Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/mtgA78wNEFk8737aYH5Kpgitn8Y.roa
File: mtgA78wNEFk8737aYH5Kpgitn8Y.roa (raw, json)
Hash identifier: TwnmG5LYWomdfxlj0RBLcjv+FelGFJzKG7jWQ7ApXKk=
Subject key identifier: 9A:D8:00:EF:CC:0D:10:59:3C:EF:7E:DA:60:7E:4A:A6:08:AD:9F:C6
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0193AC953EF7F5392849D862696ADC8FD4E3
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/mtgA78wNEFk8737aYH5Kpgitn8Y.roa
Signing time: Mon 09 Dec 2024 18:01:22 +0000
ROA not before: Mon 09 Dec 2024 18:01:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51057
IP address blocks: 109.235.232.0/21 maxlen: 21
109.235.232.0/23 maxlen: 23
109.235.233.0/24 maxlen: 24
109.235.234.0/23 maxlen: 23
109.235.234.0/24 maxlen: 24
109.235.238.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
217.181.250.0/23 maxlen: 23
2a0c:600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:ac:95:3e:f7:f5:39:28:49:d8:62:69:6a:dc:8f:d4:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Dec 9 18:01:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9ad800efcc0d10593cef7eda607e4aa608ad9fc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:40:2a:a8:45:35:22:c5:1a:2a:75:d9:06:29:
09:87:d2:d6:70:03:5c:24:ba:8e:11:59:23:ed:3a:
70:89:17:9a:86:d7:5e:26:87:fd:b5:69:7f:c4:96:
95:f9:62:01:b7:30:85:5b:48:e2:04:bf:cf:2e:0a:
a1:88:f6:a6:38:cf:ae:67:03:85:74:80:17:c5:d0:
e1:3b:67:c2:cc:64:fd:5d:f6:34:ce:cc:bb:51:0e:
ab:fb:ac:8a:11:dd:bf:6a:ec:c7:02:bb:47:ed:24:
18:b8:da:cb:28:7c:fb:45:aa:a2:10:6a:3b:47:d5:
9a:d5:ae:c1:53:4f:97:87:9c:66:ce:80:b0:4f:31:
58:0b:0e:2c:87:42:73:02:54:93:5d:db:a7:af:87:
18:d0:87:a2:59:64:64:ca:32:c5:02:7e:7f:2e:08:
34:98:27:39:dd:c2:a9:31:8c:41:ca:5b:58:a8:ec:
66:8a:f0:6d:04:e5:3f:59:5b:03:dd:b2:4a:a3:ef:
f3:ea:41:83:ea:bf:9a:a6:16:99:6c:15:19:e9:8d:
f6:70:fb:1d:fd:2f:8d:5b:8f:f9:5e:5b:ed:56:20:
59:a0:ff:10:1f:8c:e9:ed:c7:69:d8:75:5d:b3:0b:
db:a8:4f:b6:b1:c2:1f:6a:3c:d6:87:9b:b3:d2:3d:
23:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:D8:00:EF:CC:0D:10:59:3C:EF:7E:DA:60:7E:4A:A6:08:AD:9F:C6
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/mtgA78wNEFk8737aYH5Kpgitn8Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
217.181.250.0/23
IPv6:
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
a8:8a:35:7a:eb:fa:bd:05:e0:f6:02:53:21:92:38:f3:5d:1f:
b2:92:d4:3c:22:2f:b8:d7:9d:33:32:92:82:d5:23:f4:38:75:
6b:df:03:42:fd:eb:0c:d1:01:dc:c7:07:a2:a6:5d:75:f9:cf:
cf:39:80:2c:e3:3d:29:0e:9c:f9:25:36:62:8a:85:18:91:7d:
1f:4e:f9:8c:84:2a:6a:77:31:28:a9:4c:b9:69:62:0f:58:8d:
d5:f9:d1:20:10:7f:ab:ab:71:cc:e0:1b:07:b7:7a:2d:68:9f:
b8:4e:00:f6:62:71:59:fe:f5:42:43:31:ed:5e:a4:57:6e:96:
86:e6:9e:9a:08:3e:4e:08:9c:82:05:db:17:70:7d:0b:12:5d:
f9:d1:f0:64:de:b8:57:cd:b7:61:9a:d0:06:38:47:c0:5f:8c:
8a:81:9b:9e:cc:d2:d4:14:1e:cf:a0:ae:91:e8:64:93:d4:fa:
fb:ad:5c:62:09:5e:25:b5:d9:c7:c7:56:e0:13:50:4a:c7:a5:
c2:cd:2f:99:d4:5c:34:e0:d7:79:07:65:d0:56:69:c7:36:d4:
03:ac:b6:3f:21:2f:ca:bc:fd:99:69:a0:75:c6:d7:60:4d:e2:
e2:f7:9f:e8:90:68:ad:ea:e4:72:e5:f4:cc:62:e4:30:4d:ee:
9c:8e:93:a1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZOslT739TkoSdhiaWrcj9TjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjQxMjA5MTgwMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQ4MDBlZmNjMGQxMDU5M2NlZjdlZGE2MDdlNGFhNjA4YWQ5ZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEAqqEU1IsUaKnXZBikJh9LWcANc
JLqOEVkj7TpwiReahtdeJof9tWl/xJaV+WIBtzCFW0jiBL/PLgqhiPamOM+uZwOF
dIAXxdDhO2fCzGT9XfY0zsy7UQ6r+6yKEd2/auzHArtH7SQYuNrLKHz7RaqiEGo7
R9Wa1a7BU0+Xh5xmzoCwTzFYCw4sh0JzAlSTXdunr4cY0IeiWWRkyjLFAn5/Lgg0
mCc53cKpMYxByltYqOxmivBtBOU/WVsD3bJKo+/z6kGD6r+aphaZbBUZ6Y32cPsd
/S+NW4/5XlvtViBZoP8QH4zp7cdp2HVdswvbqE+2scIfajzWh5uz0j0jLQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJrYAO/MDRBZPO9+2mB+SqYIrZ/GMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvbXRnQTc4d05FRms4NzM3YVlINUtwZ2l0bjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbevoAwQB
2bX6MA0EAgACMAcDBQMqDAYAMA0GCSqGSIb3DQEBCwUAA4IBAQCoijV66/q9BeD2
AlMhkjjzXR+yktQ8Ii+4150zMpKC1SP0OHVr3wNC/esM0QHcxweipl11+c/POYAs
4z0pDpz5JTZiioUYkX0fTvmMhCpqdzEoqUy5aWIPWI3V+dEgEH+rq3HM4BsHt3ot
aJ+4TgD2YnFZ/vVCQzHtXqRXbpaG5p6aCD5OCJyCBdsXcH0LEl350fBk3rhXzbdh
mtAGOEfAX4yKgZuezNLUFB7PoK6R6GST1Pr7rVxiCV4ltdnHx1bgE1BKx6XCzS+Z
1Fw04Nd5B2XQVmnHNtQDrLY/IS/KvP2ZaaB1xtdgTeLi95/okGit6uRy5fTMYuQw
Te6cjpOh
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:18:43 2025 by rpki-client