Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f9684e-09e2-49cc-851d-af4c06f31aff/1/K7qUHVbHrgEA8o0G5YAGjNK9BcA.roa
File: K7qUHVbHrgEA8o0G5YAGjNK9BcA.roa (raw, json)
Hash identifier: +Tu4FaWH3iqSuXMwdWZPGGhJ3wRagjNFWtSCLvVVwvc=
Subject key identifier: 2B:BA:94:1D:56:C7:AE:01:00:F2:8D:06:E5:80:06:8C:D2:BD:05:C0
Certificate issuer: /CN=2cb4291df97963c5a9b732b1396f0f1c887504d6
Certificate serial: 0194221FD97A43DE4835C3088269372DD0A1
Authority key identifier: 2C:B4:29:1D:F9:79:63:C5:A9:B7:32:B1:39:6F:0F:1C:88:75:04:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LLQpHfl5Y8WptzKxOW8PHIh1BNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/f9684e-09e2-49cc-851d-af4c06f31aff/1/K7qUHVbHrgEA8o0G5YAGjNK9BcA.roa
Signing time: Wed 01 Jan 2025 13:48:20 +0000
ROA not before: Wed 01 Jan 2025 13:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8829
IP address blocks: 109.204.136.0/21 maxlen: 21
109.204.144.0/20 maxlen: 20
109.204.168.0/21 maxlen: 21
109.204.192.0/18 maxlen: 18
2a00:8780::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:d9:7a:43:de:48:35:c3:08:82:69:37:2d:d0:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2cb4291df97963c5a9b732b1396f0f1c887504d6
Validity
Not Before: Jan 1 13:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2bba941d56c7ae0100f28d06e580068cd2bd05c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:cf:bb:0f:3e:92:c0:d6:bc:5e:06:3e:d2:9a:
83:2c:8c:08:55:1b:73:5d:6c:e2:12:54:00:cf:30:
dc:8e:9f:9b:34:64:52:ae:32:45:88:45:ac:6c:8d:
d5:33:df:83:05:19:03:17:70:79:72:9b:32:78:48:
75:7c:9f:af:bf:1e:05:cb:d9:08:73:1c:0c:cb:ea:
9c:0d:d1:b0:33:a7:60:15:49:a4:c6:4e:d0:00:1b:
60:aa:1b:8f:47:4f:b2:5d:ba:0e:bc:b7:ae:3d:d2:
6d:fe:a8:3f:be:ff:1d:d1:bd:18:8d:e0:65:1b:1a:
ba:1e:af:3c:e6:83:6c:2f:11:24:05:b2:11:75:5d:
ec:15:86:b7:0d:29:6d:5a:d8:74:57:42:c4:e0:bd:
c0:fc:ae:e3:63:ff:90:02:bd:3b:27:49:43:55:98:
56:86:54:12:ff:bc:8f:87:be:be:87:18:48:cf:0d:
2f:c7:5d:0c:f9:63:72:dd:a1:1f:df:d1:e1:b6:f5:
60:b4:01:a9:1e:46:04:7a:ec:08:96:b5:a2:35:9f:
e9:d1:64:c6:0e:a0:29:b0:17:3a:6a:e6:86:fb:21:
24:ad:e6:2b:61:b2:97:bc:de:79:b7:f7:2c:97:d6:
7c:2c:7d:aa:8e:41:49:d9:ca:b7:40:a7:4f:17:bc:
5b:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:BA:94:1D:56:C7:AE:01:00:F2:8D:06:E5:80:06:8C:D2:BD:05:C0
X509v3 Authority Key Identifier:
keyid:2C:B4:29:1D:F9:79:63:C5:A9:B7:32:B1:39:6F:0F:1C:88:75:04:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LLQpHfl5Y8WptzKxOW8PHIh1BNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f9684e-09e2-49cc-851d-af4c06f31aff/1/K7qUHVbHrgEA8o0G5YAGjNK9BcA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f9684e-09e2-49cc-851d-af4c06f31aff/1/LLQpHfl5Y8WptzKxOW8PHIh1BNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.204.136.0-109.204.159.255
