Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/nNZQ67qa1MOsXZA5A5x0CcqhYkM.roa
File: nNZQ67qa1MOsXZA5A5x0CcqhYkM.roa (raw, json)
Hash identifier: bHpYnCAVRocK0MR7ovu7jwFcMvSqPqef8D937iladA8=
Subject key identifier: 9C:D6:50:EB:BA:9A:D4:C3:AC:5D:90:39:03:9C:74:09:CA:A1:62:43
Certificate issuer: /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial: 019808B4E184AD2FFF750C4B321080662B1A
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/nNZQ67qa1MOsXZA5A5x0CcqhYkM.roa
Signing time: Mon 14 Jul 2025 11:32:08 +0000
ROA not before: Mon 14 Jul 2025 11:32:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397368
IP address blocks: 45.3.32.0/20 maxlen: 20
45.3.48.0/21 maxlen: 21
65.111.0.0/19 maxlen: 19
104.167.25.0/24 maxlen: 24
104.167.26.0/23 maxlen: 23
104.207.32.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:08:b4:e1:84:ad:2f:ff:75:0c:4b:32:10:80:66:2b:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Validity
Not Before: Jul 14 11:32:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cd650ebba9ad4c3ac5d9039039c7409caa16243
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:bb:7e:8f:26:09:d0:69:2e:0b:18:46:19:cd:
4d:eb:bf:b3:ca:95:e1:5b:b0:15:4c:56:d2:41:93:
54:69:59:c6:d5:17:b3:1e:56:40:33:66:ed:3c:f7:
c0:a5:1c:b1:8d:40:89:33:85:4d:e9:60:8f:b8:78:
36:6e:84:d4:b9:03:6c:be:3f:52:34:e4:d1:0a:f0:
db:c5:75:e4:7e:67:22:36:59:14:9e:16:1a:34:48:
08:60:83:56:d4:c1:92:dd:fc:77:b9:e2:7a:c1:f7:
e2:a1:53:9a:e5:de:33:a3:86:a0:44:45:7b:4d:8f:
9e:0b:67:0b:ea:f6:27:1e:76:07:e8:be:eb:79:fb:
62:9e:4f:6d:b0:7a:4d:10:9d:54:18:25:bd:df:29:
c5:a5:a4:b4:72:71:e6:c7:fe:54:d8:7d:46:12:93:
2d:6d:de:07:47:e4:7c:4a:6e:89:e4:d3:51:58:5e:
58:87:f7:09:d3:b2:a1:1f:27:22:a4:02:08:09:93:
ca:53:b0:5a:d7:14:87:68:9a:5d:34:31:e0:7b:a7:
4d:28:d5:60:a5:83:0f:1c:17:9e:e7:51:22:6e:ad:
f9:92:69:d9:fc:10:5d:0b:ef:19:ad:9d:ec:17:f2:
7b:29:15:1a:a1:52:5e:db:a0:a7:05:d5:7c:be:0c:
ec:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:D6:50:EB:BA:9A:D4:C3:AC:5D:90:39:03:9C:74:09:CA:A1:62:43
X509v3 Authority Key Identifier:
keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/nNZQ67qa1MOsXZA5A5x0CcqhYkM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.3.32.0-45.3.55.255
65.111.0.0/19
104.167.25.0-104.167.27.255
104.207.32.0/19
Signature Algorithm: sha256WithRSAEncryption
28:89:f8:6d:e7:3f:5f:84:06:37:9a:e6:52:8d:7b:ee:8c:93:
86:c5:2f:fe:6f:cc:15:97:d4:85:dc:11:21:a5:67:ce:c7:00:
3e:8b:00:dc:dd:32:2f:89:de:b6:23:90:16:a4:48:45:54:e3:
b3:d3:be:ec:9c:25:cd:c4:88:12:1d:1c:62:14:a3:e8:09:bc:
10:f0:6b:5f:50:0f:44:7d:0b:b6:65:75:5d:4b:f2:95:6d:37:
3e:b7:f4:eb:fa:e3:25:49:19:6b:17:e5:43:b8:5d:d3:cf:15:
0f:ae:a9:74:c1:4e:ef:2a:87:05:1e:65:b8:74:2f:85:54:82:
e7:9d:3c:00:35:aa:ae:89:1a:d7:47:08:9f:20:ac:e6:4d:e3:
80:9e:f0:d5:36:92:20:a6:91:df:0d:f2:f5:50:fe:93:08:4a:
71:5d:8a:1a:51:e2:5c:25:b9:ad:03:4f:da:35:b1:1e:2e:12:
0a:7c:e3:1f:33:ce:a6:a2:68:77:2e:86:47:3e:b0:d6:22:8d:
8f:1d:19:28:57:fe:74:1a:39:43:59:14:d8:e8:54:3a:2d:22:
f6:f5:bf:6b:cc:60:ac:7e:6d:fe:39:06:1f:0c:c1:bb:8c:3c:
be:09:e3:60:f4:3f:94:d5:4a:73:13:22:8e:69:39:17:55:85:
0a:11:e9:62
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZgItOGErS//dQxLMhCAZisaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjUwNzE0MTEzMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q2NTBlYmJhOWFkNGMzYWM1ZDkwMzkwMzljNzQwOWNhYTE2MjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAort+jyYJ0GkuCxhGGc1N67+zypXh
W7AVTFbSQZNUaVnG1RezHlZAM2btPPfApRyxjUCJM4VN6WCPuHg2boTUuQNsvj9S
NOTRCvDbxXXkfmciNlkUnhYaNEgIYINW1MGS3fx3ueJ6wffioVOa5d4zo4agREV7
TY+eC2cL6vYnHnYH6L7reftink9tsHpNEJ1UGCW93ynFpaS0cnHmx/5U2H1GEpMt
bd4HR+R8Sm6J5NNRWF5Yh/cJ07KhHycipAIICZPKU7Ba1xSHaJpdNDHge6dNKNVg
pYMPHBee51Eibq35kmnZ/BBdC+8ZrZ3sF/J7KRUaoVJe26CnBdV8vgzsMwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJzWUOu6mtTDrF2QOQOcdAnKoWJDMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvbk5aUTY3cWExTU9zWFpBNUE1eDBDY3FoWWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAUtAyAD
BAMtAzADBAVBbwAwDAMEAGinGQMEAminGAMEBWjPIDANBgkqhkiG9w0BAQsFAAOC
AQEAKIn4bec/X4QGN5rmUo177oyThsUv/m/MFZfUhdwRIaVnzscAPosA3N0yL4ne
tiOQFqRIRVTjs9O+7JwlzcSIEh0cYhSj6Am8EPBrX1APRH0LtmV1XUvylW03Prf0
6/rjJUkZaxflQ7hd088VD66pdMFO7yqHBR5luHQvhVSC5508ADWqroka10cInyCs
5k3jgJ7w1TaSIKaR3w3y9VD+kwhKcV2KGlHiXCW5rQNP2jWxHi4SCnzjHzPOpqJo
dy6GRz6w1iKNjx0ZKFf+dBo5Q1kU2OhUOi0i9vW/a8xgrH5t/jkGHwzBu4w8vgnj
YPQ/lNVKcxMijmk5F1WFChHpYg==
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:28:54 2025 by rpki-client