Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/Fb98hqNaBTB0ijCrk1vrAIuL738.roa
File: Fb98hqNaBTB0ijCrk1vrAIuL738.roa (raw, json)
Hash identifier: +5yp6tMF50egxZA2pN6BmEW4f4M8D6cef2op3usoMC4=
Subject key identifier: 15:BF:7C:86:A3:5A:05:30:74:8A:30:AB:93:5B:EB:00:8B:8B:EF:7F
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 01956BD49D877533C2E22AF3B2E692864932
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/Fb98hqNaBTB0ijCrk1vrAIuL738.roa
Signing time: Thu 06 Mar 2025 14:20:50 +0000
ROA not before: Thu 06 Mar 2025 14:20:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198193
IP address blocks: 5.61.208.0/23 maxlen: 23
5.181.96.0/23 maxlen: 23
5.187.35.0/24 maxlen: 24
5.187.36.0/23 maxlen: 23
31.214.155.0/24 maxlen: 24
37.252.98.0/24 maxlen: 24
37.252.100.0/24 maxlen: 24
37.252.101.0/24 maxlen: 24
46.251.250.0/24 maxlen: 24
46.253.139.0/24 maxlen: 24
84.247.19.0/24 maxlen: 24
89.32.64.0/24 maxlen: 24
89.32.65.0/24 maxlen: 24
89.32.66.0/24 maxlen: 24
89.32.67.0/24 maxlen: 24
95.156.203.0/24 maxlen: 24
158.255.239.0/24 maxlen: 24
162.33.200.0/22 maxlen: 22
162.33.204.0/22 maxlen: 22
162.33.204.0/24 maxlen: 24
162.33.205.0/24 maxlen: 24
162.33.206.0/24 maxlen: 24
162.33.207.0/24 maxlen: 24
185.66.172.0/24 maxlen: 24
185.66.174.0/24 maxlen: 24
185.75.22.0/23 maxlen: 23
185.86.208.0/23 maxlen: 23
185.88.200.0/23 maxlen: 23
185.88.202.0/23 maxlen: 23
185.193.241.0/24 maxlen: 24
185.206.121.0/24 maxlen: 24
185.212.114.0/24 maxlen: 24
185.225.8.0/24 maxlen: 24
217.61.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:6b:d4:9d:87:75:33:c2:e2:2a:f3:b2:e6:92:86:49:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Mar 6 14:20:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=15bf7c86a35a0530748a30ab935beb008b8bef7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c4:c3:07:a9:16:e2:2c:d9:a9:72:dd:10:76:
48:61:a6:7c:42:d4:80:f5:7a:24:e3:4d:43:06:81:
55:82:23:b1:10:4c:92:4e:8d:15:8d:4f:f7:5b:b2:
96:c5:8c:32:a4:a5:bb:5c:46:03:18:4a:a1:45:c1:
47:a3:f9:26:71:aa:50:d3:e8:5c:d9:87:a4:70:56:
41:c8:9d:ca:1a:ec:8a:89:eb:65:c3:1c:7a:41:0e:
0c:23:4d:ee:7f:ed:fe:df:65:98:8c:c4:df:bd:01:
e4:92:0a:85:1b:42:eb:85:be:5d:b0:6e:77:1d:d8:
c5:9c:d6:24:1e:39:fb:4f:1b:02:f3:19:0c:e7:98:
49:a2:2f:d7:89:f4:b5:d1:ca:3c:89:67:a5:3c:0b:
4c:4c:2f:da:02:dd:87:fd:97:8b:47:bd:94:ed:f2:
c2:37:cd:5b:6b:8a:60:16:ce:b0:ab:d9:46:ff:ad:
91:18:20:47:3d:be:5a:2d:57:32:0c:03:a1:29:5a:
54:0d:f1:6f:6d:f8:55:e1:5a:c9:94:12:25:9d:21:
21:2b:86:60:d9:78:5a:5c:5b:dc:59:9e:64:04:30:
70:9a:5f:1f:5c:6f:64:8d:b9:c1:ae:5d:d9:d3:48:
8b:f7:10:34:89:03:88:63:91:70:09:34:1e:88:d6:
99:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:BF:7C:86:A3:5A:05:30:74:8A:30:AB:93:5B:EB:00:8B:8B:EF:7F
