Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/9r6G-K39yC3oJXCqJFwppG0XO7E.roa
File: 9r6G-K39yC3oJXCqJFwppG0XO7E.roa (raw, json)
Hash identifier: knotRA7deWhE/iQMQuh29rURZPYQ/EA2cVhvzkP4tO0=
Subject key identifier: F6:BE:86:F8:AD:FD:C8:2D:E8:25:70:AA:24:5C:29:A4:6D:17:3B:B1
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0194FB17B6BD8B177C773BD18A5F07F18278
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/9r6G-K39yC3oJXCqJFwppG0XO7E.roa
Signing time: Wed 12 Feb 2025 16:57:02 +0000
ROA not before: Wed 12 Feb 2025 16:57:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51057
IP address blocks: 109.235.232.0/21 maxlen: 21
2a0c:600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:fb:17:b6:bd:8b:17:7c:77:3b:d1:8a:5f:07:f1:82:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Feb 12 16:57:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f6be86f8adfdc82de82570aa245c29a46d173bb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:2d:13:10:fd:90:fe:bd:30:f0:59:57:35:98:
f3:7a:2e:d8:fa:e8:6d:b4:5c:1e:48:c9:ff:e9:a1:
d4:1f:80:89:8b:eb:f7:12:de:65:b3:af:35:91:e6:
3c:cf:42:e7:8b:7d:f3:4b:cd:08:d9:4b:20:88:01:
5d:23:a4:64:00:10:7f:82:27:22:94:29:59:5f:4e:
27:e5:ad:07:5b:a0:13:03:aa:a3:d3:07:ec:b4:b7:
db:3d:57:df:86:6e:01:01:3d:82:a7:06:c5:e5:da:
1c:c4:98:b2:83:43:63:74:56:0e:bf:ee:7e:bd:dd:
ef:92:b0:a4:0f:2f:ed:f4:c8:dc:eb:ca:e0:40:40:
91:41:40:9b:c9:b1:94:0e:c3:f7:44:2b:e2:55:9e:
8a:d6:bf:90:38:61:73:bd:48:e4:36:32:e8:9a:1c:
38:2a:af:70:9c:bf:be:45:98:f3:f7:3b:44:c8:fb:
94:fc:16:71:17:6a:99:99:85:60:d6:3f:9b:1d:0e:
23:92:be:e5:75:ea:db:d3:6e:a3:69:3c:33:8b:47:
2d:2d:16:1e:32:21:89:ff:25:68:22:ac:0f:90:ae:
5e:03:8c:87:c3:28:b0:a2:e2:07:e3:ea:57:1e:24:
f4:f7:d5:19:66:40:de:6d:d7:4a:34:53:f1:95:ff:
a0:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:BE:86:F8:AD:FD:C8:2D:E8:25:70:AA:24:5C:29:A4:6D:17:3B:B1
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/9r6G-K39yC3oJXCqJFwppG0XO7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
IPv6:
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
16:b9:2e:74:c9:62:cf:2e:63:72:a0:64:6e:37:2b:65:cb:7d:
66:ad:b8:80:1d:a2:45:99:85:f3:fe:bb:ec:84:f9:c5:fd:49:
36:95:23:3a:07:0a:e2:47:ad:7a:27:dd:b8:83:99:7c:ac:60:
00:4d:c6:72:3f:57:2d:2c:c2:19:e6:9c:2e:3e:c6:21:81:f4:
00:51:dc:f4:70:7a:a5:5d:29:22:3b:89:56:62:9a:89:a2:14:
9f:27:42:c2:b1:01:de:c6:38:12:2a:df:6e:4a:89:84:96:8b:
2d:a2:8a:3c:a9:8b:cf:80:83:9a:e5:81:21:33:be:3c:55:37:
da:3b:54:1c:5f:62:7d:24:c4:cd:d7:76:3a:f4:8b:af:39:98:
5f:6f:7a:2a:a6:44:9d:3a:5a:8b:3e:84:ca:6d:7d:f5:83:bd:
99:c0:55:42:c1:a0:d4:f8:08:3b:03:d3:3e:26:14:6d:d5:8e:
78:48:79:8c:bb:dc:7d:ec:56:4c:75:7d:d5:17:75:14:30:cd:
44:6e:3f:cc:08:08:e2:a7:98:9f:b9:c7:f3:16:37:6b:69:55:
e1:27:65:54:27:d5:d0:bf:55:2c:66:be:69:df:3d:f0:3a:4f:
0c:00:65:75:2a:d3:17:15:94:a5:b8:59:0c:0a:7b:a6:27:34:
e0:3f:5f:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZT7F7a9ixd8dzvRil8H8YJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMjEyMTY1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmJlODZmOGFkZmRjODJkZTgyNTcwYWEyNDVjMjlhNDZkMTczYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny0TEP2Q/r0w8FlXNZjzei7Y+uht
tFweSMn/6aHUH4CJi+v3Et5ls681keY8z0Lni33zS80I2UsgiAFdI6RkABB/gici
lClZX04n5a0HW6ATA6qj0wfstLfbPVffhm4BAT2CpwbF5docxJiyg0NjdFYOv+5+
vd3vkrCkDy/t9Mjc68rgQECRQUCbybGUDsP3RCviVZ6K1r+QOGFzvUjkNjLomhw4
Kq9wnL++RZjz9ztEyPuU/BZxF2qZmYVg1j+bHQ4jkr7lderb026jaTwzi0ctLRYe
MiGJ/yVoIqwPkK5eA4yHwyiwouIH4+pXHiT099UZZkDebddKNFPxlf+gOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPa+hvit/cgt6CVwqiRcKaRtFzuxMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvOXI2Ry1LMzl5QzNvSlhDcUpGd3BwRzBYTzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbevoMA0E
AgACMAcDBQMqDAYAMA0GCSqGSIb3DQEBCwUAA4IBAQAWuS50yWLPLmNyoGRuNytl
y31mrbiAHaJFmYXz/rvshPnF/Uk2lSM6BwriR616J924g5l8rGAATcZyP1ctLMIZ
5pwuPsYhgfQAUdz0cHqlXSkiO4lWYpqJohSfJ0LCsQHexjgSKt9uSomElostooo8
qYvPgIOa5YEhM748VTfaO1QcX2J9JMTN13Y69IuvOZhfb3oqpkSdOlqLPoTKbX31
g72ZwFVCwaDU+Ag7A9M+JhRt1Y54SHmMu9x97FZMdX3VF3UUMM1Ebj/MCAjip5if
ucfzFjdraVXhJ2VUJ9XQv1UsZr5p3z3wOk8MAGV1KtMXFZSluFkMCnumJzTgP18S
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:40:22 2025 by rpki-client