Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u_gsK55P7IXzzWgbKLuArUdmhWY.roa
File: u_gsK55P7IXzzWgbKLuArUdmhWY.roa (raw, json)
Hash identifier: 8Yko6Fk4IRM8zIxdb0lc40DBrpEcFpg3ogtVolTZaoQ=
Subject key identifier: BB:F8:2C:2B:9E:4F:EC:85:F3:CD:68:1B:28:BB:80:AD:47:66:85:66
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428250AEB7F5BE7FF1C7176651A3700C3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u_gsK55P7IXzzWgbKLuArUdmhWY.roa
Signing time: Thu 02 Jan 2025 17:51:43 +0000
ROA not before: Thu 02 Jan 2025 17:51:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211557
IP address blocks: 185.72.9.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:0a:eb:7f:5b:e7:ff:1c:71:76:65:1a:37:00:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bbf82c2b9e4fec85f3cd681b28bb80ad47668566
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:8b:86:82:8e:fc:96:61:4d:03:84:20:e6:b2:
98:3a:a9:15:b1:fa:45:e2:73:99:b8:f0:a8:96:6a:
37:6c:e8:b8:c0:d2:70:da:57:3d:4d:b0:c3:c2:ad:
87:7f:9d:15:a4:b7:a0:b5:52:3e:84:78:a6:94:b0:
f5:d3:e2:32:80:2f:91:e5:95:49:f3:d0:85:09:2f:
3b:2c:28:fc:84:dc:2b:55:1d:61:09:ba:ba:75:c8:
55:7d:06:f2:66:28:63:8d:8a:d5:21:bd:35:c1:39:
b7:07:20:93:a5:3d:4a:4f:d4:05:b7:93:88:c8:e0:
83:d6:02:f1:a3:d8:b3:c4:79:65:6f:15:f8:7d:f0:
5a:8e:e8:d1:74:bd:5d:c7:ae:74:b4:a5:5e:14:57:
68:6f:55:01:0e:d3:70:35:a6:b5:2b:0c:df:4e:f3:
64:05:3f:28:16:29:2a:79:81:31:fc:ad:f1:92:a3:
a7:22:e3:0c:51:af:0a:7e:45:7a:43:2f:28:16:13:
e0:4a:0e:ed:b7:f2:58:16:9a:5e:72:5a:52:90:4a:
73:e3:b7:e4:22:74:fd:0e:82:2f:64:ae:0f:33:ef:
0f:81:81:7d:0f:aa:c1:8e:b3:04:d5:d4:6e:ae:e7:
c0:7f:be:b1:28:93:88:74:fd:2b:5f:36:8a:af:68:
1e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:F8:2C:2B:9E:4F:EC:85:F3:CD:68:1B:28:BB:80:AD:47:66:85:66
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u_gsK55P7IXzzWgbKLuArUdmhWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.9.0/24
Signature Algorithm: sha256WithRSAEncryption
07:38:d8:ec:5d:de:7c:6f:1d:a4:d1:6a:e3:bb:66:e3:cd:eb:
76:4f:ee:f6:69:96:72:a8:6d:cf:f8:fc:a3:80:0c:8b:7f:fe:
ab:dc:62:99:a8:39:50:19:a2:24:4f:9c:5f:c6:05:7c:c9:81:
a5:39:1b:76:d8:e1:a4:e5:3b:a1:24:ed:f5:7c:e3:24:88:b3:
6f:c4:ab:c8:3b:45:1f:84:ad:dc:4b:10:2a:6a:de:ff:aa:9e:
57:8a:1d:2c:b2:90:4b:0e:cb:46:91:0d:5f:45:87:77:8f:fe:
01:9b:e9:4a:fe:8b:cc:79:c4:7a:ef:30:d3:62:02:7a:54:0f:
4d:11:a2:86:0d:01:ea:a8:b6:03:e6:57:26:98:89:cd:0c:76:
be:df:ec:af:a8:ea:34:34:2f:77:e7:33:00:c6:10:04:22:d8:
da:56:d2:28:73:66:58:1d:5a:ea:ad:f4:be:35:ff:17:6d:76:
34:f5:5f:32:11:26:7a:5d:ad:2d:50:bf:8e:68:ab:e8:fe:b3:
c2:71:06:34:4e:2d:52:cd:cd:8b:46:ce:59:f6:10:1e:a4:c7:
18:ac:ab:cb:6e:3d:bf:79:b6:75:92:4f:66:e2:b1:5b:0b:f5:
c9:d3:e2:f8:4b:f4:63:fb:bf:89:39:0d:fa:47:c8:ed:26:04:
ed:2b:07:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQrrf1vn/xxxdmUaNwDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmY4MmMyYjllNGZlYzg1ZjNjZDY4MWIyOGJiODBhZDQ3NjY4NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4uGgo78lmFNA4Qg5rKYOqkVsfpF
4nOZuPColmo3bOi4wNJw2lc9TbDDwq2Hf50VpLegtVI+hHimlLD10+IygC+R5ZVJ
89CFCS87LCj8hNwrVR1hCbq6dchVfQbyZihjjYrVIb01wTm3ByCTpT1KT9QFt5OI
yOCD1gLxo9izxHllbxX4ffBajujRdL1dx650tKVeFFdob1UBDtNwNaa1KwzfTvNk
BT8oFikqeYEx/K3xkqOnIuMMUa8KfkV6Qy8oFhPgSg7tt/JYFppeclpSkEpz47fk
InT9DoIvZK4PM+8PgYF9D6rBjrME1dRurufAf76xKJOIdP0rXzaKr2geuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLv4LCueT+yF881oGyi7gK1HZoVmMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdV9nc0s1NVA3SVh6eldnYktMdUFyVWRtaFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgJMA0G
CSqGSIb3DQEBCwUAA4IBAQAHONjsXd58bx2k0Wrju2bjzet2T+72aZZyqG3P+Pyj
gAyLf/6r3GKZqDlQGaIkT5xfxgV8yYGlORt22OGk5TuhJO31fOMkiLNvxKvIO0Uf
hK3cSxAqat7/qp5Xih0sspBLDstGkQ1fRYd3j/4Bm+lK/ovMecR67zDTYgJ6VA9N
EaKGDQHqqLYD5lcmmInNDHa+3+yvqOo0NC935zMAxhAEItjaVtIoc2ZYHVrqrfS+
Nf8XbXY09V8yESZ6Xa0tUL+OaKvo/rPCcQY0Ti1Szc2LRs5Z9hAepMcYrKvLbj2/
ebZ1kk9m4rFbC/XJ0+L4S/Rj+7+JOQ36R8jtJgTtKwdu
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:24:48 2025 by rpki-client