Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wp17y9hvXAzdOfNz3MEOcP3IY20.roa
File: Wp17y9hvXAzdOfNz3MEOcP3IY20.roa (raw, json)
Hash identifier: kmzDaHyXy0s6T3iMI4x4pwx0Bv3II+Xp3lWN7C4wses=
Subject key identifier: 5A:9D:7B:CB:D8:6F:5C:0C:DD:39:F3:73:DC:C1:0E:70:FD:C8:63:6D
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 0197C0CAC75F223BD62FDBDD6EA35E8F42DC
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wp17y9hvXAzdOfNz3MEOcP3IY20.roa
Signing time: Mon 30 Jun 2025 12:23:23 +0000
ROA not before: Mon 30 Jun 2025 12:23:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58061
IP address blocks: 185.109.21.0/24 maxlen: 24
213.108.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c0:ca:c7:5f:22:3b:d6:2f:db:dd:6e:a3:5e:8f:42:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Jun 30 12:23:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5a9d7bcbd86f5c0cdd39f373dcc10e70fdc8636d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:75:53:04:73:39:6d:41:93:ae:92:63:49:12:
9b:ea:71:f1:e6:cf:de:93:5f:fb:b5:90:8b:a3:83:
f9:bb:f2:9c:82:2c:3d:6e:b9:54:5e:48:4c:27:1e:
10:8b:ff:26:85:11:96:17:9e:ad:4d:bc:8c:16:8c:
13:87:79:95:4a:cf:36:93:d3:4c:e1:4e:f6:89:e0:
11:3e:ac:d0:79:2b:61:e1:8b:95:6d:b7:fd:e9:d8:
d6:c6:8c:66:4d:7c:bb:35:09:b3:d9:6b:ab:4a:66:
d8:de:75:13:bc:ff:1e:3f:c5:6a:64:02:a0:74:1a:
a2:d8:bb:55:71:ca:b6:f1:ef:1b:8a:d8:e3:59:e2:
c5:99:26:04:8d:94:00:58:24:50:2e:ad:c6:5a:25:
ad:9e:74:28:ba:7b:2e:b1:bf:be:17:4d:db:e2:2f:
9b:cf:66:00:b8:07:d1:00:a9:f2:fe:31:2b:aa:ad:
5e:c5:07:86:46:8f:3e:b8:b8:3c:f9:45:b5:b1:c8:
49:e6:d5:a6:7e:83:3b:2b:ba:39:ca:0c:d7:4e:62:
d4:84:8f:bd:f1:96:42:82:b4:f1:29:76:32:64:68:
bf:5c:b9:14:07:57:4c:75:a2:22:46:12:69:3e:b1:
4e:6b:dd:95:dc:4a:c1:eb:b0:27:d6:87:88:f3:5f:
a2:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:9D:7B:CB:D8:6F:5C:0C:DD:39:F3:73:DC:C1:0E:70:FD:C8:63:6D
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wp17y9hvXAzdOfNz3MEOcP3IY20.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.109.21.0/24
213.108.199.0/24
Signature Algorithm: sha256WithRSAEncryption
21:fd:ff:8e:42:f0:7d:76:ac:93:da:d5:7c:57:df:b9:57:83:
bf:dc:dd:17:fa:b3:91:36:18:33:e4:ff:f5:4a:6f:d0:9c:db:
48:a7:a5:a5:cf:06:22:79:50:a3:8e:11:e9:3e:e2:74:96:c8:
38:37:30:f1:23:d3:bf:54:4a:ae:3c:58:0c:be:b3:f0:c2:69:
8d:b4:ec:25:83:c9:77:ce:66:9e:77:1b:72:a0:29:d7:15:be:
5b:e6:52:65:1b:88:5b:c2:fe:5b:d8:ac:de:5f:51:9d:f8:c1:
a7:26:f8:1d:9b:8d:c8:cf:1e:16:98:0e:17:46:2f:28:93:f3:
ba:89:f7:87:6e:ad:59:30:06:1d:81:33:87:ff:99:bb:a6:f0:
c3:02:14:74:03:69:10:61:48:db:3a:98:27:8a:50:a8:3c:7f:
9e:d4:df:28:6d:7b:49:f1:10:71:3e:c7:14:44:39:3b:5d:a8:
84:4d:0c:6b:c6:2d:19:26:80:0c:f3:12:76:18:5b:9e:aa:fe:
e5:32:bf:fa:46:cf:1c:51:c2:2d:85:72:29:48:47:dd:f3:cc:
9e:5a:f6:4d:0f:7e:ed:d4:dd:ef:4b:88:0e:d0:8c:aa:ad:9e:
9f:97:0e:ec:9c:c0:10:02:0f:c7:f0:30:be:46:5c:dd:61:25:
5a:fe:4f:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfAysdfIjvWL9vdbqNej0LcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNjMwMTIyMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTlkN2JjYmQ4NmY1YzBjZGQzOWYzNzNkY2MxMGU3MGZkYzg2MzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3VTBHM5bUGTrpJjSRKb6nHx5s/e
k1/7tZCLo4P5u/Kcgiw9brlUXkhMJx4Qi/8mhRGWF56tTbyMFowTh3mVSs82k9NM
4U72ieARPqzQeSth4YuVbbf96djWxoxmTXy7NQmz2WurSmbY3nUTvP8eP8VqZAKg
dBqi2LtVccq28e8bitjjWeLFmSYEjZQAWCRQLq3GWiWtnnQounsusb++F03b4i+b
z2YAuAfRAKny/jErqq1exQeGRo8+uLg8+UW1schJ5tWmfoM7K7o5ygzXTmLUhI+9
8ZZCgrTxKXYyZGi/XLkUB1dMdaIiRhJpPrFOa92V3ErB67An1oeI81+iMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFqde8vYb1wM3Tnzc9zBDnD9yGNtMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvV3AxN3k5aHZYQXpkT2ZOejNNRU9jUDNJWTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuW0VAwQA
1WzHMA0GCSqGSIb3DQEBCwUAA4IBAQAh/f+OQvB9dqyT2tV8V9+5V4O/3N0X+rOR
Nhgz5P/1Sm/QnNtIp6WlzwYieVCjjhHpPuJ0lsg4NzDxI9O/VEquPFgMvrPwwmmN
tOwlg8l3zmaedxtyoCnXFb5b5lJlG4hbwv5b2KzeX1Gd+MGnJvgdm43Izx4WmA4X
Ri8ok/O6ifeHbq1ZMAYdgTOH/5m7pvDDAhR0A2kQYUjbOpgnilCoPH+e1N8obXtJ
8RBxPscURDk7XaiETQxrxi0ZJoAM8xJ2GFueqv7lMr/6Rs8cUcIthXIpSEfd88ye
WvZND37t1N3vS4gO0IyqrZ6flw7snMAQAg/H8DC+RlzdYSVa/k84
-----END CERTIFICATE-----
Generated at Thu Jul 31 02:51:05 2025 by rpki-client