Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/EP3PAjjg7MoM2irkjgxhOxxnXd0.roa
File: EP3PAjjg7MoM2irkjgxhOxxnXd0.roa (raw, json)
Hash identifier: hp3QCqafYDdKSG1l6GBXq5wkbQ3jFYu3iLOQtDCO16I=
Subject key identifier: 10:FD:CF:02:38:E0:EC:CA:0C:DA:2A:E4:8E:0C:61:3B:1C:67:5D:DD
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 0196CFD9A9B8AA1247E1ECFBB42E8AE0B7F3
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/EP3PAjjg7MoM2irkjgxhOxxnXd0.roa
Signing time: Wed 14 May 2025 17:31:10 +0000
ROA not before: Wed 14 May 2025 17:31:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62240
IP address blocks: 109.172.16.0/24 maxlen: 24
109.172.17.0/24 maxlen: 24
109.172.18.0/24 maxlen: 24
109.172.19.0/24 maxlen: 24
109.172.20.0/24 maxlen: 24
109.172.21.0/24 maxlen: 24
109.172.22.0/24 maxlen: 24
109.172.23.0/24 maxlen: 24
109.172.96.0/24 maxlen: 24
109.172.97.0/24 maxlen: 24
109.172.98.0/24 maxlen: 24
109.172.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:cf:d9:a9:b8:aa:12:47:e1:ec:fb:b4:2e:8a:e0:b7:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: May 14 17:31:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=10fdcf0238e0ecca0cda2ae48e0c613b1c675ddd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:89:74:e2:87:63:c1:c4:43:7e:2d:7d:8a:db:
0c:d0:be:15:6e:57:86:bb:90:b6:d5:3c:8f:1d:6d:
5b:9b:77:39:d2:c9:6a:e3:b3:b1:83:06:6e:e8:1e:
43:2c:3a:95:59:2c:01:82:d2:6e:86:d7:05:bf:b5:
25:72:b0:0b:07:a0:c6:89:cd:be:d6:66:25:5c:53:
cc:c0:3a:10:fb:d9:70:c9:28:57:95:47:0a:5f:d6:
02:7c:a6:6f:b6:6a:83:ca:0a:3f:a2:16:63:f8:1e:
f7:79:f5:0e:e0:c3:cf:0f:a6:c7:8b:fe:2b:75:af:
24:b9:84:2b:25:9f:89:a0:6a:ff:9b:84:ee:9a:16:
4d:a1:18:5f:e6:5e:48:43:3d:ec:9b:fc:85:18:0b:
df:79:8b:45:38:cc:49:5b:aa:2b:4b:e0:d9:50:62:
1f:74:47:69:9c:ae:3c:2f:03:ca:e8:d5:61:7f:65:
48:c0:ca:35:47:39:5d:0f:f8:69:42:3c:53:8e:42:
c3:5e:02:07:9f:7e:ff:78:bf:c5:45:fb:92:c8:6f:
b4:de:67:48:53:7d:b6:74:4a:81:ef:11:ca:3a:8c:
3c:ae:09:e4:e4:fc:77:ee:f3:16:09:e6:be:72:30:
fa:24:7e:33:ad:bd:b9:cc:6e:ba:bf:c6:8e:73:73:
ae:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:FD:CF:02:38:E0:EC:CA:0C:DA:2A:E4:8E:0C:61:3B:1C:67:5D:DD
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/EP3PAjjg7MoM2irkjgxhOxxnXd0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.16.0/21
109.172.96.0/22
Signature Algorithm: sha256WithRSAEncryption
5d:81:fe:85:cd:d7:cb:40:b2:5f:a5:35:20:50:70:c6:15:91:
0e:24:3e:2d:28:5e:91:06:e7:83:e9:63:19:a2:d5:d4:3c:55:
b0:fe:35:5a:5f:ce:88:52:41:09:cb:4e:93:54:0f:3a:5e:e4:
e4:fa:ca:4c:fa:e5:c1:59:2b:bc:7a:1c:2c:4f:ae:58:05:d2:
df:1a:63:e1:e6:62:67:49:bd:6d:76:26:bc:78:42:e3:86:0f:
97:37:cd:1e:1d:c8:f0:a3:67:2a:a2:b5:f9:05:39:e7:45:eb:
56:ea:20:95:a6:14:18:13:cb:2b:6d:4e:60:f3:1d:93:a5:57:
13:dc:76:55:65:16:a1:44:41:14:0b:28:84:ad:9d:97:d6:22:
fc:62:85:56:25:c0:2b:58:d1:d5:b9:b8:b3:e2:ad:28:5a:46:
21:a7:a9:4f:b0:7d:37:6e:b1:b4:30:47:fe:a0:85:30:ac:10:
3c:3b:04:53:2d:a2:ff:84:90:48:1d:c3:1c:4d:4e:25:50:28:
67:e1:04:bf:ac:52:1d:c2:10:e8:ef:ea:f3:57:e7:2b:79:e3:
5d:c6:eb:68:12:3c:9e:22:96:f6:c5:32:aa:80:d4:86:ff:f6:
71:55:5a:c2:06:5d:6c:a4:74:f9:18:aa:94:14:76:15:af:85:
7f:99:f7:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbP2am4qhJH4ez7tC6K4LfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjUwNTE0MTczMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGZkY2YwMjM4ZTBlY2NhMGNkYTJhZTQ4ZTBjNjEzYjFjNjc1ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIl04odjwcRDfi19itsM0L4VbleG
u5C21TyPHW1bm3c50slq47OxgwZu6B5DLDqVWSwBgtJuhtcFv7UlcrALB6DGic2+
1mYlXFPMwDoQ+9lwyShXlUcKX9YCfKZvtmqDygo/ohZj+B73efUO4MPPD6bHi/4r
da8kuYQrJZ+JoGr/m4TumhZNoRhf5l5IQz3sm/yFGAvfeYtFOMxJW6orS+DZUGIf
dEdpnK48LwPK6NVhf2VIwMo1RzldD/hpQjxTjkLDXgIHn37/eL/FRfuSyG+03mdI
U322dEqB7xHKOow8rgnk5Px37vMWCea+cjD6JH4zrb25zG66v8aOc3Ou4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBD9zwI44OzKDNoq5I4MYTscZ13dMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvRVAzUEFqamc3TW9NMmlya2pneGhPeHhuWGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbawQAwQC
baxgMA0GCSqGSIb3DQEBCwUAA4IBAQBdgf6FzdfLQLJfpTUgUHDGFZEOJD4tKF6R
BueD6WMZotXUPFWw/jVaX86IUkEJy06TVA86XuTk+spM+uXBWSu8ehwsT65YBdLf
GmPh5mJnSb1tdia8eELjhg+XN80eHcjwo2cqorX5BTnnRetW6iCVphQYE8srbU5g
8x2TpVcT3HZVZRahREEUCyiErZ2X1iL8YoVWJcArWNHVubiz4q0oWkYhp6lPsH03
brG0MEf+oIUwrBA8OwRTLaL/hJBIHcMcTU4lUChn4QS/rFIdwhDo7+rzV+creeNd
xutoEjyeIpb2xTKqgNSG//ZxVVrCBl1spHT5GKqUFHYVr4V/mfeV
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:40:05 2025 by rpki-client