Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/3SrDJsglEatdXDmlYL9-hde2rkY.roa
File: 3SrDJsglEatdXDmlYL9-hde2rkY.roa (raw, json)
Hash identifier: RATDrGTShd5lc+tW1cygIx7GKqkuXBxGGeGKFjETU+o=
Subject key identifier: DD:2A:C3:26:C8:25:11:AB:5D:5C:39:A5:60:BF:7E:85:D7:B6:AE:46
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0DB79414
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/3SrDJsglEatdXDmlYL9-hde2rkY.roa
Signing time: Thu 21 Apr 2022 00:07:06 +0000
ROA not before: Thu 21 Apr 2022 00:07:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51057
IP address blocks: 217.181.250.0/23 maxlen: 23
109.235.233.0/24 maxlen: 24
109.235.232.0/21 maxlen: 21
109.235.234.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 230134804 (0xdb79414)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Apr 21 00:07:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dd2ac326c82511ab5d5c39a560bf7e85d7b6ae46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:2c:04:fd:a7:b5:5f:d8:be:5c:77:fa:5c:f2:
42:1f:95:61:14:d2:16:4d:b5:0a:c8:e5:14:2a:a6:
86:f2:00:e4:74:1f:97:72:29:df:7f:95:1d:cb:67:
1c:04:01:25:a8:fe:21:f5:a5:95:cd:b1:de:82:93:
5b:b7:91:57:cd:77:0d:e5:a3:70:3a:53:18:f9:ec:
2b:75:5b:84:57:05:01:57:8d:51:18:dc:3d:f9:52:
c2:16:5c:0d:18:d6:68:a4:4e:5e:11:d8:4b:ab:8a:
60:a9:f7:89:03:c0:7d:32:4f:39:e3:81:2e:7d:04:
1c:dc:77:6f:5c:17:a1:ce:a7:d6:ab:67:fe:bb:db:
79:21:6f:ee:b1:82:6b:c3:fa:d4:f5:62:a0:1a:9f:
02:7a:56:5c:81:64:d3:5d:35:c3:06:93:81:ea:02:
88:46:e3:94:77:e6:eb:1c:08:f5:55:e5:3a:be:1a:
ab:20:78:77:11:08:b8:7d:2b:cb:e6:e5:be:52:1c:
ab:e3:7a:9e:d9:48:18:18:61:3d:88:77:64:30:33:
f9:34:be:70:9f:7a:e7:63:ca:9f:85:ff:63:ba:a6:
06:63:f9:76:8b:a3:bb:18:b8:88:5b:5c:d0:77:c5:
27:19:02:67:b4:39:a4:93:a5:49:22:d6:81:c0:e4:
7b:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2A:C3:26:C8:25:11:AB:5D:5C:39:A5:60:BF:7E:85:D7:B6:AE:46
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/3SrDJsglEatdXDmlYL9-hde2rkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
217.181.250.0/23
Signature Algorithm: sha256WithRSAEncryption
9b:26:c0:a2:50:69:29:36:47:4b:cb:9d:50:fb:76:22:ad:a1:
e5:f4:27:5b:7e:6d:55:1f:40:37:79:fe:d4:d1:f0:8f:84:be:
74:4c:ee:51:b5:57:0b:f1:6e:42:8b:ea:6c:0d:b6:97:9a:ca:
b9:ac:5d:2a:90:0a:86:a0:9c:4d:8c:fb:c0:1b:8d:50:e9:38:
15:77:ab:02:85:74:d2:b2:79:72:dc:f7:5e:47:09:ba:c3:1d:
28:5d:e1:30:0b:d2:01:02:28:5e:d8:b9:8e:89:f3:d5:55:cb:
45:b9:cc:39:96:fb:1a:2c:13:62:c4:ea:40:87:39:2a:7a:1b:
b4:8d:ad:e3:c6:6e:9e:05:97:c2:3c:bf:31:4e:12:86:09:37:
64:0d:f3:33:39:be:ff:02:7a:82:75:3d:e5:11:de:b1:38:d8:
e8:e9:3f:03:8a:c9:9d:6b:c3:ab:5f:d6:3c:b1:e3:a2:fa:1a:
41:76:2c:fe:03:ca:d4:6f:39:47:e7:1c:ed:f8:ea:7b:3d:6a:
89:fe:b5:21:1c:8b:1a:63:d9:3a:5b:0e:8e:30:38:db:09:86:
74:a1:0b:d7:83:68:d8:43:76:8d:2d:96:0d:2b:80:ce:6a:87:
fc:53:c4:ed:f4:61:78:e1:05:38:70:fc:4f:6b:34:2c:dc:0c:
1b:b5:1a:d1
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEDbeUFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MTQ3OWI4M2M1MjBkNzg0NDQ1YzI0ODI4YmFiNjMzZjBkNzAyY2YzMB4XDTIyMDQy
MTAwMDcwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQyYWMzMjZjODI1
MTFhYjVkNWMzOWE1NjBiZjdlODVkN2I2YWU0NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ8sBP2ntV/Yvlx3+lzyQh+VYRTSFk21CsjlFCqmhvIA5HQf
l3Ip33+VHctnHAQBJaj+IfWllc2x3oKTW7eRV813DeWjcDpTGPnsK3VbhFcFAVeN
URjcPflSwhZcDRjWaKROXhHYS6uKYKn3iQPAfTJPOeOBLn0EHNx3b1wXoc6n1qtn
/rvbeSFv7rGCa8P61PVioBqfAnpWXIFk0101wwaTgeoCiEbjlHfm6xwI9VXlOr4a
qyB4dxEIuH0ry+blvlIcq+N6ntlIGBhhPYh3ZDAz+TS+cJ9652PKn4X/Y7qmBmP5
doujuxi4iFtc0HfFJxkCZ7Q5pJOlSSLWgcDke+ECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTdKsMmyCURq11cOaVgv36F17auRjAfBgNVHSMEGDAWgBTxR5uDxSDXhERc
JIKLq2M/DXAs8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhVZWJnOFVnMTRSRVhDU0NpNnRqUHcxd0xQTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8x
LzNTckRKc2dsRWF0ZFhEbWxZTDktaGRlMnJrWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8xLzhVZWJnOFVnMTRS
RVhDU0NpNnRqUHcxd0xQTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEA23r6AMEAdm1+jANBgkqhkiG9w0B
AQsFAAOCAQEAmybAolBpKTZHS8udUPt2Iq2h5fQnW35tVR9AN3n+1NHwj4S+dEzu
UbVXC/FuQovqbA22l5rKuaxdKpAKhqCcTYz7wBuNUOk4FXerAoV00rJ5ctz3XkcJ
usMdKF3hMAvSAQIoXti5jonz1VXLRbnMOZb7GiwTYsTqQIc5KnobtI2t48ZungWX
wjy/MU4Shgk3ZA3zMzm+/wJ6gnU95RHesTjY6Ok/A4rJnWvDq1/WPLHjovoaQXYs
/gPK1G85R+cc7fjqez1qif61IRyLGmPZOlsOjjA42wmGdKEL14No2EN2jS2WDSuA
zmqH/FPE7fRheOEFOHD8T2s0LNwMG7Ua0Q==
-----END CERTIFICATE-----
Generated at Sun Apr 20 05:03:00 2025 by rpki-client