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/Fb98hqNaBTB0ijCrk1vrAIuL738.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.208.0/23
5.181.96.0/23
5.187.35.0-5.187.37.255
31.214.155.0/24
37.252.98.0/24
37.252.100.0/23
46.251.250.0/24
46.253.139.0/24
84.247.19.0/24
89.32.64.0/22
95.156.203.0/24
158.255.239.0/24
162.33.200.0/21
185.66.172.0/24
185.66.174.0/24
185.75.22.0/23
185.86.208.0/23
185.88.200.0/22
185.193.241.0/24
185.206.121.0/24
185.212.114.0/24
185.225.8.0/24
217.61.240.0/24
Signature Algorithm: sha256WithRSAEncryption
47:63:8c:83:d2:d6:05:1b:3c:3b:56:4c:57:ba:63:6d:23:55:
e1:d3:26:aa:93:4b:de:e4:4d:40:06:fd:a1:a2:69:a8:dc:31:
97:ec:59:9b:87:17:6a:fc:d7:7c:59:09:01:1e:e1:1a:6e:51:
95:bf:9d:d7:99:19:da:9e:65:05:ac:b7:47:13:ee:9b:d3:38:
91:26:61:ec:47:cb:e0:49:2f:5b:b2:23:5e:2d:a3:1d:2e:57:
26:74:ae:f5:ff:b6:e7:ad:cd:39:9d:9b:2c:f2:42:4b:22:a2:
9d:10:e7:14:34:d9:3c:dc:95:d9:e9:81:42:0a:bb:aa:ea:ec:
19:14:62:eb:52:60:51:0b:b8:b5:93:06:d9:29:89:8b:4c:e3:
61:e3:e8:c8:61:a4:2d:c0:94:77:ba:3a:53:5d:84:47:d1:fc:
a9:85:21:4b:e3:87:75:ce:f6:ab:75:84:f5:26:48:c4:0a:1f:
a9:99:62:5e:e1:83:be:f3:7b:1f:e3:f4:15:d0:c8:e1:d9:d0:
30:d6:f3:e5:cf:f0:56:3e:cc:18:ce:a5:97:75:3f:87:18:4e:
81:2e:29:36:78:6a:5e:36:62:b3:3a:9b:a5:85:9e:34:a1:d2:
fd:58:83:04:c6:7e:b2:33:94:cc:f6:0f:3c:fe:8a:4a:68:73:
11:84:a4:c9
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAZVr1J2HdTPC4irzsuaShkkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjUwMzA2MTQyMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJmN2M4NmEzNWEwNTMwNzQ4YTMwYWI5MzViZWIwMDhiOGJlZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMTDB6kW4izZqXLdEHZIYaZ8QtSA
9Xok401DBoFVgiOxEEySTo0VjU/3W7KWxYwypKW7XEYDGEqhRcFHo/kmcapQ0+hc
2YekcFZByJ3KGuyKietlwxx6QQ4MI03uf+3+32WYjMTfvQHkkgqFG0Lrhb5dsG53
HdjFnNYkHjn7TxsC8xkM55hJoi/XifS10co8iWelPAtMTC/aAt2H/ZeLR72U7fLC
N81ba4pgFs6wq9lG/62RGCBHPb5aLVcyDAOhKVpUDfFvbfhV4VrJlBIlnSEhK4Zg
2XhaXFvcWZ5kBDBwml8fXG9kjbnBrl3Z00iL9xA0iQOIY5FwCTQeiNaZ/QIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFBW/fIajWgUwdIowq5Nb6wCLi+9/MB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvRmI5OGhxTmFCVEIwaWpDcmsxdnJBSXVMNzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIDBAEF
PdADBAEFtWAwDAMEAAW7IwMEAQW7JAMEAB/WmwMEACX8YgMEASX8ZAMEAC77+gME
AC79iwMEAFT3EwMEAlkgQAMEAF+cywMEAJ7/7wMEA6IhyAMEALlCrAMEALlCrgME
AblLFgMEAblW0AMEArlYyAMEALnB8QMEALnOeQMEALnUcgMEALnhCAMEANk98DAN
BgkqhkiG9w0BAQsFAAOCAQEAR2OMg9LWBRs8O1ZMV7pjbSNV4dMmqpNL3uRNQAb9
oaJpqNwxl+xZm4cXavzXfFkJAR7hGm5Rlb+d15kZ2p5lBay3RxPum9M4kSZh7EfL
4EkvW7IjXi2jHS5XJnSu9f+2563NOZ2bLPJCSyKinRDnFDTZPNyV2emBQgq7qurs
GRRi61JgUQu4tZMG2SmJi0zjYePoyGGkLcCUd7o6U12ER9H8qYUhS+OHdc72q3WE
9SZIxAofqZliXuGDvvN7H+P0FdDI4dnQMNbz5c/wVj7MGM6ll3U/hxhOgS4pNnhq
XjZiszqbpYWeNKHS/ViDBMZ+sjOUzPYPPP6KSmhzEYSkyQ==
-----END CERTIFICATE-----
Generated at Mon Apr 7 20:00:47 2025 by rpki-client