Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/a5pZZ9nj2w7N6Z3moPT6ecaeA-Q.roa
File: a5pZZ9nj2w7N6Z3moPT6ecaeA-Q.roa (raw, json)
Hash identifier: HcZclJMUdrdvxeVW1yfWikQ5V87H4l2hUlpO80kGn9A=
Subject key identifier: 6B:9A:59:67:D9:E3:DB:0E:CD:E9:9D:E6:A0:F4:FA:79:C6:9E:03:E4
Certificate issuer: /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial: 0195AE97379643BAF3C2E659C063320C9559
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/a5pZZ9nj2w7N6Z3moPT6ecaeA-Q.roa
Signing time: Wed 19 Mar 2025 13:28:20 +0000
ROA not before: Wed 19 Mar 2025 13:28:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214739
IP address blocks: 5.1.108.0/24 maxlen: 24
5.1.109.0/24 maxlen: 24
5.1.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ae:97:37:96:43:ba:f3:c2:e6:59:c0:63:32:0c:95:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Validity
Not Before: Mar 19 13:28:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6b9a5967d9e3db0ecde99de6a0f4fa79c69e03e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5f:30:4e:58:1d:eb:be:24:18:c9:d4:ce:c9:
f4:96:b6:46:22:42:3a:83:b5:3b:0f:ae:2d:2a:80:
3d:6c:48:b0:22:4e:1d:59:6b:90:9b:a7:2c:08:ed:
0a:aa:4f:43:96:f9:36:81:23:15:0d:f5:10:2e:95:
ec:15:fa:93:d4:c3:96:ba:37:76:26:bf:e5:29:84:
8c:64:8d:56:c3:bc:72:6e:ca:67:01:48:ca:9c:57:
6b:02:f1:78:48:07:d7:c9:19:66:9b:d5:15:fd:7b:
72:3d:72:16:64:df:a7:9a:1c:1d:94:d3:e7:51:86:
c4:7d:d3:a7:99:81:7b:f8:11:6f:a2:37:c4:35:9c:
81:0d:8e:a0:3c:09:96:28:ca:ae:16:90:9a:9d:ae:
b2:46:5c:f1:3f:fc:96:06:62:bf:76:aa:48:07:85:
d1:e8:a4:6d:45:d8:cb:a4:55:ec:d2:9b:3b:9d:de:
19:f9:b0:6e:2b:e3:17:3c:85:d3:9c:5d:e6:a0:a1:
e9:7a:59:9b:c6:09:a3:2d:f0:fc:6d:84:4b:70:ed:
6e:c8:0c:1e:17:94:48:37:1d:fe:83:3f:ad:07:ca:
66:74:fe:de:82:b0:08:84:26:7e:55:a6:4b:06:bc:
64:1a:4b:54:12:fc:46:8d:f7:b7:ea:8b:fe:96:d2:
28:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:9A:59:67:D9:E3:DB:0E:CD:E9:9D:E6:A0:F4:FA:79:C6:9E:03:E4
X509v3 Authority Key Identifier:
keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/a5pZZ9nj2w7N6Z3moPT6ecaeA-Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.108.0-5.1.110.255
Signature Algorithm: sha256WithRSAEncryption
7d:37:51:0f:8d:ad:18:ea:b6:10:63:2c:19:05:13:f7:62:43:
d5:ca:48:21:38:f6:a0:2f:45:44:b2:6a:7e:c1:fc:97:bd:15:
e6:4c:79:73:f5:ae:4b:3d:46:ac:7a:f5:cd:bb:67:7e:8a:1f:
e8:ec:ae:b6:6e:79:03:a2:f9:9c:29:eb:45:d1:30:0a:45:c5:
b2:83:95:b2:a4:c1:aa:83:e9:a7:fe:d3:9e:da:d0:fc:a5:a3:
2f:68:26:2f:5b:4a:0b:c5:68:d1:34:46:93:7c:a1:b5:53:99:
78:56:fb:1a:1c:6f:44:cd:66:4b:68:3d:3e:a4:42:53:44:2a:
fa:c6:d2:5e:0b:43:bd:27:ab:7b:04:39:96:de:d4:9c:a0:9f:
af:7d:a7:c2:ca:b2:d5:65:86:9e:30:64:95:8f:a1:b1:41:37:
24:f7:70:93:10:8e:38:11:e8:5c:25:85:3a:58:56:ad:78:16:
a4:3c:cc:75:ee:38:96:2a:6d:b5:bf:35:9b:f6:3e:dc:b2:e5:
dd:7d:67:07:a4:69:5d:c6:87:0d:7d:d1:bc:63:fa:10:ca:82:
00:f0:14:a9:52:0e:1b:2b:ce:73:42:ed:86:88:19:1b:08:94:
24:02:a6:98:3e:db:e5:82:3e:05:96:18:68:4d:b3:ce:d6:0a:
de:ba:c8:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZWulzeWQ7rzwuZZwGMyDJVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjUwMzE5MTMyODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjlhNTk2N2Q5ZTNkYjBlY2RlOTlkZTZhMGY0ZmE3OWM2OWUwM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo18wTlgd674kGMnUzsn0lrZGIkI6
g7U7D64tKoA9bEiwIk4dWWuQm6csCO0Kqk9Dlvk2gSMVDfUQLpXsFfqT1MOWujd2
Jr/lKYSMZI1Ww7xybspnAUjKnFdrAvF4SAfXyRlmm9UV/XtyPXIWZN+nmhwdlNPn
UYbEfdOnmYF7+BFvojfENZyBDY6gPAmWKMquFpCana6yRlzxP/yWBmK/dqpIB4XR
6KRtRdjLpFXs0ps7nd4Z+bBuK+MXPIXTnF3moKHpelmbxgmjLfD8bYRLcO1uyAwe
F5RINx3+gz+tB8pmdP7egrAIhCZ+VaZLBrxkGktUEvxGjfe36ov+ltIo3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGuaWWfZ49sOzemd5qD0+nnGngPkMB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvYTVwWlo5bmoydzdONlozbW9QVDZlY2FlQS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIFAWwD
BAAFAW4wDQYJKoZIhvcNAQELBQADggEBAH03UQ+NrRjqthBjLBkFE/diQ9XKSCE4
9qAvRUSyan7B/Je9FeZMeXP1rks9Rqx69c27Z36KH+jsrrZueQOi+Zwp60XRMApF
xbKDlbKkwaqD6af+057a0Pyloy9oJi9bSgvFaNE0RpN8obVTmXhW+xocb0TNZkto
PT6kQlNEKvrG0l4LQ70nq3sEOZbe1Jygn699p8LKstVlhp4wZJWPobFBNyT3cJMQ
jjgR6FwlhTpYVq14FqQ8zHXuOJYqbbW/NZv2Ptyy5d19ZwekaV3Ghw190bxj+hDK
ggDwFKlSDhsrznNC7YaIGRsIlCQCppg+2+WCPgWWGGhNs87WCt66yJg=
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:39:15 2025 by rpki-client