Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Q23P4NCzIODFWPrCqITTqeSk8zE.roa
File: Q23P4NCzIODFWPrCqITTqeSk8zE.roa (raw, json)
Hash identifier: Dm1I/r3iVM2SjXbpJUmqyNBqwMrLHbgVd0P97DnyITs=
Subject key identifier: 43:6D:CF:E0:D0:B3:20:E0:C5:58:FA:C2:A8:84:D3:A9:E4:A4:F3:31
Certificate issuer: /CN=d9e78e866e9204d01a6f52d39fd84ff0900b21d4
Certificate serial: 01971BB10372520C81EDD8C221F8573B18D3
Authority key identifier: D9:E7:8E:86:6E:92:04:D0:1A:6F:52:D3:9F:D8:4F:F0:90:0B:21:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2eeOhm6SBNAab1LTn9hP8JALIdQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Q23P4NCzIODFWPrCqITTqeSk8zE.roa
Signing time: Thu 29 May 2025 10:57:55 +0000
ROA not before: Thu 29 May 2025 10:57:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56816
IP address blocks: 91.228.16.0/22 maxlen: 24
91.228.16.0/23 maxlen: 24
91.228.20.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1b:b1:03:72:52:0c:81:ed:d8:c2:21:f8:57:3b:18:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9e78e866e9204d01a6f52d39fd84ff0900b21d4
Validity
Not Before: May 29 10:57:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=436dcfe0d0b320e0c558fac2a884d3a9e4a4f331
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:1d:87:da:88:d3:14:c8:16:86:9b:0c:ea:e2:
e3:b8:00:c0:18:52:d4:87:98:e7:d6:b4:34:b7:f7:
2d:a4:b3:10:97:92:61:67:ff:fa:03:42:7e:0c:73:
47:b8:56:60:31:aa:0f:2a:8d:0b:9f:d7:67:aa:dd:
50:70:d2:39:cf:f6:67:85:6b:80:3f:de:05:ae:c7:
eb:ec:c9:14:5c:8c:70:57:ea:56:65:e5:98:e8:a7:
95:64:50:38:aa:5f:6b:db:ac:8e:38:5a:08:b3:84:
8f:92:1e:f8:6d:c8:53:fb:f7:51:c8:c1:d5:f2:ca:
17:b0:db:63:86:4f:f9:27:92:82:dc:7e:1b:91:40:
79:b8:28:cd:c6:8b:27:df:15:ea:67:4b:05:eb:40:
02:5c:a6:fe:f1:d0:33:0f:33:64:51:36:07:ad:c4:
65:2f:4a:c1:12:d0:41:68:63:fd:cc:31:0d:c9:b1:
61:33:8e:24:2c:d7:ca:00:c5:7f:22:21:48:0c:ef:
fd:dc:5c:8e:58:24:7e:dd:50:21:d8:6b:88:39:f2:
3e:6c:aa:76:15:1d:cc:c2:9a:c4:f4:20:35:d0:51:
5b:b3:b9:c2:13:ee:c5:27:a1:b3:88:29:a0:75:55:
af:18:6d:dc:ee:7e:cc:df:c0:6e:71:2b:28:9b:76:
80:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:6D:CF:E0:D0:B3:20:E0:C5:58:FA:C2:A8:84:D3:A9:E4:A4:F3:31
X509v3 Authority Key Identifier:
keyid:D9:E7:8E:86:6E:92:04:D0:1A:6F:52:D3:9F:D8:4F:F0:90:0B:21:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2eeOhm6SBNAab1LTn9hP8JALIdQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Q23P4NCzIODFWPrCqITTqeSk8zE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/2eeOhm6SBNAab1LTn9hP8JALIdQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.16.0-91.228.21.255
