Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/T5uF4BBVeFQeC5sBefEPsikTW1s.roa
File: T5uF4BBVeFQeC5sBefEPsikTW1s.roa (raw, json)
Hash identifier: Fxyd96i8AEwmIDsOCJ28n1AY2qUoWNZYGdPiuJwtgX4=
Subject key identifier: 4F:9B:85:E0:10:55:78:54:1E:0B:9B:01:79:F1:0F:B2:29:13:5B:5B
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0196429A9E0369FD01CD050C2F04F7F2721F
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/T5uF4BBVeFQeC5sBefEPsikTW1s.roa
Signing time: Thu 17 Apr 2025 07:15:51 +0000
ROA not before: Thu 17 Apr 2025 07:15:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44477
IP address blocks: 94.131.2.0/24 maxlen: 24
94.131.2.0/32 maxlen: 32
94.131.3.0/24 maxlen: 24
94.131.3.0/32 maxlen: 32
94.131.100.0/24 maxlen: 24
94.131.101.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.103.0/24 maxlen: 24
94.131.104.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.109.0/24 maxlen: 24
94.131.110.0/24 maxlen: 24
94.131.111.0/24 maxlen: 24
95.164.0.0/22 maxlen: 24
95.164.4.0/22 maxlen: 24
95.164.8.0/22 maxlen: 24
95.164.16.0/22 maxlen: 24
95.164.19.0/32 maxlen: 32
95.164.21.0/24 maxlen: 24
95.164.22.0/24 maxlen: 24
95.164.23.0/24 maxlen: 24
95.164.32.0/21 maxlen: 24
95.164.44.0/22 maxlen: 24
95.164.51.0/24 maxlen: 24
95.164.60.0/22 maxlen: 24
95.164.68.0/24 maxlen: 24
95.164.69.0/24 maxlen: 24
95.164.84.0/22 maxlen: 24
95.164.88.0/24 maxlen: 24
95.164.89.0/24 maxlen: 24
95.164.112.0/21 maxlen: 24
95.164.114.0/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:42:9a:9e:03:69:fd:01:cd:05:0c:2f:04:f7:f2:72:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Apr 17 07:15:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f9b85e0105578541e0b9b0179f10fb229135b5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:af:fd:3c:d5:13:ef:f5:09:ee:1e:4d:a0:34:
63:ca:46:e1:3a:cf:4b:e8:1a:2a:8e:92:66:d1:5d:
98:e0:e9:3a:56:58:1c:2d:ac:b5:3e:43:f0:20:84:
60:3f:61:d1:8a:53:a3:b4:ee:63:c6:dd:6a:41:9d:
7b:2e:d2:3e:2e:c3:cb:79:cf:95:fb:b0:cb:94:c5:
41:2d:31:54:62:71:eb:b7:3e:5b:ae:44:aa:ca:49:
00:24:73:28:92:bc:b6:6a:2f:e4:f0:77:05:73:a7:
af:ef:36:14:81:6c:d5:dd:6f:8b:9e:49:95:58:e9:
18:f3:08:1a:32:80:a1:82:51:6f:76:25:a8:2f:fd:
9b:19:e7:83:f2:f4:18:e4:ff:a4:58:45:1d:85:47:
cf:60:5f:4a:25:98:b4:59:9f:b5:11:6a:02:8e:11:
43:66:df:49:01:e1:e3:a6:cd:01:46:27:72:96:ba:
43:bb:9f:f6:5c:8e:99:e2:09:f5:3c:29:e6:f6:7e:
7d:49:78:59:1e:f2:b3:49:2e:ce:c5:41:93:00:f8:
a5:23:d8:77:f5:7c:7d:05:ea:5f:fb:2e:0f:f5:3c:
5b:17:58:ba:60:55:36:fc:a4:1f:94:6e:ed:84:07:
1e:e4:83:54:10:09:64:c3:14:6a:6b:82:1b:2e:2f:
78:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:9B:85:E0:10:55:78:54:1E:0B:9B:01:79:F1:0F:B2:29:13:5B:5B
