Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/6bef22-f345-4603-a1e9-5cc2ef099aee/1/CXAqOA_8Mse2YzjSyU_LmXXWBP0.roa
File: CXAqOA_8Mse2YzjSyU_LmXXWBP0.roa (raw, json)
Hash identifier: ABWqvwJBXCu9XdaQJ586UoG1q1m3mpI0LdML0FAlfMM=
Subject key identifier: 09:70:2A:38:0F:FC:32:C7:B6:63:38:D2:C9:4F:CB:99:75:D6:04:FD
Certificate issuer: /CN=92933e013644db9c9ee9b91df72e1338db8e2097
Certificate serial: 0196579E8BAB05A65857DD64CFBC41D6A242
Authority key identifier: 92:93:3E:01:36:44:DB:9C:9E:E9:B9:1D:F7:2E:13:38:DB:8E:20:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kpM-ATZE25ye6bkd9y4TONuOIJc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/6bef22-f345-4603-a1e9-5cc2ef099aee/1/CXAqOA_8Mse2YzjSyU_LmXXWBP0.roa
Signing time: Mon 21 Apr 2025 09:12:10 +0000
ROA not before: Mon 21 Apr 2025 09:12:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205499
IP address blocks: 88.135.78.0/23 maxlen: 24
88.135.78.0/24 maxlen: 24
178.251.16.0/22 maxlen: 22
178.251.16.0/24 maxlen: 24
178.251.17.0/24 maxlen: 24
178.251.18.0/24 maxlen: 24
178.251.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:57:9e:8b:ab:05:a6:58:57:dd:64:cf:bc:41:d6:a2:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92933e013644db9c9ee9b91df72e1338db8e2097
Validity
Not Before: Apr 21 09:12:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09702a380ffc32c7b66338d2c94fcb9975d604fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:3d:65:64:71:22:55:58:6b:da:16:a3:9d:e0:
25:b7:7c:af:29:f9:81:22:a9:31:8a:a3:ec:ce:33:
dc:bf:56:47:b7:43:5f:39:96:b6:24:60:27:e5:90:
31:d6:77:8b:ef:e5:56:50:26:0a:51:88:e0:2f:c6:
ef:ac:ab:30:7f:b3:50:7b:16:07:eb:ba:6e:e2:29:
02:b1:34:4b:bd:e1:37:e1:45:b6:77:b7:08:65:9b:
8a:a9:21:4b:bf:9b:9d:9f:b1:42:a5:ff:01:e7:9d:
07:fd:d7:73:cd:84:c9:17:6f:17:65:5b:36:60:17:
bf:5e:bf:af:03:d6:a7:93:0f:12:0e:bf:e0:27:3c:
35:c6:dd:e9:b8:63:cc:2f:eb:d5:a8:15:c9:75:f7:
70:43:85:67:12:7d:06:38:e5:32:26:5e:26:94:cc:
9e:c6:39:38:ae:79:af:23:5e:ba:96:81:84:27:82:
f5:77:66:ae:13:2f:08:40:6c:49:57:6e:a2:88:61:
fa:a3:7b:cf:40:57:b3:f0:bc:45:26:6b:92:bf:bd:
ae:cb:4a:c5:23:ff:68:68:26:9e:3e:58:94:a4:8e:
36:89:c9:8c:c8:63:d0:4c:5d:9e:93:91:18:7b:c9:
b7:0f:23:38:e8:f8:3d:f8:28:83:11:c0:d7:7f:a9:
53:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:70:2A:38:0F:FC:32:C7:B6:63:38:D2:C9:4F:CB:99:75:D6:04:FD
X509v3 Authority Key Identifier:
keyid:92:93:3E:01:36:44:DB:9C:9E:E9:B9:1D:F7:2E:13:38:DB:8E:20:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpM-ATZE25ye6bkd9y4TONuOIJc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6bef22-f345-4603-a1e9-5cc2ef099aee/1/CXAqOA_8Mse2YzjSyU_LmXXWBP0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6bef22-f345-4603-a1e9-5cc2ef099aee/1/kpM-ATZE25ye6bkd9y4TONuOIJc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.135.78.0/23
