU3M6iqU.roa
Signing time: Thu 02 Jan 2025 17:51:04 +0000
ROA not before: Thu 02 Jan 2025 17:51:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34569
IP address blocks: 87.121.18.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.22.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:71:5c:5c:e4:57:a6:d9:cd:32:13:26:48:01:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 17:51:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ad422492b834bb6870f800bc6e86dc53733a8aa5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:ed:7c:10:98:dd:b8:02:ec:25:05:0b:52:4a:
1b:59:b9:5e:c9:d9:cb:36:32:07:bc:5a:bc:02:2f:
dd:9e:6e:dc:fa:41:3c:ee:3d:da:4e:30:a5:a5:af:
86:9b:39:69:dc:19:b5:78:0f:1c:c6:7a:a7:84:20:
62:d1:0d:73:cc:1a:29:e0:e3:8c:7c:ad:33:3a:4f:
db:bd:53:5b:1a:7b:67:31:3b:40:20:32:01:81:79:
77:73:a8:f3:66:8b:6a:a7:83:d4:b9:16:79:93:46:
b7:b6:ed:de:ae:36:7d:73:12:ad:b8:be:5d:fa:65:
fd:e1:05:7b:d4:a4:07:93:0c:30:5e:0a:a8:e4:a6:
c8:46:25:21:ca:6b:e2:56:9d:5a:08:9c:38:65:41:
24:44:46:b9:c2:3b:4a:0d:ea:0f:c3:3b:2b:e9:63:
e7:34:9e:4a:1d:b1:db:72:2f:b7:af:e0:19:eb:d3:
e9:ec:2f:4b:1f:56:e0:ad:ed:a1:f7:ed:21:36:c8:
fa:a5:41:d8:ad:ec:45:ac:d9:34:40:9d:85:34:68:
c6:c3:a4:85:7c:c8:ae:86:43:f8:76:bd:09:1f:ee:
dc:8a:27:7b:21:6e:e9:42:f2:19:39:a4:39:f7:3d:
0a:78:07:d2:9b:8e:79:e8:99:05:a4:d0:19:9f:74:
ba:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:42:24:92:B8:34:BB:68:70:F8:00:BC:6E:86:DC:53:73:3A:8A:A5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rUIkkrg0u2hw-AC8bobcU3M6iqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.18.0/24
87.121.20.0-87.121.22.255
Signature Algorithm: sha256WithRSAEncryption
63:8f:c5:c0:19:ec:65:92:ff:3f:2f:e8:e3:e2:79:06:c2:37:
e6:2b:a7:80:69:32:4c:e8:88:49:68:e4:41:a2:7c:14:58:92:
40:33:a9:74:5d:5a:d1:cd:bf:58:e7:10:b9:77:fa:e7:1b:ba:
0a:4f:cd:de:5b:0f:15:55:79:ff:0d:c2:a6:20:ee:05:78:0d:
4b:d6:bc:23:67:d1:30:79:ce:7c:05:21:0e:31:8b:57:4c:15:
95:ed:6c:9d:8a:0d:68:47:10:4b:2b:7f:f5:e9:ec:d9:9a:e9:
df:a1:a2:ed:87:f5:31:a2:4c:17:0c:66:95:6c:9d:89:ea:b7:
ed:76:d5:1e:c7:69:19:e3:52:af:02:65:55:0d:fc:df:05:f4:
a8:d3:1c:ce:48:59:45:c2:5f:f7:08:6c:e0:82:9c:d5:06:3f:
9c:dc:77:85:c0:34:7d:89:35:a2:dc:6b:47:5c:a8:8b:e3:2a:
72:3f:8a:1a:66:95:81:9e:7e:04:a4:d9:92:10:02:17:04:a7:
cb:50:c8:57:9b:08:13:fe:12:f7:2a:49:38:77:ef:3a:e3:0e:
1f:5f:81:ce:71:95:2e:0f:7a:e3:8a:8a:c3:cc:67:e8:39:7c:
f9:c0:29:ef:a2:ee:41:95:04:56:72:38:bc:ea:9d:cd:7e:f3:
cf:77:3c:9f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQoJHFcXORXptnNMhMmSAGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDQyMjQ5MmI4MzRiYjY4NzBmODAwYmM2ZTg2ZGM1MzczM2E4YWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu18EJjduALsJQULUkobWbleydnL
NjIHvFq8Ai/dnm7c+kE87j3aTjClpa+Gmzlp3Bm1eA8cxnqnhCBi0Q1zzBop4OOM
fK0zOk/bvVNbGntnMTtAIDIBgXl3c6jzZotqp4PUuRZ5k0a3tu3erjZ9cxKtuL5d
+mX94QV71KQHkwwwXgqo5KbIRiUhymviVp1aCJw4ZUEkREa5wjtKDeoPwzsr6WPn
NJ5KHbHbci+3r+AZ69Pp7C9LH1bgre2h9+0hNsj6pUHYrexFrNk0QJ2FNGjGw6SF
fMiuhkP4dr0JH+7ciid7IW7pQvIZOaQ59z0KeAfSm4556JkFpNAZn3S66wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK1CJJK4NLtocPgAvG6G3FNzOoqlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvclVJa2tyZzB1Mmh3LUFDOGJvYmNVM002aXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAV3kSMAwD
BAJXeRQDBABXeRYwDQYJKoZIhvcNAQELBQADggEBAGOPxcAZ7GWS/z8v6OPieQbC
N+Yrp4BpMkzoiElo5EGifBRYkkAzqXRdWtHNv1jnELl3+ucbugpPzd5bDxVVef8N
wqYg7gV4DUvWvCNn0TB5znwFIQ4xi1dMFZXtbJ2KDWhHEEsrf/Xp7Nma6d+hou2H
9TGiTBcMZpVsnYnqt+121R7HaRnjUq8CZVUN/N8F9KjTHM5IWUXCX/cIbOCCnNUG
P5zcd4XANH2JNaLca0dcqIvjKnI/ihpmlYGefgSk2ZIQAhcEp8tQyFebCBP+Evcq
STh37zrjDh9fgc5xlS4PeuOKisPMZ+g5fPnAKe+i7kGVBFZyOLzqnc1+8893PJ8=
-----END CERTIFICATE-----
Generated at Mon Apr 28 10:42:34 2025 by rpki-client