Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/qt2B9liCpwSR_E8GfbCruMdnpBo.roa
File: qt2B9liCpwSR_E8GfbCruMdnpBo.roa (raw, json)
Hash identifier: CF1z3BDp9bFyIKxpZPZ22pqi8yr0EYCmZLPU2JJFROQ=
Subject key identifier: AA:DD:81:F6:58:82:A7:04:91:FC:4F:06:7D:B0:AB:B8:C7:67:A4:1A
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 01948E720C57423DECCD45B0192084F9A3D4
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/qt2B9liCpwSR_E8GfbCruMdnpBo.roa
Signing time: Wed 22 Jan 2025 14:37:06 +0000
ROA not before: Wed 22 Jan 2025 14:37:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51057
IP address blocks: 109.235.232.0/21 maxlen: 21
109.235.232.0/23 maxlen: 23
109.235.233.0/24 maxlen: 24
109.235.234.0/23 maxlen: 23
109.235.234.0/24 maxlen: 24
109.235.238.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
2a0c:600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8e:72:0c:57:42:3d:ec:cd:45:b0:19:20:84:f9:a3:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 22 14:37:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aadd81f65882a70491fc4f067db0abb8c767a41a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ec:03:70:aa:36:65:c6:6c:91:f8:e3:0a:a3:
46:72:88:56:fc:89:58:5d:a5:b1:9b:d1:ab:65:86:
9d:cc:57:df:72:e1:71:f4:c0:e7:c5:34:7e:d8:1e:
5a:72:15:f7:69:5f:a7:f3:f7:49:e6:a9:23:e6:e2:
76:27:c0:70:04:fd:34:99:80:b6:83:0d:b0:28:8f:
0b:e5:4a:96:ee:87:f6:87:da:43:43:3a:83:19:69:
cb:75:ec:2a:97:99:cd:e9:6d:3a:6a:37:90:3c:c6:
61:c3:ec:7d:5c:16:ce:6d:1f:cf:6f:0d:ae:4d:06:
3c:61:a6:9e:b4:a4:02:8e:81:98:5e:a7:0b:1c:a0:
b1:30:dc:5c:e4:b1:c4:b9:7c:15:16:c8:ef:92:cc:
6f:81:c5:0b:73:46:d4:a4:8d:c8:a9:c3:d9:3f:21:
5f:12:9b:18:9e:ea:ae:24:96:90:d2:cc:d8:e2:24:
b4:40:ef:3a:f0:4a:0a:a3:26:a4:dc:49:e2:ec:ce:
5a:ee:33:e7:1d:b1:a9:54:74:79:9e:a7:46:68:a6:
2d:23:7c:41:a5:74:9a:0e:a5:bd:65:5d:cc:9a:a4:
92:03:d1:b2:20:bb:7b:aa:93:cc:fd:fd:a0:8b:73:
0e:92:f7:ae:91:37:bc:92:e7:a5:95:4d:b3:ae:11:
d5:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:DD:81:F6:58:82:A7:04:91:FC:4F:06:7D:B0:AB:B8:C7:67:A4:1A
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/qt2B9liCpwSR_E8GfbCruMdnpBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
IPv6:
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
11:dd:be:6c:11:28:94:4a:f6:fb:bb:5f:ef:70:ca:9a:f5:69:
72:ce:e2:ef:a9:81:e2:90:b2:90:5b:d9:fa:a7:25:d6:40:7a:
6c:ce:86:1c:26:c8:2f:44:41:4a:bf:50:bc:b1:a2:95:bc:3b:
eb:a2:39:56:dc:78:af:96:df:77:af:45:64:89:b6:b7:16:54:
6c:8a:84:af:b7:65:ff:fb:30:b0:d9:d0:56:1a:9a:f3:ac:da:
bf:e7:f7:ae:60:c6:c1:b7:0d:8f:51:e2:88:ba:45:14:52:d9:
b3:87:60:df:db:15:53:65:45:4d:e5:95:e8:ad:84:05:c7:d3:
3b:f6:11:1a:14:31:c8:20:61:a8:0f:3c:78:37:be:f2:e8:33:
a4:cb:20:1b:54:a5:e4:1c:88:f0:00:3b:6f:fa:64:be:1f:2e:
6f:e9:9d:93:64:3e:cc:ff:1f:c3:f3:49:29:3b:24:0c:b8:b3:
1d:f7:41:e5:9d:f2:a5:49:a6:63:00:51:38:dd:b0:e2:c0:ff:
cb:b0:47:61:0c:e7:6b:c7:af:26:9a:68:d3:29:db:5c:37:d7:
8b:eb:60:d4:7f:3e:ec:00:45:90:e7:12:a8:e6:23:91:65:1a:
32:96:44:24:25:e3:fa:1a:92:53:89:99:2b:05:b3:e8:62:10:
d9:2f:7e:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSOcgxXQj3szUWwGSCE+aPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMTIyMTQzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRkODFmNjU4ODJhNzA0OTFmYzRmMDY3ZGIwYWJiOGM3NjdhNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOwDcKo2ZcZskfjjCqNGcohW/IlY
XaWxm9GrZYadzFffcuFx9MDnxTR+2B5achX3aV+n8/dJ5qkj5uJ2J8BwBP00mYC2
gw2wKI8L5UqW7of2h9pDQzqDGWnLdewql5nN6W06ajeQPMZhw+x9XBbObR/Pbw2u
TQY8YaaetKQCjoGYXqcLHKCxMNxc5LHEuXwVFsjvksxvgcULc0bUpI3IqcPZPyFf
EpsYnuquJJaQ0szY4iS0QO868EoKoyak3Eni7M5a7jPnHbGpVHR5nqdGaKYtI3xB
pXSaDqW9ZV3MmqSSA9GyILt7qpPM/f2gi3MOkveukTe8kuellU2zrhHVCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKrdgfZYgqcEkfxPBn2wq7jHZ6QaMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvcXQyQjlsaUNwd1NSX0U4R2ZiQ3J1TWRucEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbevoMA0E
AgACMAcDBQMqDAYAMA0GCSqGSIb3DQEBCwUAA4IBAQAR3b5sESiUSvb7u1/vcMqa
9WlyzuLvqYHikLKQW9n6pyXWQHpszoYcJsgvREFKv1C8saKVvDvrojlW3Hivlt93
r0Vkiba3FlRsioSvt2X/+zCw2dBWGprzrNq/5/euYMbBtw2PUeKIukUUUtmzh2Df
2xVTZUVN5ZXorYQFx9M79hEaFDHIIGGoDzx4N77y6DOkyyAbVKXkHIjwADtv+mS+
Hy5v6Z2TZD7M/x/D80kpOyQMuLMd90HlnfKlSaZjAFE43bDiwP/LsEdhDOdrx68m
mmjTKdtcN9eL62DUfz7sAEWQ5xKo5iORZRoylkQkJeP6GpJTiZkrBbPoYhDZL37F
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:04:14 2025 by rpki-client