
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa
File: AS5tjz7-t9lavn7ge4UzAESoUJY.roa (raw, json)
Hash identifier: wxaGD44DrkQ45WkHnWNV/6XsQuLatwrJTNRr1CBc/LU=
Subject key identifier: 01:2E:6D:8F:3E:FE:B7:D9:5A:BE:7E:E0:7B:85:33:00:44:A8:50:96
Certificate issuer: /CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
Certificate serial: 0197EE0621C00B00EDEF9BDDE556E4ED8577
Authority key identifier: 89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa
Signing time: Wed 09 Jul 2025 07:11:08 +0000
ROA not before: Wed 09 Jul 2025 07:11:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207059
IP address blocks: 151.216.46.0/24 maxlen: 24
2a07:bf80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ee:06:21:c0:0b:00:ed:ef:9b:dd:e5:56:e4:ed:85:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
Validity
Not Before: Jul 9 07:11:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=012e6d8f3efeb7d95abe7ee07b85330044a85096
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:c1:91:2c:18:f5:c5:8c:ac:a2:d2:f6:03:55:
0a:19:df:0a:de:f4:96:73:e5:16:11:17:7e:61:e0:
ff:16:11:94:79:f1:02:8c:60:74:2d:e1:81:fe:f7:
64:bc:07:92:6c:65:9d:f2:87:78:cd:36:49:13:35:
b5:cc:4b:db:3b:1d:4f:19:11:57:46:26:ef:77:e6:
f6:27:f6:b8:63:a6:b9:d8:dc:6d:b9:c6:d6:aa:9c:
f1:cc:63:50:12:a0:ed:a9:6a:f3:17:ad:a1:eb:ad:
37:6e:91:67:e6:4d:5e:35:db:4d:31:15:1e:99:b4:
e1:b3:fb:3a:8c:ae:53:32:79:4d:3f:f2:e8:76:9b:
f9:61:4e:71:67:bc:8b:f9:13:d6:4a:60:a7:0e:2f:
15:75:99:37:9c:23:bf:f3:35:c1:6a:2e:a0:72:93:
04:02:a3:e4:27:c6:aa:d7:80:e7:6e:3f:0c:81:ec:
79:6b:e2:c8:c9:fb:1b:e6:fc:09:38:e8:28:42:f1:
a7:ca:2b:be:a0:49:b3:b1:11:a5:f2:c3:67:ce:16:
e0:2c:23:f5:4f:db:f4:1b:90:87:40:8c:4e:01:23:
e9:77:8b:76:09:3e:ae:31:a4:87:ef:4d:d7:52:f2:
1a:eb:13:9a:87:96:9b:4e:33:c1:38:35:5a:5f:c4:
10:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:2E:6D:8F:3E:FE:B7:D9:5A:BE:7E:E0:7B:85:33:00:44:A8:50:96
X509v3 Authority Key Identifier:
keyid:89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.46.0/24
IPv6:
2a07:bf80::/32
Signature Algorithm: sha256WithRSAEncryption
76:ab:60:0e:29:4c:a3:6f:0d:13:19:d3:b6:bb:15:8c:1b:89:
7d:f7:66:f6:11:98:fd:f4:90:e1:e4:20:37:47:93:5c:dc:62:
27:6c:c8:86:3e:3c:99:e9:0a:56:52:7e:91:55:99:b8:61:01:
c9:13:50:a4:f3:88:b4:92:45:a6:63:56:0d:2b:3c:63:b5:43:
66:33:79:f3:38:d7:a7:0f:48:4b:cf:41:7d:fb:20:43:11:56:
5a:90:2b:fa:7c:89:75:90:11:92:15:24:d3:d4:8b:28:19:99:
f2:46:92:d3:77:71:5d:85:dd:34:60:a2:47:5d:7a:62:32:d1:
42:0e:48:66:f2:55:2b:0b:6e:fc:70:60:c6:ef:5a:26:7f:63:
38:46:0a:6f:7e:60:97:bc:c0:73:0b:2e:81:5a:0d:82:61:cd:
03:06:9f:6c:42:51:44:d7:a6:53:a8:3f:72:0c:6f:e5:38:bf:
e9:9d:0c:b5:1d:77:7a:a2:66:88:e4:61:f0:e8:17:8d:61:12:
0c:25:c1:d6:3b:aa:0c:11:fe:fa:54:25:ee:9e:c3:e7:68:01:
1b:a2:5a:3e:67:7a:b6:c2:82:56:19:a0:bc:ca:6f:b4:a5:8e:
ff:63:1c:64:ef:ed:2e:5d:08:8c:ca:07:09:19:83:ab:39:1e:
0b:26:27:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfuBiHACwDt75vd5Vbk7YV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MmYzZmYzYzBhMWZmYjNhZjIwZjViOTVlOGNiNjRjODgw
NDNmMzkwHhcNMjUwNzA5MDcxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTJlNmQ4ZjNlZmViN2Q5NWFiZTdlZTA3Yjg1MzMwMDQ0YTg1MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MGRLBj1xYysotL2A1UKGd8K3vSW
c+UWERd+YeD/FhGUefECjGB0LeGB/vdkvAeSbGWd8od4zTZJEzW1zEvbOx1PGRFX
Ribvd+b2J/a4Y6a52NxtucbWqpzxzGNQEqDtqWrzF62h6603bpFn5k1eNdtNMRUe
mbThs/s6jK5TMnlNP/Lodpv5YU5xZ7yL+RPWSmCnDi8VdZk3nCO/8zXBai6gcpME
AqPkJ8aq14Dnbj8Mgex5a+LIyfsb5vwJOOgoQvGnyiu+oEmzsRGl8sNnzhbgLCP1
T9v0G5CHQIxOASPpd4t2CT6uMaSH703XUvIa6xOah5abTjPBODVaX8QQ+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAEubY8+/rfZWr5+4HuFMwBEqFCWMB8GA1UdIwQY
MBaAFIkvP/PAof+zryD1uV6MtkyIBD85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQt
ZjkyMWRiNzViZGY5LzEvQVM1dGp6Ny10OWxhdm43Z2U0VXpBRVNvVUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQtZjkyMWRiNzViZGY5
LzEvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAl9guMA0E
AgACMAcDBQAqB7+AMA0GCSqGSIb3DQEBCwUAA4IBAQB2q2AOKUyjbw0TGdO2uxWM
G4l992b2EZj99JDh5CA3R5Nc3GInbMiGPjyZ6QpWUn6RVZm4YQHJE1Ck84i0kkWm
Y1YNKzxjtUNmM3nzONenD0hLz0F9+yBDEVZakCv6fIl1kBGSFSTT1IsoGZnyRpLT
d3Fdhd00YKJHXXpiMtFCDkhm8lUrC278cGDG71omf2M4RgpvfmCXvMBzCy6BWg2C
Yc0DBp9sQlFE16ZTqD9yDG/lOL/pnQy1HXd6omaI5GHw6BeNYRIMJcHWO6oMEf76
VCXunsPnaAEbolo+Z3q2woJWGaC8ym+0pY7/Yxxk7+0uXQiMygcJGYOrOR4LJie6
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:13:58 2025 by rpki-client