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/T5uF4BBVeFQeC5sBefEPsikTW1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.100.0-94.131.111.255
95.164.0.0-95.164.11.255
95.164.16.0/22
95.164.21.0-95.164.23.255
95.164.32.0/21
95.164.44.0/22
95.164.51.0/24
95.164.60.0/22
95.164.68.0/23
95.164.84.0-95.164.89.255
95.164.112.0/21
Signature Algorithm: sha256WithRSAEncryption
4a:15:7d:af:a6:55:b7:c8:c8:c8:01:76:4e:e4:dc:22:8d:db:
a9:da:0b:b9:6d:81:95:7e:57:e7:51:93:32:79:83:f0:48:38:
cb:a3:93:1a:9f:60:9f:ab:7f:56:da:58:c1:0e:c4:e6:63:df:
09:3b:61:99:8f:a3:89:ba:3b:7f:02:a2:c3:6c:76:89:14:21:
56:7c:51:fb:b9:5d:00:d1:c2:f2:8f:91:3c:75:a6:15:9d:49:
00:01:e6:da:32:cc:49:73:27:f9:ba:e4:e5:02:20:10:31:5f:
9c:49:03:76:a2:e7:17:d2:ca:a1:d6:db:fc:95:99:93:42:4d:
c1:5f:25:71:28:cb:4d:e5:b2:02:8b:a7:be:58:c0:b8:a5:4a:
7e:73:66:f5:7b:58:68:a9:c4:15:9b:92:85:33:d7:36:58:e9:
09:4d:1b:bc:30:31:e4:b5:98:fb:a9:c6:51:52:e0:d6:70:c7:
09:82:5d:5a:2b:6e:d8:b5:f9:2a:44:b5:cd:dc:77:95:93:1f:
a9:87:f4:85:29:7e:a0:a9:11:6a:36:f4:55:73:92:f4:ef:1b:
5f:05:ab:de:8c:77:08:86:a4:eb:5d:d7:1f:86:ba:78:a4:49:
10:b2:de:0e:72:28:ed:fc:9d:0f:2a:c3:65:ab:dd:4e:3d:87:
ce:0c:53:61
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAZZCmp4Daf0BzQUMLwT38nIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNDE3MDcxNTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjliODVlMDEwNTU3ODU0MWUwYjliMDE3OWYxMGZiMjI5MTM1YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza/9PNUT7/UJ7h5NoDRjykbhOs9L
6BoqjpJm0V2Y4Ok6VlgcLay1PkPwIIRgP2HRilOjtO5jxt1qQZ17LtI+LsPLec+V
+7DLlMVBLTFUYnHrtz5brkSqykkAJHMokry2ai/k8HcFc6ev7zYUgWzV3W+LnkmV
WOkY8wgaMoChglFvdiWoL/2bGeeD8vQY5P+kWEUdhUfPYF9KJZi0WZ+1EWoCjhFD
Zt9JAeHjps0BRidylrpDu5/2XI6Z4gn1PCnm9n59SXhZHvKzSS7OxUGTAPilI9h3
9Xx9Bepf+y4P9TxbF1i6YFU2/KQflG7thAce5INUEAlkwxRqa4IbLi94TwIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFE+bheAQVXhUHgubAXnxD7IpE1tbMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvVDV1RjRCQlZlRlFlQzVzQmVmRVBzaWtUVzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wbQQCAAEwZwMEAV6DAjAM
AwQCXoNkAwQEXoNgMAsDAwJfpAMEAl+kCAMEAl+kEDAMAwQAX6QVAwQDX6QQAwQD
X6QgAwQCX6QsAwQAX6QzAwQCX6Q8AwQBX6REMAwDBAJfpFQDBAFfpFgDBANfpHAw
DQYJKoZIhvcNAQELBQADggEBAEoVfa+mVbfIyMgBdk7k3CKN26naC7ltgZV+V+dR
kzJ5g/BIOMujkxqfYJ+rf1baWMEOxOZj3wk7YZmPo4m6O38CosNsdokUIVZ8Ufu5
XQDRwvKPkTx1phWdSQAB5toyzElzJ/m65OUCIBAxX5xJA3ai5xfSyqHW2/yVmZNC
TcFfJXEoy03lsgKLp75YwLilSn5zZvV7WGipxBWbkoUz1zZY6QlNG7wwMeS1mPup
xlFS4NZwxwmCXVorbti1+SpEtc3cd5WTH6mH9IUpfqCpEWo29FVzkvTvG18Fq96M
dwiGpOtd1x+GunikSRCy3g5yKO38nQ8qw2Wr3U49h84MU2E=
-----END CERTIFICATE-----
Generated at Mon May 5 21:36:41 2025 by rpki-client