Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/BhyG5IvqIxUvRZHPhOzO54OzJzE.roa
File: BhyG5IvqIxUvRZHPhOzO54OzJzE.roa (raw, json)
Hash identifier: 4xbo0wVrzdZAjqji12YLtGsjFWWLLtcXL+hWcDO5LI4=
Subject key identifier: 06:1C:86:E4:8B:EA:23:15:2F:45:91:CF:84:EC:CE:E7:83:B3:27:31
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 019566A84A0C0D96F87BDEE5DDD071AD4590
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/BhyG5IvqIxUvRZHPhOzO54OzJzE.roa
Signing time: Wed 05 Mar 2025 14:14:19 +0000
ROA not before: Wed 05 Mar 2025 14:14:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212987
IP address blocks: 151.216.37.0/24 maxlen: 24
2001:7fc:6::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:a8:4a:0c:0d:96:f8:7b:de:e5:dd:d0:71:ad:45:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 14:14:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=061c86e48bea23152f4591cf84eccee783b32731
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:8f:05:0c:a9:b8:71:77:76:85:20:39:2f:26:
31:dc:8b:a1:99:fa:b1:a1:8e:e2:ee:1d:c6:36:93:
1c:33:df:60:7b:18:3a:86:83:8a:97:f6:bd:b1:50:
33:87:c8:e7:38:f8:b7:27:ad:49:9d:68:eb:cf:bc:
a2:94:31:b9:ce:04:87:39:31:91:9c:25:3a:13:73:
87:c3:c5:6f:0c:8e:f4:22:7e:53:dd:06:c7:8b:f1:
4f:ac:b8:d0:58:8e:8a:8b:fc:0e:41:19:7f:d4:10:
49:c2:01:e1:0f:02:94:0a:e4:1d:25:fe:6d:4c:c9:
33:13:91:04:26:1d:17:10:b1:13:04:b8:46:bb:e7:
47:d2:6c:8a:0f:5e:87:2d:2f:1e:26:d2:82:05:7c:
b1:30:78:fa:b0:20:36:94:39:64:62:22:4a:4b:5c:
96:6d:bf:d7:09:55:d3:bc:ad:25:58:7c:2b:31:40:
41:89:25:d6:70:82:ac:ec:57:38:25:e3:fc:52:52:
68:f0:cb:d9:60:d2:ef:a9:82:5b:13:63:68:2c:81:
a7:36:15:56:fc:08:c7:d7:c1:f0:46:eb:a8:24:0b:
29:ec:08:18:e5:66:e4:ec:2a:a0:34:e9:83:b8:50:
da:9d:03:a2:89:be:2a:d4:fa:9f:52:12:a8:66:af:
e9:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:1C:86:E4:8B:EA:23:15:2F:45:91:CF:84:EC:CE:E7:83:B3:27:31
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/BhyG5IvqIxUvRZHPhOzO54OzJzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.37.0/24
IPv6:
2001:7fc:6::/48
Signature Algorithm: sha256WithRSAEncryption
99:1a:11:0f:57:e3:c5:be:83:57:d1:77:1d:f9:c0:82:70:2a:
cb:19:69:98:35:b2:bc:7d:e6:71:c6:7b:af:98:5d:a0:3e:e4:
81:4a:db:33:87:fe:36:75:dd:0e:e8:31:60:b7:17:ab:43:94:
04:1c:23:c4:07:c8:92:22:15:8d:6b:aa:a2:88:45:35:f7:a9:
a7:41:1d:33:21:a3:d9:18:35:82:ce:57:e9:dc:86:45:ef:fa:
2b:ce:e0:33:a4:0e:6a:b8:6e:b2:34:dd:3b:b4:83:55:d6:a4:
6e:e1:fd:d7:a1:93:04:5c:12:a5:19:72:16:f5:ca:21:09:98:
69:31:71:db:73:30:ec:ce:15:9a:cf:c7:46:97:ed:8e:df:5c:
83:2b:a0:33:c1:a0:37:25:31:52:60:db:9b:fb:fb:7e:af:1c:
47:33:df:84:61:ed:21:a3:87:1a:b0:c1:94:67:9c:4f:ec:cd:
b0:28:45:f2:43:53:68:e7:9b:5e:33:de:f8:1f:b0:88:3c:3c:
4c:b5:2a:54:a3:0d:51:3e:fc:c5:6c:fd:43:a6:15:d0:6c:fe:
3b:06:63:86:a0:e0:5f:d5:cc:25:4c:18:ee:ad:bd:87:c0:6a:
65:1d:85:b2:10:19:8c:ea:44:4e:10:93:05:67:bd:2a:47:06:
cb:80:7f:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVmqEoMDZb4e97l3dBxrUWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTQxNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFjODZlNDhiZWEyMzE1MmY0NTkxY2Y4NGVjY2VlNzgzYjMyNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyI8FDKm4cXd2hSA5LyYx3Iuhmfqx
oY7i7h3GNpMcM99gexg6hoOKl/a9sVAzh8jnOPi3J61JnWjrz7yilDG5zgSHOTGR
nCU6E3OHw8VvDI70In5T3QbHi/FPrLjQWI6Ki/wOQRl/1BBJwgHhDwKUCuQdJf5t
TMkzE5EEJh0XELETBLhGu+dH0myKD16HLS8eJtKCBXyxMHj6sCA2lDlkYiJKS1yW
bb/XCVXTvK0lWHwrMUBBiSXWcIKs7Fc4JeP8UlJo8MvZYNLvqYJbE2NoLIGnNhVW
/AjH18HwRuuoJAsp7AgY5Wbk7CqgNOmDuFDanQOiib4q1PqfUhKoZq/poQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAYchuSL6iMVL0WRz4TszueDsycxMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvQmh5RzVJdnFJeFV2UlpIUGhPek81NE96SnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9glMA8E
AgACMAkDBwAgAQf8AAYwDQYJKoZIhvcNAQELBQADggEBAJkaEQ9X48W+g1fRdx35
wIJwKssZaZg1srx95nHGe6+YXaA+5IFK2zOH/jZ13Q7oMWC3F6tDlAQcI8QHyJIi
FY1rqqKIRTX3qadBHTMho9kYNYLOV+nchkXv+ivO4DOkDmq4brI03Tu0g1XWpG7h
/dehkwRcEqUZchb1yiEJmGkxcdtzMOzOFZrPx0aX7Y7fXIMroDPBoDclMVJg25v7
+36vHEcz34Rh7SGjhxqwwZRnnE/szbAoRfJDU2jnm14z3vgfsIg8PEy1KlSjDVE+
/MVs/UOmFdBs/jsGY4ag4F/VzCVMGO6tvYfAamUdhbIQGYzqRE4QkwVnvSpHBsuA
fw0=
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:03:06 2025 by rpki-client