Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/8wc-r54fFohvhY4dLHISM84HBWI.roa
File: 8wc-r54fFohvhY4dLHISM84HBWI.roa (raw, json)
Hash identifier: WwJ/rVwfbo9IUtnLP5yAh2Rr0eX5vs0NPRFL4JJGTUw=
Subject key identifier: F3:07:3E:AF:9E:1F:16:88:6F:85:8E:1D:2C:72:12:33:CE:07:05:62
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 0195668CD402BF6C30E3EC4BFFE06D1DC65D
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/8wc-r54fFohvhY4dLHISM84HBWI.roa
Signing time: Wed 05 Mar 2025 13:44:20 +0000
ROA not before: Wed 05 Mar 2025 13:44:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213001
IP address blocks: 151.216.34.0/24 maxlen: 24
2001:7fc:3::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:8c:d4:02:bf:6c:30:e3:ec:4b:ff:e0:6d:1d:c6:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 13:44:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3073eaf9e1f16886f858e1d2c721233ce070562
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:0d:dc:5b:89:e3:97:5f:55:83:de:bb:1a:7a:
75:d9:ee:77:dc:1a:80:62:fc:4a:7d:1c:59:eb:19:
dd:16:87:53:68:23:f1:f7:f3:a8:53:b8:6a:eb:95:
b0:d6:1a:89:cd:c3:cc:cd:26:22:a4:10:2d:9b:cb:
e3:cc:92:d6:79:d8:35:18:ad:1b:7f:98:93:a9:ff:
19:3b:83:b3:ed:fd:a2:cd:a1:5c:0c:fa:86:54:13:
21:4a:55:e7:bd:e1:44:72:02:e2:ae:75:c4:19:b5:
66:b4:01:55:e4:2b:82:5c:9e:67:37:a0:e8:58:38:
c6:30:a9:28:7d:12:81:50:a2:1f:14:5b:23:a6:2e:
a8:2f:44:01:00:97:af:93:b2:00:a7:d5:bb:2f:94:
af:de:6e:5f:9c:d7:4f:c7:31:73:4d:f3:98:0c:e5:
55:31:a4:88:16:2e:9d:52:e3:bc:13:61:b6:fe:c6:
a8:8c:f8:72:ed:67:dd:ac:45:ff:a4:fe:bc:aa:a2:
d0:a2:93:22:63:90:f1:e6:b7:4a:d0:fe:8b:02:fe:
d4:4f:28:1a:2e:24:26:f1:f2:c7:e4:d3:f9:f5:31:
54:1a:46:06:c3:1a:d8:f2:b9:ea:76:96:81:32:c9:
39:91:3a:98:4a:18:97:f1:76:cf:41:45:4b:a4:24:
c2:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:07:3E:AF:9E:1F:16:88:6F:85:8E:1D:2C:72:12:33:CE:07:05:62
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/8wc-r54fFohvhY4dLHISM84HBWI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.34.0/24
IPv6:
2001:7fc:3::/48
Signature Algorithm: sha256WithRSAEncryption
98:8a:f8:6b:fd:45:ba:2f:30:82:25:d8:5f:a4:b4:c2:57:ef:
91:57:b4:d6:a2:49:df:5e:3d:b0:4a:3e:f1:3e:67:5e:81:3e:
57:46:ca:54:13:6d:e8:c5:51:d2:59:74:60:c9:9d:1d:0f:2c:
ec:69:f5:6e:21:16:69:3c:ef:2c:15:7b:ae:cf:71:77:0b:30:
f3:f8:ea:df:9b:fc:d2:dd:c9:fc:1c:6b:91:b0:b8:63:e0:9a:
f9:b6:f0:c3:9e:72:a2:44:d2:b1:1e:a6:69:87:75:e6:5e:fa:
6d:6d:ee:50:3d:5e:30:f0:2c:36:45:b1:78:78:c7:73:16:21:
e5:aa:f4:cf:48:7c:47:88:04:3e:ce:fa:ed:df:55:f8:f0:2f:
d8:36:bf:23:28:8e:d9:b6:8e:3f:21:87:e1:d0:c8:f7:35:64:
4e:f6:fd:d8:b0:5b:6a:ac:bf:be:9a:b2:35:47:a4:06:94:29:
84:c5:70:f6:e2:c4:46:c6:7b:3f:3d:1d:0d:12:16:45:93:d4:
10:a8:1d:c8:e0:5d:bd:35:8b:b6:5f:ef:66:96:a0:f2:ef:ac:
d6:47:c2:e1:5b:77:b4:94:70:78:e9:8e:e9:a2:c2:1c:73:30:
a3:c4:fa:24:56:d1:c8:b5:4e:7e:e4:0d:e3:00:3a:4a:99:8d:
3e:87:14:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVmjNQCv2ww4+xL/+BtHcZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTM0NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA3M2VhZjllMWYxNjg4NmY4NThlMWQyYzcyMTIzM2NlMDcwNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Q3cW4njl19Vg967Gnp12e533BqA
YvxKfRxZ6xndFodTaCPx9/OoU7hq65Ww1hqJzcPMzSYipBAtm8vjzJLWedg1GK0b
f5iTqf8ZO4Oz7f2izaFcDPqGVBMhSlXnveFEcgLirnXEGbVmtAFV5CuCXJ5nN6Do
WDjGMKkofRKBUKIfFFsjpi6oL0QBAJevk7IAp9W7L5Sv3m5fnNdPxzFzTfOYDOVV
MaSIFi6dUuO8E2G2/saojPhy7WfdrEX/pP68qqLQopMiY5Dx5rdK0P6LAv7UTyga
LiQm8fLH5NP59TFUGkYGwxrY8rnqdpaBMsk5kTqYShiX8XbPQUVLpCTCKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPMHPq+eHxaIb4WOHSxyEjPOBwViMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvOHdjLXI1NGZGb2h2aFk0ZExISVNNODRIQldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9giMA8E
AgACMAkDBwAgAQf8AAMwDQYJKoZIhvcNAQELBQADggEBAJiK+Gv9RbovMIIl2F+k
tMJX75FXtNaiSd9ePbBKPvE+Z16BPldGylQTbejFUdJZdGDJnR0PLOxp9W4hFmk8
7ywVe67PcXcLMPP46t+b/NLdyfwca5GwuGPgmvm28MOecqJE0rEepmmHdeZe+m1t
7lA9XjDwLDZFsXh4x3MWIeWq9M9IfEeIBD7O+u3fVfjwL9g2vyMojtm2jj8hh+HQ
yPc1ZE72/diwW2qsv76asjVHpAaUKYTFcPbixEbGez89HQ0SFkWT1BCoHcjgXb01
i7Zf72aWoPLvrNZHwuFbd7SUcHjpjumiwhxzMKPE+iRW0ci1Tn7kDeMAOkqZjT6H
FGo=
-----END CERTIFICATE-----
Generated at Sun Jun 8 01:55:54 2025 by rpki-client