Signature Algorithm: sha256WithRSAEncryption
89:74:46:9d:db:ab:14:0e:76:8c:ad:a4:8f:96:29:60:dd:f3:
25:4a:38:fd:f0:88:ee:28:cb:98:9c:cc:2c:ab:49:8d:ea:26:
ed:b5:4c:e5:dc:99:b1:e0:fc:c0:71:05:f2:3b:e9:d4:87:f0:
85:77:a7:14:9d:a1:32:e5:ae:db:6e:62:33:9d:c7:34:2e:12:
f7:ab:a3:1b:bd:e7:30:cd:c1:dd:a0:23:4c:79:cb:69:2e:00:
1b:11:b8:da:58:4f:11:cf:2b:45:cf:64:86:05:64:04:64:dc:
6d:3d:67:a9:54:11:87:2a:f2:fe:5f:ea:b2:5d:49:bc:de:b3:
61:2e:86:a4:06:c9:f8:f8:41:ba:e8:34:3f:0c:27:04:d5:c2:
41:93:de:90:84:c7:7c:39:ca:4e:bd:27:67:07:72:fe:26:9e:
9d:89:29:c4:8d:73:44:ee:76:e3:f8:95:27:91:b3:29:6c:82:
31:3b:6a:7b:14:74:1c:7b:d5:94:92:4f:7e:c3:4d:a1:84:83:
18:1a:3d:ab:f6:0b:c5:e9:96:45:6b:83:5a:3d:56:3e:f5:f9:
44:b4:6a:80:45:9e:31:02:23:aa:fa:36:c2:b1:b2:e7:bb:5a:
7c:57:5a:13:9e:75:60:cf:2b:53:4c:b5:f6:7b:e8:2b:87:47:
d4:02:44:31
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcbsQNyUgyB7djCIfhXOxjTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZTc4ZTg2NmU5MjA0ZDAxYTZmNTJkMzlmZDg0ZmYwOTAw
YjIxZDQwHhcNMjUwNTI5MTA1NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZkY2ZlMGQwYjMyMGUwYzU1OGZhYzJhODg0ZDNhOWU0YTRmMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR2H2ojTFMgWhpsM6uLjuADAGFLU
h5jn1rQ0t/ctpLMQl5JhZ//6A0J+DHNHuFZgMaoPKo0Ln9dnqt1QcNI5z/ZnhWuA
P94Frsfr7MkUXIxwV+pWZeWY6KeVZFA4ql9r26yOOFoIs4SPkh74bchT+/dRyMHV
8soXsNtjhk/5J5KC3H4bkUB5uCjNxosn3xXqZ0sF60ACXKb+8dAzDzNkUTYHrcRl
L0rBEtBBaGP9zDENybFhM44kLNfKAMV/IiFIDO/93FyOWCR+3VAh2GuIOfI+bKp2
FR3MwprE9CA10FFbs7nCE+7FJ6GziCmgdVWvGG3c7n7M38BucSsom3aA6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFENtz+DQsyDgxVj6wqiE06nkpPMxMB8GA1UdIwQY
MBaAFNnnjoZukgTQGm9S05/YT/CQCyHUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVlT2htNlNCTkFhYjFMVG45aFA4SkFMSWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8zMjkxNWItOWVhMS00YzY0LThmZjEt
ZDc2ZDY2MjdmYjJlLzEvUTIzUDROQ3pJT0RGV1ByQ3FJVFRxZVNrOHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8zMjkxNWItOWVhMS00YzY0LThmZjEtZDc2ZDY2MjdmYjJl
LzEvMmVlT2htNlNCTkFhYjFMVG45aFA4SkFMSWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARb5BAD
BAFb5BQwDQYJKoZIhvcNAQELBQADggEBAIl0Rp3bqxQOdoytpI+WKWDd8yVKOP3w
iO4oy5iczCyrSY3qJu21TOXcmbHg/MBxBfI76dSH8IV3pxSdoTLlrttuYjOdxzQu
Everoxu95zDNwd2gI0x5y2kuABsRuNpYTxHPK0XPZIYFZARk3G09Z6lUEYcq8v5f
6rJdSbzes2EuhqQGyfj4QbroND8MJwTVwkGT3pCEx3w5yk69J2cHcv4mnp2JKcSN
c0TuduP4lSeRsylsgjE7ansUdBx71ZSST37DTaGEgxgaPav2C8XplkVrg1o9Vj71
+US0aoBFnjECI6r6NsKxsue7WnxXWhOedWDPK1NMtfZ76CuHR9QCRDE=
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:25:12 2025 by rpki-client