Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/toWiyG20KIh4DuYvBdJ6-aC_nQc.roa
File: toWiyG20KIh4DuYvBdJ6-aC_nQc.roa (raw, json)
Hash identifier: M97Vs+xAVr2oGg8Dh9TcsBnIrLEebP25Phqwk20e9Zk=
Subject key identifier: B6:85:A2:C8:6D:B4:28:88:78:0E:E6:2F:05:D2:7A:F9:A0:BF:9D:07
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0CB53021
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/toWiyG20KIh4DuYvBdJ6-aC_nQc.roa
Signing time: Sat 01 Jan 2022 11:54:54 +0000
ROA not before: Sat 01 Jan 2022 11:54:54 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51057
IP address blocks: 217.181.250.0/23 maxlen: 23
109.235.232.0/21 maxlen: 21
109.235.234.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 213200929 (0xcb53021)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 1 11:54:54 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b685a2c86db42888780ee62f05d27af9a0bf9d07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:50:64:79:47:2d:0d:62:91:1d:4b:3d:39:5a:
6c:7f:d8:3b:ab:7f:dd:0b:fe:1d:0b:e1:33:ad:c7:
a4:a9:07:8e:35:5b:df:f7:2f:b0:df:4c:04:d0:95:
c6:cd:68:55:0e:c2:d7:77:48:90:db:dc:ff:f2:44:
f4:4d:86:9b:05:a0:db:b4:26:fc:4d:c0:a8:1c:79:
66:5c:90:84:81:cd:17:63:6a:e0:2f:ba:b7:d2:45:
9d:6b:e2:e6:b3:9f:8a:1a:68:c8:9e:d3:91:96:f6:
f1:5f:9d:a1:30:74:4e:2c:30:03:1a:1b:bb:2a:e3:
0d:a5:28:d1:d5:d4:2a:1e:91:64:e5:ad:2d:5c:50:
f4:9d:9d:03:16:41:d5:61:58:d0:7c:73:62:ad:53:
03:fc:cd:b7:94:41:63:ba:6f:ec:f3:6f:4f:84:b3:
f4:a2:9d:79:6c:9e:12:40:04:e8:31:f4:1f:84:1b:
6a:ed:f3:e0:f2:d1:e9:ce:ce:ed:c5:51:8d:8b:b2:
e0:d0:bf:9c:8b:53:18:e1:60:10:d3:28:2a:cd:c1:
16:c9:7c:e3:3d:e6:5b:85:92:77:94:33:a3:f2:db:
38:22:e1:35:52:9f:3d:0c:16:cb:e2:9b:7e:01:31:
ef:a3:48:a6:11:6a:99:a4:7e:30:d3:0d:74:5d:15:
72:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:85:A2:C8:6D:B4:28:88:78:0E:E6:2F:05:D2:7A:F9:A0:BF:9D:07
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/toWiyG20KIh4DuYvBdJ6-aC_nQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.232.0/21
217.181.250.0/23
Signature Algorithm: sha256WithRSAEncryption
46:0a:45:fb:b3:99:52:4c:67:7c:26:07:90:f2:f4:d3:11:1b:
ea:4e:ab:ef:e9:83:1e:3e:3c:f7:ab:0a:d8:e5:1f:9d:e1:71:
0b:2d:d5:21:80:81:ee:a6:81:08:09:ed:7f:34:c3:15:b5:34:
c7:e8:be:54:5e:ae:c2:7f:bc:b0:34:55:66:b9:59:44:fd:57:
fb:65:1a:01:70:f2:62:36:6a:64:e9:53:c1:41:7f:9f:03:8b:
cf:c3:b3:e2:8a:6f:a4:7e:55:85:09:b8:7e:53:ee:3f:6d:3f:
a8:ba:ca:3e:fe:dd:f8:4b:47:26:86:55:b5:5d:73:c4:d7:47:
00:11:a7:3a:bd:3a:bb:3b:ba:8c:c0:84:6b:45:0c:33:b2:f0:
51:ac:ef:02:f2:ad:8d:e6:6a:b6:6a:f7:57:ac:b3:1e:d8:5f:
ea:92:70:e2:9c:de:3d:99:8c:08:c4:76:ef:7f:4b:b5:bc:ec:
e3:46:42:7a:71:7e:ba:97:ca:0c:ff:57:ec:1a:02:e0:29:db:
01:eb:52:89:b3:a1:94:97:f1:72:80:48:99:a7:32:aa:0d:a8:
45:16:a6:3e:92:c9:bf:e6:a0:84:73:49:1b:0b:7f:f8:2c:5a:
c4:a6:f9:f0:58:30:8d:ba:4d:2d:db:9e:20:d5:d1:a0:b2:ae:
a3:ae:63:69
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEDLUwITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MTQ3OWI4M2M1MjBkNzg0NDQ1YzI0ODI4YmFiNjMzZjBkNzAyY2YzMB4XDTIyMDEw
MTExNTQ1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjY4NWEyYzg2ZGI0
Mjg4ODc4MGVlNjJmMDVkMjdhZjlhMGJmOWQwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxQZHlHLQ1ikR1LPTlabH/YO6t/3Qv+HQvhM63HpKkHjjVb
3/cvsN9MBNCVxs1oVQ7C13dIkNvc//JE9E2GmwWg27Qm/E3AqBx5ZlyQhIHNF2Nq
4C+6t9JFnWvi5rOfihpoyJ7TkZb28V+doTB0TiwwAxobuyrjDaUo0dXUKh6RZOWt
LVxQ9J2dAxZB1WFY0HxzYq1TA/zNt5RBY7pv7PNvT4Sz9KKdeWyeEkAE6DH0H4Qb
au3z4PLR6c7O7cVRjYuy4NC/nItTGOFgENMoKs3BFsl84z3mW4WSd5Qzo/LbOCLh
NVKfPQwWy+KbfgEx76NIphFqmaR+MNMNdF0VctcCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBS2haLIbbQoiHgO5i8F0nr5oL+dBzAfBgNVHSMEGDAWgBTxR5uDxSDXhERc
JIKLq2M/DXAs8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhVZWJnOFVnMTRSRVhDU0NpNnRqUHcxd0xQTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8x
L3RvV2l5RzIwS0loNER1WXZCZEo2LWFDX25RYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTk3ZTIxLWI1ZmUtNGE1Ni1hOThhLWJkZDRhZjVmMzVkMS8xLzhVZWJnOFVnMTRS
RVhDU0NpNnRqUHcxd0xQTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEA23r6AMEAdm1+jANBgkqhkiG9w0B
AQsFAAOCAQEARgpF+7OZUkxnfCYHkPL00xEb6k6r7+mDHj4896sK2OUfneFxCy3V
IYCB7qaBCAntfzTDFbU0x+i+VF6uwn+8sDRVZrlZRP1X+2UaAXDyYjZqZOlTwUF/
nwOLz8Oz4opvpH5VhQm4flPuP20/qLrKPv7d+EtHJoZVtV1zxNdHABGnOr06uzu6
jMCEa0UMM7LwUazvAvKtjeZqtmr3V6yzHthf6pJw4pzePZmMCMR2739Ltbzs40ZC
enF+upfKDP9X7BoC4CnbAetSibOhlJfxcoBImacyqg2oRRamPpLJv+aghHNJGwt/
+CxaxKb58FgwjbpNLdueINXRoLKuo65jaQ==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:23:02 2025 by rpki-client