109.204.168.0/21
109.204.192.0/18
IPv6:
2a00:8780::/32
Signature Algorithm: sha256WithRSAEncryption
05:a6:1d:eb:cd:60:87:52:f5:fc:5b:35:94:f6:8e:86:27:fa:
c2:07:32:40:fa:ec:33:1b:7c:68:10:28:30:3f:66:6e:0d:bb:
27:04:b6:bb:5f:7f:1c:14:9a:bd:93:c8:bd:9c:55:81:82:ee:
b5:2e:34:c5:22:9d:43:14:fc:6c:62:72:66:a1:2a:1e:4f:11:
6e:d1:72:f9:77:47:5f:c5:d5:9e:0e:e5:6b:3e:5a:9b:51:2a:
80:8a:56:01:85:4d:e9:0e:32:03:29:55:7a:56:be:0a:a7:e0:
9e:61:00:9f:d8:97:a6:80:db:0e:05:06:d4:00:3f:0f:1b:12:
84:b2:05:f3:be:47:f9:1b:6e:b5:64:a9:bf:97:fb:48:0a:bc:
55:ad:05:d8:38:15:82:b1:bc:8f:8f:bd:b2:d7:de:23:dc:96:
fd:8d:a2:ef:5f:0b:53:fd:a8:21:36:07:e9:ba:c8:2d:5b:47:
e6:be:49:48:32:b2:e4:2a:09:42:d6:58:3a:b5:af:84:70:ce:
68:9f:93:02:57:c5:6f:4a:fa:2a:7d:fc:3b:01:f6:6c:e1:a4:
61:d4:eb:78:15:54:06:b5:c3:59:95:de:c9:07:7f:64:14:15:
89:4e:2d:e2:88:5a:c1:c7:2c:3e:69:bf:53:7c:85:99:72:85:
a7:8d:47:e4
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQiH9l6Q95INcMIgmk3LdChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYjQyOTFkZjk3OTYzYzVhOWI3MzJiMTM5NmYwZjFjODg3
NTA0ZDYwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmJhOTQxZDU2YzdhZTAxMDBmMjhkMDZlNTgwMDY4Y2QyYmQwNWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc+7Dz6SwNa8XgY+0pqDLIwIVRtz
XWziElQAzzDcjp+bNGRSrjJFiEWsbI3VM9+DBRkDF3B5cpsyeEh1fJ+vvx4Fy9kI
cxwMy+qcDdGwM6dgFUmkxk7QABtgqhuPR0+yXboOvLeuPdJt/qg/vv8d0b0YjeBl
Gxq6Hq885oNsLxEkBbIRdV3sFYa3DSltWth0V0LE4L3A/K7jY/+QAr07J0lDVZhW
hlQS/7yPh76+hxhIzw0vx10M+WNy3aEf39HhtvVgtAGpHkYEeuwIlrWiNZ/p0WTG
DqApsBc6auaG+yEkreYrYbKXvN55t/csl9Z8LH2qjkFJ2cq3QKdPF7xblwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFCu6lB1Wx64BAPKNBuWABozSvQXAMB8GA1UdIwQY
MBaAFCy0KR35eWPFqbcysTlvDxyIdQTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTExRcEhmbDVZOFdwdHpLeE9XOFBISWgxQk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mOTY4NGUtMDllMi00OWNjLTg1MWQt
YWY0YzA2ZjMxYWZmLzEvSzdxVUhWYkhyZ0VBOG8wRzVZQUdqTks5QmNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mOTY4NGUtMDllMi00OWNjLTg1MWQtYWY0YzA2ZjMxYWZm
LzEvTExRcEhmbDVZOFdwdHpLeE9XOFBISWgxQk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBANtzIgD
BAVtzIADBANtzKgDBAZtzMAwDQQCAAIwBwMFACoAh4AwDQYJKoZIhvcNAQELBQAD
ggEBAAWmHevNYIdS9fxbNZT2joYn+sIHMkD67DMbfGgQKDA/Zm4NuycEtrtffxwU
mr2TyL2cVYGC7rUuNMUinUMU/GxicmahKh5PEW7Rcvl3R1/F1Z4O5Ws+WptRKoCK
VgGFTekOMgMpVXpWvgqn4J5hAJ/Yl6aA2w4FBtQAPw8bEoSyBfO+R/kbbrVkqb+X
+0gKvFWtBdg4FYKxvI+PvbLX3iPclv2Nou9fC1P9qCE2B+m6yC1bR+a+SUgysuQq
CULWWDq1r4RwzmifkwJXxW9K+ip9/DsB9mzhpGHU63gVVAa1w1mV3skHf2QUFYlO
LeKIWsHHLD5pv1N8hZlyhaeNR+Q=
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:51:31 2025 by rpki-client