Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/32441e-5e9b-4a32-8cc4-1eb75bb68233/1/b_KVKwZRR9qO2rEyeUchnPlC6cQ.roa
File: b_KVKwZRR9qO2rEyeUchnPlC6cQ.roa (raw, json)
Hash identifier: Z3eAI08cw5rJ7QTBMYh6EG5zwd9t+P85CFRu7MY7FrE=
Subject key identifier: 6F:F2:95:2B:06:51:47:DA:8E:DA:B1:32:79:47:21:9C:F9:42:E9:C4
Certificate issuer: /CN=f97f69ed26c2e4687dbab2e6c6cca88d17c4c332
Certificate serial: 019420D65DBEB5600190C72A2877FFA74ADD
Authority key identifier: F9:7F:69:ED:26:C2:E4:68:7D:BA:B2:E6:C6:CC:A8:8D:17:C4:C3:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-X9p7SbC5Gh9urLmxsyojRfEwzI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/32441e-5e9b-4a32-8cc4-1eb75bb68233/1/b_KVKwZRR9qO2rEyeUchnPlC6cQ.roa
Signing time: Wed 01 Jan 2025 07:48:27 +0000
ROA not before: Wed 01 Jan 2025 07:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47347
IP address blocks: 79.142.32.0/22 maxlen: 22
2a01:7b40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:5d:be:b5:60:01:90:c7:2a:28:77:ff:a7:4a:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f97f69ed26c2e4687dbab2e6c6cca88d17c4c332
Validity
Not Before: Jan 1 07:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ff2952b065147da8edab1327947219cf942e9c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:17:1a:6f:80:1d:14:94:ad:96:f3:a5:be:27:
20:c1:88:b4:fa:0e:f8:dc:64:0b:ef:30:5f:ea:c7:
4a:10:3b:d6:5e:87:5c:cb:1b:7d:ed:9e:7b:1c:df:
79:14:77:3a:5a:db:d6:95:b0:b5:07:cf:a1:fb:94:
ff:76:cf:01:8c:67:99:12:25:16:ea:08:80:85:78:
05:75:bc:a0:29:4e:8c:26:ab:58:b1:cb:67:ff:02:
32:70:0b:24:7b:f6:26:51:26:2c:9a:52:1e:6a:68:
cd:fb:a0:44:d7:6e:15:75:67:bb:47:bd:76:62:f4:
3c:cb:bc:5d:52:dc:94:ba:20:68:38:51:fe:a0:39:
31:de:70:4f:05:5b:65:b3:dd:42:b7:86:83:e7:cc:
98:fa:99:6a:27:c4:aa:b2:70:02:ba:3b:cd:dd:18:
b9:22:06:51:2f:92:29:ab:0c:8e:e6:88:d0:93:b0:
f0:23:9d:08:26:5e:9d:42:fe:0d:28:4a:15:38:14:
93:24:18:86:bb:8a:71:4c:17:73:ba:33:9c:c5:6e:
a4:5c:6a:0a:d2:b2:ff:35:d2:9a:3e:ac:a0:62:77:
fe:e7:59:f2:48:c6:c9:9b:73:ce:4c:bc:b6:dc:08:
cb:5d:58:89:c7:91:c0:78:e8:2b:80:06:3c:a9:e1:
25:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:F2:95:2B:06:51:47:DA:8E:DA:B1:32:79:47:21:9C:F9:42:E9:C4
X509v3 Authority Key Identifier:
keyid:F9:7F:69:ED:26:C2:E4:68:7D:BA:B2:E6:C6:CC:A8:8D:17:C4:C3:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-X9p7SbC5Gh9urLmxsyojRfEwzI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32441e-5e9b-4a32-8cc4-1eb75bb68233/1/b_KVKwZRR9qO2rEyeUchnPlC6cQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32441e-5e9b-4a32-8cc4-1eb75bb68233/1/1-X9p7SbC5Gh9urLmxsyojRfEwzI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.142.32.0/22
