Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1ZxRWt-kqZjgqef2JiFA1kpgf6o.roa
File: 1ZxRWt-kqZjgqef2JiFA1kpgf6o.roa (raw, json)
Hash identifier: 1ikdykRJCk93S6UjlL7WkIcmnxKPT11r8rPr8SE2Hlo=
Subject key identifier: D5:9C:51:5A:DF:A4:A9:98:E0:A9:E7:F6:26:21:40:D6:4A:60:7F:AA
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 01857002837CD59365326F2D18E0C479EFEC
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1ZxRWt-kqZjgqef2JiFA1kpgf6o.roa
Signing time: Mon 02 Jan 2023 01:04:51 +0000
ROA not before: Mon 02 Jan 2023 01:04:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51057
IP address blocks: 217.181.250.0/23 maxlen: 23
109.235.232.0/23 maxlen: 23
109.235.232.0/21 maxlen: 21
109.235.233.0/24 maxlen: 24
109.235.234.0/23 maxlen: 23
109.235.234.0/24 maxlen: 24
109.235.238.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:02:83:7c:d5:93:65:32:6f:2d:18:e0:c4:79:ef:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 2 01:04:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d59c515adfa4a998e0a9e7f6262140d64a607faa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:8b:fc:19:bf:5e:4a:f0:c2:4c:9e:cf:73:4b:
c2:a1:5d:8d:04:53:3b:79:cc:6e:59:1b:5f:3e:a0:
e0:84:eb:79:fd:4f:e1:cd:47:22:0b:8a:24:6a:7c:
94:34:f2:f9:80:26:a6:68:e1:89:02:5f:c0:b1:75:
20:51:4a:84:87:07:6a:7b:5f:9d:c1:40:e4:7b:5a:
40:39:73:fb:88:e9:d4:b1:d2:83:44:e7:d5:a2:9c:
2b:12:8e:44:bf:94:eb:b9:b4:6d:51:47:70:6e:3f:
06:e7:eb:ff:58:2a:3c:02:8a:9d:0a:1a:a2:45:75:
56:0d:b2:b3:29:f3:27:64:b4:87:78:0b:3e:58:84:
c4:c8:d0:bb:85:ce:7a:0c:74:6a:a3:3a:4a:06:49:
55:f4:e0:d3:ea:a4:37:8e:e2:ce:4b:0c:89:d6:64:
7f:f7:b2:b3:b2:90:59:6d:42:51:10:79:43:4a:a2:
6f:97:0a:69:23:90:c1:cf:26:db:a9:40:c4:79:54:
de:37:37:f9:75:0e:8a:07:08:43:43:1a:a4:77:15:
8f:71:36:ce:01:66:1b:4a:ff:1b:c4:42:a5:15:21:
3a:a1:37:1e:0b:be:52:eb:1e:32:4a:20:7c:fe:b5:
2c:a6:bd:9c:d7:2a:4d:29:8d:dd:3f:9c:2c:e5:60:
79:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:9C:51:5A:DF:A4:A9:98:E0:A9:E7:F6:26:21:40:D6:4A:60:7F:AA
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1ZxRWt-kqZjgqef2JiFA1kpgf6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
217.181.250.0/23
Signature Algorithm: sha256WithRSAEncryption
70:98:4e:e8:63:a1:a9:37:c0:5e:10:65:e2:b0:e6:81:06:70:
8a:a6:ee:5e:b0:1b:a0:48:22:91:f7:2b:76:cf:46:85:03:5f:
1d:5f:87:64:60:9a:1a:fc:41:a2:28:2a:53:ed:93:db:a1:69:
ee:6a:df:7f:b0:c2:07:10:81:a4:9a:3b:15:74:4f:2d:fc:b2:
38:fb:10:ac:21:93:cc:10:ad:c5:85:c6:87:4d:02:41:7d:a5:
1f:14:d8:88:b4:c4:6d:95:46:19:a4:7b:9d:a7:37:33:98:c1:
c1:33:be:e4:62:28:76:c4:c7:ff:1f:ca:a3:18:81:74:64:f3:
8f:3f:5a:bf:66:ec:43:d0:b5:57:b7:23:90:73:d0:d5:a7:b5:
39:4a:9a:81:8b:b4:8b:83:2d:81:67:5f:27:63:c9:fb:23:a5:
82:40:a2:c7:09:b5:be:27:f7:9b:46:d7:1a:34:04:3f:05:78:
7b:bc:2c:5b:90:3c:f4:68:d6:e7:75:97:91:ed:bb:50:1f:3d:
b8:0d:58:c0:06:c3:d7:ac:a9:06:69:76:c1:31:43:e6:4f:32:
4c:32:64:60:37:a4:e2:04:4f:54:f5:53:07:e1:46:01:e6:b1:
02:fa:9d:92:53:67:53:1b:40:1f:9a:73:9b:16:33:e3:67:7e:
93:bd:a7:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwAoN81ZNlMm8tGODEee/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjMwMTAyMDEwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTljNTE1YWRmYTRhOTk4ZTBhOWU3ZjYyNjIxNDBkNjRhNjA3ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIv8Gb9eSvDCTJ7Pc0vCoV2NBFM7
ecxuWRtfPqDghOt5/U/hzUciC4okanyUNPL5gCamaOGJAl/AsXUgUUqEhwdqe1+d
wUDke1pAOXP7iOnUsdKDROfVopwrEo5Ev5TrubRtUUdwbj8G5+v/WCo8AoqdChqi
RXVWDbKzKfMnZLSHeAs+WITEyNC7hc56DHRqozpKBklV9ODT6qQ3juLOSwyJ1mR/
97KzspBZbUJREHlDSqJvlwppI5DBzybbqUDEeVTeNzf5dQ6KBwhDQxqkdxWPcTbO
AWYbSv8bxEKlFSE6oTceC75S6x4ySiB8/rUspr2c1ypNKY3dP5ws5WB5hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNWcUVrfpKmY4Knn9iYhQNZKYH+qMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvMVp4Uld0LWtxWmpncWVmMkppRkExa3BnZjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbevoAwQB
2bX6MA0GCSqGSIb3DQEBCwUAA4IBAQBwmE7oY6GpN8BeEGXisOaBBnCKpu5esBug
SCKR9yt2z0aFA18dX4dkYJoa/EGiKCpT7ZPboWnuat9/sMIHEIGkmjsVdE8t/LI4
+xCsIZPMEK3FhcaHTQJBfaUfFNiItMRtlUYZpHudpzczmMHBM77kYih2xMf/H8qj
GIF0ZPOPP1q/ZuxD0LVXtyOQc9DVp7U5SpqBi7SLgy2BZ18nY8n7I6WCQKLHCbW+
J/ebRtcaNAQ/BXh7vCxbkDz0aNbndZeR7btQHz24DVjABsPXrKkGaXbBMUPmTzJM
MmRgN6TiBE9U9VMH4UYB5rEC+p2SU2dTG0AfmnObFjPjZ36TvadC
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:29:06 2025 by rpki-client