178.251.16.0/22
Signature Algorithm: sha256WithRSAEncryption
2d:8a:c0:75:a5:ff:a4:d5:95:69:29:39:13:6b:26:d4:97:f3:
e6:33:34:b8:89:91:b5:15:e7:1f:ff:9e:96:08:25:84:2a:cc:
c6:32:c8:85:e7:91:ec:2d:8d:07:ff:88:9f:66:26:be:2c:bb:
b2:fd:c9:b0:58:d0:75:b0:45:64:00:48:09:7c:40:d2:0f:70:
20:ab:20:b2:fc:17:1c:86:85:f1:20:ad:33:3e:1b:32:2e:38:
6b:08:2e:ec:ed:2f:ea:1d:3f:07:4a:0d:8f:6f:05:e6:1f:40:
b1:66:1d:1f:8c:a4:93:78:3a:d3:05:d4:ed:6f:68:ee:ac:69:
55:d3:8d:d6:df:1c:ba:e4:75:e4:04:62:50:5e:a0:24:30:64:
34:61:cf:a8:ad:79:30:1d:00:1b:74:a4:fd:43:0a:7c:2e:e6:
34:76:41:6f:38:eb:46:65:e9:82:ca:c7:11:da:37:0d:b9:e0:
cd:d0:81:c0:4a:6d:a2:10:22:a0:86:b4:70:11:f0:9b:9f:7a:
62:e3:0e:06:85:23:82:62:87:47:b5:6a:9c:aa:18:b2:1c:98:
07:a4:cb:96:46:c2:b5:09:77:3a:48:67:59:62:5f:a4:a4:49:
fb:44:2e:d6:c7:1c:d6:7e:0f:b6:d2:02:12:d6:06:00:41:3c:
81:49:fe:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZXnourBaZYV91kz7xB1qJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTMzZTAxMzY0NGRiOWM5ZWU5YjkxZGY3MmUxMzM4ZGI4
ZTIwOTcwHhcNMjUwNDIxMDkxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTcwMmEzODBmZmMzMmM3YjY2MzM4ZDJjOTRmY2I5OTc1ZDYwNGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz1lZHEiVVhr2hajneAlt3yvKfmB
IqkxiqPszjPcv1ZHt0NfOZa2JGAn5ZAx1neL7+VWUCYKUYjgL8bvrKswf7NQexYH
67pu4ikCsTRLveE34UW2d7cIZZuKqSFLv5udn7FCpf8B550H/ddzzYTJF28XZVs2
YBe/Xr+vA9ankw8SDr/gJzw1xt3puGPML+vVqBXJdfdwQ4VnEn0GOOUyJl4mlMye
xjk4rnmvI166loGEJ4L1d2auEy8IQGxJV26iiGH6o3vPQFez8LxFJmuSv72uy0rF
I/9oaCaePliUpI42icmMyGPQTF2ek5EYe8m3DyM46Pg9+CiDEcDXf6lTgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAlwKjgP/DLHtmM40slPy5l11gT9MB8GA1UdIwQY
MBaAFJKTPgE2RNucnum5HfcuEzjbjiCXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BNLUFUWkUyNXllNmJrZDl5NFRPTnVPSUpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy82YmVmMjItZjM0NS00NjAzLWExZTkt
NWNjMmVmMDk5YWVlLzEvQ1hBcU9BXzhNc2UyWXpqU3lVX0xtWFhXQlAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy82YmVmMjItZjM0NS00NjAzLWExZTktNWNjMmVmMDk5YWVl
LzEva3BNLUFUWkUyNXllNmJrZDl5NFRPTnVPSUpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWIdOAwQC
svsQMA0GCSqGSIb3DQEBCwUAA4IBAQAtisB1pf+k1ZVpKTkTaybUl/PmMzS4iZG1
Fecf/56WCCWEKszGMsiF55HsLY0H/4ifZia+LLuy/cmwWNB1sEVkAEgJfEDSD3Ag
qyCy/BcchoXxIK0zPhsyLjhrCC7s7S/qHT8HSg2PbwXmH0CxZh0fjKSTeDrTBdTt
b2jurGlV043W3xy65HXkBGJQXqAkMGQ0Yc+orXkwHQAbdKT9Qwp8LuY0dkFvOOtG
ZemCyscR2jcNueDN0IHASm2iECKghrRwEfCbn3pi4w4GhSOCYodHtWqcqhiyHJgH
pMuWRsK1CXc6SGdZYl+kpEn7RC7WxxzWfg+20gIS1gYAQTyBSf4u
-----END CERTIFICATE-----
Generated at Sun Jun 8 00:27:25 2025 by rpki-client