Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/XlqvFbMQM9vGOkcaF61Pm06lyqk.roa
File: XlqvFbMQM9vGOkcaF61Pm06lyqk.roa (raw, json)
Hash identifier: lhEvSG7Gj1C/FqB2vvyd5mPll7Tr3wlcnrnDbnl27vM=
Subject key identifier: 5E:5A:AF:15:B3:10:33:DB:C6:3A:47:1A:17:AD:4F:9B:4E:A5:CA:A9
Certificate issuer: /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial: 018CC9BA72B28DDBD12C8B8988F0D1FB2CA8
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/XlqvFbMQM9vGOkcaF61Pm06lyqk.roa
Signing time: Tue 02 Jan 2024 10:31:28 +0000
ROA not before: Tue 02 Jan 2024 10:31:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60781
IP address blocks: 87.251.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:ba:72:b2:8d:db:d1:2c:8b:89:88:f0:d1:fb:2c:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Validity
Not Before: Jan 2 10:31:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5e5aaf15b31033dbc63a471a17ad4f9b4ea5caa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:51:0d:f6:a5:66:d8:8e:99:95:af:7f:cc:7b:
5a:c3:b7:05:bc:1c:f8:e8:93:e5:e9:b1:9b:fd:79:
4d:33:93:e7:29:1e:3d:dc:5c:7e:ce:1c:08:ef:b8:
5e:ed:31:13:52:11:73:4a:29:97:a0:dc:13:18:37:
4a:bd:97:b0:78:68:a2:cd:ae:e4:e3:f5:8f:90:ba:
f5:a7:94:99:07:88:59:32:09:51:2d:88:74:1b:9c:
e1:7b:50:6c:df:03:6a:32:1a:5d:2a:be:08:f1:ca:
a7:51:cf:bb:dc:fa:df:49:fd:9e:cf:7c:af:d1:bd:
18:af:9a:98:41:48:a3:12:4a:d5:b7:82:20:ce:e6:
01:2f:79:94:b1:c4:26:17:f2:1b:f3:e4:c3:c8:3c:
f8:98:7b:d6:5b:19:b5:60:b5:ca:59:09:6a:5d:75:
0b:f2:dc:d8:df:b6:ae:12:79:9d:26:da:37:2b:9f:
5f:d5:02:97:bf:a8:a6:06:5b:af:8b:a5:5e:e2:9b:
74:5d:b3:6a:a7:b5:0b:09:b0:39:f9:70:78:21:fa:
62:4b:60:4b:61:36:80:bb:f4:7f:c0:4b:22:44:7b:
29:46:d4:68:8f:45:97:1c:e3:ef:96:66:bf:8a:8d:
54:95:63:f6:d0:ea:e4:38:76:c7:c1:06:bf:8c:28:
45:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:5A:AF:15:B3:10:33:DB:C6:3A:47:1A:17:AD:4F:9B:4E:A5:CA:A9
X509v3 Authority Key Identifier:
keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/XlqvFbMQM9vGOkcaF61Pm06lyqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.251.19.0/24
Signature Algorithm: sha256WithRSAEncryption
65:dd:14:b5:1b:a0:95:b3:5f:1a:09:78:07:51:74:fb:35:9d:
42:a8:ca:a4:65:33:e7:74:bc:4a:20:71:fb:47:3b:37:c9:e9:
f1:a9:c0:73:6b:7f:13:e8:0a:ca:4c:59:dd:52:da:16:b3:91:
b5:7d:bf:d6:d2:9f:12:e1:07:9e:13:86:c4:a4:30:8c:3f:60:
d0:21:a0:d5:ec:4a:df:49:87:33:b8:7a:33:23:0a:b0:68:c2:
83:a8:b4:0e:d2:a2:2c:ab:f3:62:53:74:7b:4e:a1:ad:47:e1:
38:bb:f9:74:9b:41:ac:a1:f6:4d:6d:ba:cb:9e:af:3b:db:a7:
62:4b:67:20:5e:8d:88:75:7d:bf:4d:59:5d:06:51:cf:b8:60:
b8:5f:2d:81:c5:61:e3:e4:b8:a4:88:f4:fb:4e:2d:b5:33:88:
f8:13:79:4a:87:19:8a:b3:8c:4f:9d:c4:2f:d0:ab:4d:ec:b6:
42:0b:69:38:c8:60:44:3f:54:af:1b:46:d3:ad:1d:3f:c2:23:
a1:df:8f:e0:4f:2c:a0:d2:87:14:b6:d1:bd:70:6f:65:c3:94:
5b:56:76:e2:6d:21:ed:78:53:69:c3:db:d2:50:4c:41:05:44:
58:0d:0c:79:56:7c:5d:eb:25:1f:3d:da:8e:b4:7f:f9:41:4f:
1f:d3:07:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJunKyjdvRLIuJiPDR+yyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQwMTAyMTAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTVhYWYxNWIzMTAzM2RiYzYzYTQ3MWExN2FkNGY5YjRlYTVjYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1EN9qVm2I6Zla9/zHtaw7cFvBz4
6JPl6bGb/XlNM5PnKR493Fx+zhwI77he7TETUhFzSimXoNwTGDdKvZeweGiiza7k
4/WPkLr1p5SZB4hZMglRLYh0G5zhe1Bs3wNqMhpdKr4I8cqnUc+73PrfSf2ez3yv
0b0Yr5qYQUijEkrVt4IgzuYBL3mUscQmF/Ib8+TDyDz4mHvWWxm1YLXKWQlqXXUL
8tzY37auEnmdJto3K59f1QKXv6imBluvi6Ve4pt0XbNqp7ULCbA5+XB4IfpiS2BL
YTaAu/R/wEsiRHspRtRoj0WXHOPvlma/io1UlWP20OrkOHbHwQa/jChFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5arxWzEDPbxjpHGhetT5tOpcqpMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvWGxxdkZiTVFNOXZHT2tjYUY2MVBtMDZseXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/sTMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3RS1G6CVs18aCXgHUXT7NZ1CqMqkZTPndLxKIHH7
Rzs3yenxqcBza38T6ArKTFndUtoWs5G1fb/W0p8S4QeeE4bEpDCMP2DQIaDV7Erf
SYczuHozIwqwaMKDqLQO0qIsq/NiU3R7TqGtR+E4u/l0m0GsofZNbbrLnq8726di
S2cgXo2IdX2/TVldBlHPuGC4Xy2BxWHj5LikiPT7Ti21M4j4E3lKhxmKs4xPncQv
0KtN7LZCC2k4yGBEP1SvG0bTrR0/wiOh34/gTyyg0ocUttG9cG9lw5RbVnbibSHt
eFNpw9vSUExBBURYDQx5Vnxd6yUfPdqOtH/5QU8f0wdb
-----END CERTIFICATE-----
Generated at Sun Apr 27 23:12:18 2025 by rpki-client