IPv6:
2a01:7b40::/32
Signature Algorithm: sha256WithRSAEncryption
5f:19:7f:2e:bb:4a:bc:c3:29:2f:df:a1:ee:78:92:25:6a:ab:
24:94:b7:89:e5:c4:7e:9e:c3:bc:22:eb:37:d7:be:89:08:c9:
15:dc:26:49:a2:2d:78:3b:07:21:8b:64:da:d4:bf:19:1b:37:
c4:75:8c:0f:3c:61:44:71:cf:5e:1b:29:90:a7:2f:81:3b:55:
93:c4:2e:2c:a8:7a:d7:da:01:db:77:84:01:94:49:c3:f0:30:
cd:4f:0a:cb:51:20:b4:6e:94:62:ef:7a:17:a4:35:48:da:5c:
a3:e0:a2:a4:5d:1d:40:fd:25:fa:7b:85:bb:59:a1:c5:80:83:
51:bc:0c:13:f0:5b:da:0e:32:bb:98:0b:ab:44:83:d0:63:8b:
8a:c4:ce:34:03:39:7c:d9:54:35:50:db:50:29:03:f6:aa:e1:
80:5e:60:5d:0f:4d:7f:7e:0e:af:5e:8d:ab:d7:26:f9:32:42:
4a:33:3c:24:32:ce:05:71:50:fe:89:69:7e:34:c3:32:00:c0:
33:04:e8:2b:97:ac:f0:44:e8:29:74:5c:0a:1b:72:c6:8e:b6:
9e:ca:3c:d9:75:2a:cb:51:ca:77:d1:3c:95:ff:96:f0:f8:17:
fb:49:30:80:45:1c:11:51:75:f5:4a:17:28:0c:15:d0:ce:16:
dc:27:a8:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1l2+tWABkMcqKHf/p0rdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2Y2OWVkMjZjMmU0Njg3ZGJhYjJlNmM2Y2NhODhkMTdj
NGMzMzIwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYyOTUyYjA2NTE0N2RhOGVkYWIxMzI3OTQ3MjE5Y2Y5NDJlOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Bcab4AdFJStlvOlvicgwYi0+g74
3GQL7zBf6sdKEDvWXodcyxt97Z57HN95FHc6WtvWlbC1B8+h+5T/ds8BjGeZEiUW
6giAhXgFdbygKU6MJqtYsctn/wIycAske/YmUSYsmlIeamjN+6BE124VdWe7R712
YvQ8y7xdUtyUuiBoOFH+oDkx3nBPBVtls91Ct4aD58yY+plqJ8SqsnACujvN3Ri5
IgZRL5IpqwyO5ojQk7DwI50IJl6dQv4NKEoVOBSTJBiGu4pxTBdzujOcxW6kXGoK
0rL/NdKaPqygYnf+51nySMbJm3POTLy23AjLXViJx5HAeOgrgAY8qeElOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG/ylSsGUUfajtqxMnlHIZz5QunEMB8GA1UdIwQY
MBaAFPl/ae0mwuRofbqy5sbMqI0XxMMyMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YOXA3U2JDNUdoOXVyTG14c3lvalJmRXd6SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYvMzI0NDFlLTVlOWItNGEzMi04Y2M0
LTFlYjc1YmI2ODIzMy8xL2JfS1ZLd1pSUjlxTzJyRXllVWNoblBsQzZjUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvMzI0NDFlLTVlOWItNGEzMi04Y2M0LTFlYjc1YmI2ODIz
My8xLzEtWDlwN1NiQzVHaDl1ckxteHN5b2pSZkV3ekkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAJPjiAw
DQQCAAIwBwMFACoBe0AwDQYJKoZIhvcNAQELBQADggEBAF8Zfy67SrzDKS/foe54
kiVqqySUt4nlxH6ew7wi6zfXvokIyRXcJkmiLXg7ByGLZNrUvxkbN8R1jA88YURx
z14bKZCnL4E7VZPELiyoetfaAdt3hAGUScPwMM1PCstRILRulGLvehekNUjaXKPg
oqRdHUD9Jfp7hbtZocWAg1G8DBPwW9oOMruYC6tEg9Bji4rEzjQDOXzZVDVQ21Ap
A/aq4YBeYF0PTX9+Dq9ejavXJvkyQkozPCQyzgVxUP6JaX40wzIAwDME6CuXrPBE
6Cl0XAobcsaOtp7KPNl1KstRynfRPJX/lvD4F/tJMIBFHBFRdfVKFygMFdDOFtwn
qCQ=
-----END CERTIFICATE-----
Generated at Tue Apr 22 01:28:51 2025 by rpki-client