Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/YyQdognTKMCslSsN0-kKFT-OzBo.roa
File: YyQdognTKMCslSsN0-kKFT-OzBo.roa (raw, json)
Hash identifier: Nf+KHvjIdDJIr4sY7HSVahR/Wzke6/Qgc5NiLDrBoNg=
Subject key identifier: 63:24:1D:A2:09:D3:28:C0:AC:95:2B:0D:D3:E9:0A:15:3F:8E:CC:1A
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 01945A1E20EC6CBB1FBBC08CA9C38E2A77A1
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/YyQdognTKMCslSsN0-kKFT-OzBo.roa
Signing time: Sun 12 Jan 2025 10:45:11 +0000
ROA not before: Sun 12 Jan 2025 10:45:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56486
IP address blocks: 37.202.243.0/24 maxlen: 24
151.247.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:5a:1e:20:ec:6c:bb:1f:bb:c0:8c:a9:c3:8e:2a:77:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 12 10:45:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=63241da209d328c0ac952b0dd3e90a153f8ecc1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:40:dd:47:ed:21:04:18:00:61:31:8f:39:2e:
20:ef:b3:aa:77:04:69:b7:ff:46:25:d9:cb:13:0b:
d3:1b:9a:df:cf:c2:96:6d:cf:58:c8:07:22:a5:f4:
80:de:e6:1f:82:31:60:08:ea:b9:b5:cd:af:35:91:
ef:05:ca:83:02:b8:af:f8:13:a5:01:f7:89:c2:f7:
ae:c4:6e:fe:56:2f:25:ce:cc:4c:30:32:2a:f2:7f:
67:63:6c:0d:14:81:91:a3:31:5d:92:72:f2:72:9d:
3d:5e:45:32:84:4a:f8:7f:77:36:31:eb:e2:6a:cd:
5e:51:28:b4:00:de:8d:d2:a2:ab:a1:e3:ec:8e:8f:
20:19:b7:18:c9:da:9c:16:a4:8b:5e:76:c6:1a:eb:
51:80:34:26:04:39:90:b3:4b:44:d9:94:9d:c0:65:
4a:18:7f:2c:99:39:bc:42:8c:73:1b:dd:df:af:c6:
92:eb:91:16:ef:3c:10:35:93:5b:df:c1:9a:55:aa:
a9:91:b6:07:d7:63:6f:9f:0c:f3:55:85:8d:96:98:
85:65:be:cc:ae:44:2b:5a:77:b8:62:a9:56:98:02:
08:76:74:d1:93:b2:af:cf:92:fc:43:62:20:c4:76:
45:22:20:59:21:8c:10:fb:ad:27:0f:e0:97:ae:a5:
00:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:24:1D:A2:09:D3:28:C0:AC:95:2B:0D:D3:E9:0A:15:3F:8E:CC:1A
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/YyQdognTKMCslSsN0-kKFT-OzBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.243.0/24
151.247.242.0/24
Signature Algorithm: sha256WithRSAEncryption
76:9b:58:a1:6e:a7:e4:6d:9e:0c:12:86:e9:b5:2c:dd:0b:78:
0b:ab:16:0c:6f:f1:19:78:ba:87:b7:5f:ab:24:69:df:bf:4f:
57:f4:88:1a:f0:2a:d9:06:f7:31:5f:d2:f1:65:43:da:6b:2b:
63:a1:f0:2e:62:59:8c:66:37:00:e2:f3:e0:f5:f5:90:c4:18:
8a:52:9a:24:96:74:3a:45:58:30:20:0f:ee:6a:67:d6:4a:c3:
22:e0:0b:bd:90:6e:d1:ea:2b:11:75:4d:0b:18:0d:0f:31:0a:
93:6c:24:f6:d0:f9:f0:a3:5d:65:36:f7:93:3a:cb:6c:dd:73:
09:3b:da:81:5f:a7:d0:d9:a5:4a:2e:de:d8:38:0c:2c:53:4f:
aa:45:a8:58:be:d2:38:88:6b:0e:7c:7d:0a:1c:51:51:04:8f:
0b:5c:c0:e7:e8:2c:6b:d4:8e:87:3d:f7:22:13:ce:3d:e9:8a:
35:b2:83:07:c8:aa:69:dd:2a:4d:1d:29:a4:1b:61:3b:d5:54:
73:2c:92:97:a2:81:14:be:31:ab:04:22:37:1f:bf:24:db:e3:
28:2b:c4:67:b4:dc:60:98:1d:92:0b:4c:b6:71:60:99:1d:1f:
09:06:34:0c:02:36:07:0c:e4:b9:91:b0:98:f8:28:45:9c:4c:
c0:ec:96:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRaHiDsbLsfu8CMqcOOKnehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwMTEyMTA0NTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI0MWRhMjA5ZDMyOGMwYWM5NTJiMGRkM2U5MGExNTNmOGVjYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUDdR+0hBBgAYTGPOS4g77OqdwRp
t/9GJdnLEwvTG5rfz8KWbc9YyAcipfSA3uYfgjFgCOq5tc2vNZHvBcqDAriv+BOl
AfeJwveuxG7+Vi8lzsxMMDIq8n9nY2wNFIGRozFdknLycp09XkUyhEr4f3c2Mevi
as1eUSi0AN6N0qKroePsjo8gGbcYydqcFqSLXnbGGutRgDQmBDmQs0tE2ZSdwGVK
GH8smTm8QoxzG93fr8aS65EW7zwQNZNb38GaVaqpkbYH12NvnwzzVYWNlpiFZb7M
rkQrWne4YqlWmAIIdnTRk7Kvz5L8Q2IgxHZFIiBZIYwQ+60nD+CXrqUAawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGMkHaIJ0yjArJUrDdPpChU/jswaMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvWXlRZG9nblRLTUNzbFNzTjAta0tGVC1PekJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrzAwQA
l/fyMA0GCSqGSIb3DQEBCwUAA4IBAQB2m1ihbqfkbZ4MEobptSzdC3gLqxYMb/EZ
eLqHt1+rJGnfv09X9Iga8CrZBvcxX9LxZUPaaytjofAuYlmMZjcA4vPg9fWQxBiK
UpoklnQ6RVgwIA/uamfWSsMi4Au9kG7R6isRdU0LGA0PMQqTbCT20Pnwo11lNveT
Osts3XMJO9qBX6fQ2aVKLt7YOAwsU0+qRahYvtI4iGsOfH0KHFFRBI8LXMDn6Cxr
1I6HPfciE8496Yo1soMHyKpp3SpNHSmkG2E71VRzLJKXooEUvjGrBCI3H78k2+Mo
K8RntNxgmB2SC0y2cWCZHR8JBjQMAjYHDOS5kbCY+ChFnEzA7JZx
-----END CERTIFICATE-----
Generated at Sun Jun 8 06:23:10 2025 by rpki-client