Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/o2459HtQvVZ76vghhPjJin7GosU.roa
File: o2459HtQvVZ76vghhPjJin7GosU.roa (raw, json)
Hash identifier: N4gBpyahr63VJPlp36pTMdEKr7LDQ11rq8qDPOHUaaU=
Subject key identifier: A3:6E:39:F4:7B:50:BD:56:7B:EA:F8:21:84:F8:C9:8A:7E:C6:A2:C5
Certificate issuer: /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial: 018B1B8754586DC2029139B822A7393B89F4
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/o2459HtQvVZ76vghhPjJin7GosU.roa
Signing time: Tue 10 Oct 2023 21:38:55 +0000
ROA not before: Tue 10 Oct 2023 21:38:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 94.199.7.0/24 maxlen: 24
5.181.15.0/24 maxlen: 24
5.181.12.0/24 maxlen: 24
5.181.14.0/24 maxlen: 24
5.181.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:1b:87:54:58:6d:c2:02:91:39:b8:22:a7:39:3b:89:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Validity
Not Before: Oct 10 21:38:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a36e39f47b50bd567beaf82184f8c98a7ec6a2c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:73:ad:66:88:44:b0:c7:4a:7d:0a:c0:d6:3d:
cf:15:13:f1:be:1e:dd:bf:99:70:d3:1f:29:c4:60:
d4:ea:7e:85:93:c6:24:7a:20:91:7b:12:48:c7:a1:
ae:72:40:69:66:de:d1:d5:a9:62:f4:2b:1f:50:ce:
42:9f:ad:55:94:a4:b2:c6:95:fe:56:78:0f:73:de:
e7:56:41:fa:cd:d7:9f:8c:e5:e5:df:9b:35:51:9c:
4d:a5:22:c7:76:fa:1e:2b:a6:42:d9:37:3b:72:ba:
c6:3c:62:87:82:93:b9:10:53:b7:6a:54:89:96:0a:
73:3c:be:32:fa:a2:32:92:d9:81:16:ae:59:bc:b5:
07:67:e8:13:91:4c:be:ad:8d:ba:d5:e9:4d:f4:96:
21:fb:c9:34:04:b9:4f:65:62:2a:96:37:49:a8:a0:
4e:1a:7a:64:5d:d3:5c:36:cb:7e:da:b3:98:09:96:
91:d8:da:ae:47:6a:3c:9c:43:65:df:a9:9b:76:35:
ad:cb:e9:bd:dc:43:6d:e4:49:26:b2:3e:15:dd:5f:
27:a3:bc:bc:0e:2f:72:38:9c:d2:2a:00:8e:ec:a4:
5e:b1:ad:f9:05:fc:50:30:41:1f:2f:91:e4:61:38:
66:80:65:58:32:d5:15:6f:09:ac:a7:31:c3:62:cf:
98:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:6E:39:F4:7B:50:BD:56:7B:EA:F8:21:84:F8:C9:8A:7E:C6:A2:C5
X509v3 Authority Key Identifier:
keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/o2459HtQvVZ76vghhPjJin7GosU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.12.0/22
94.199.7.0/24
Signature Algorithm: sha256WithRSAEncryption
a8:67:dd:f2:df:85:54:6a:61:6d:29:1c:64:3c:f7:63:a9:c8:
1e:a7:e5:11:eb:4a:1a:2f:e3:23:61:e0:02:ae:70:6e:c0:95:
02:6b:80:60:d1:cd:bf:a6:8d:06:26:0f:df:fd:ce:2c:86:ea:
60:d6:6d:2f:ff:79:d0:2f:1f:53:90:55:c4:ab:eb:9f:16:80:
50:1d:27:31:10:93:50:5b:48:63:69:4b:76:49:a1:37:3c:38:
45:ee:9d:e5:8d:e5:1c:df:aa:5f:5e:14:70:0c:c1:93:05:d5:
30:9f:c3:4b:3f:70:84:53:4a:62:e2:a3:0a:68:7e:fb:b6:f6:
d0:f1:d7:51:5d:02:37:88:cb:b0:83:82:31:dd:26:d6:ae:d3:
b3:49:61:e4:e0:ef:52:11:70:f4:80:80:b4:21:a0:49:6a:6d:
7d:f2:1a:66:2d:f5:6f:ad:e3:f4:ee:bb:91:05:f8:4c:38:04:
de:2d:5f:e5:86:b0:01:2a:ce:80:77:b0:38:5f:5e:7b:f1:b1:
33:97:14:e3:e2:8c:5a:23:9f:80:d4:bf:16:cb:63:87:b6:06:
39:07:7f:66:cf:02:7a:c9:7d:19:cb:e3:7a:8a:e7:f8:fd:cc:
a0:75:a1:2a:09:86:24:2a:69:a5:05:e4:df:0f:5e:88:fd:33:
2c:08:11:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYsbh1RYbcICkTm4Iqc5O4n0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjMxMDEwMjEzODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzZlMzlmNDdiNTBiZDU2N2JlYWY4MjE4NGY4Yzk4YTdlYzZhMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonOtZohEsMdKfQrA1j3PFRPxvh7d
v5lw0x8pxGDU6n6Fk8YkeiCRexJIx6GuckBpZt7R1ali9CsfUM5Cn61VlKSyxpX+
VngPc97nVkH6zdefjOXl35s1UZxNpSLHdvoeK6ZC2Tc7crrGPGKHgpO5EFO3alSJ
lgpzPL4y+qIyktmBFq5ZvLUHZ+gTkUy+rY261elN9JYh+8k0BLlPZWIqljdJqKBO
GnpkXdNcNst+2rOYCZaR2NquR2o8nENl36mbdjWty+m93ENt5Ekmsj4V3V8no7y8
Di9yOJzSKgCO7KResa35BfxQMEEfL5HkYThmgGVYMtUVbwmspzHDYs+YPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKNuOfR7UL1We+r4IYT4yYp+xqLFMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvbzI0NTlIdFF2Vlo3NnZnaGhQakppbjdHb3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbUMAwQA
XscHMA0GCSqGSIb3DQEBCwUAA4IBAQCoZ93y34VUamFtKRxkPPdjqcgep+UR60oa
L+MjYeACrnBuwJUCa4Bg0c2/po0GJg/f/c4shupg1m0v/3nQLx9TkFXEq+ufFoBQ
HScxEJNQW0hjaUt2SaE3PDhF7p3ljeUc36pfXhRwDMGTBdUwn8NLP3CEU0pi4qMK
aH77tvbQ8ddRXQI3iMuwg4Ix3SbWrtOzSWHk4O9SEXD0gIC0IaBJam198hpmLfVv
reP07ruRBfhMOATeLV/lhrABKs6Ad7A4X1578bEzlxTj4oxaI5+A1L8Wy2OHtgY5
B39mzwJ6yX0Zy+N6iuf4/cygdaEqCYYkKmmlBeTfD16I/TMsCBED
-----END CERTIFICATE-----
Generated at Mon Apr 28 12:37:42 2025 by rpki-client