Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/3g2J1xUYSnWFKkUiN0iaLhbPwCg.roa
File: 3g2J1xUYSnWFKkUiN0iaLhbPwCg.roa (raw, json)
Hash identifier: 9nItVZePT1m0TWqHflPCYpJDKm6gHChcTNexINtD8B4=
Subject key identifier: DE:0D:89:D7:15:18:4A:75:85:2A:45:22:37:48:9A:2E:16:CF:C0:28
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 019422FC2DA622F5CEE93F646282E76354FA
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/3g2J1xUYSnWFKkUiN0iaLhbPwCg.roa
Signing time: Wed 01 Jan 2025 17:48:59 +0000
ROA not before: Wed 01 Jan 2025 17:48:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216271
IP address blocks: 192.162.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:2d:a6:22:f5:ce:e9:3f:64:62:82:e7:63:54:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Jan 1 17:48:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de0d89d715184a75852a452237489a2e16cfc028
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:a2:01:23:8d:2c:16:c8:ee:be:08:2a:57:10:
dd:29:ab:eb:6d:0c:00:04:fa:0c:1d:df:4f:61:31:
c7:30:b0:36:3f:7f:52:16:11:a4:62:d8:54:5e:76:
b1:14:8c:cf:58:11:13:86:ce:c0:76:72:7c:02:60:
65:dd:50:7c:be:ab:5a:a5:96:46:e0:5c:c9:bc:b7:
00:ca:ad:f8:27:7e:a2:27:9b:6d:a4:46:85:8c:d8:
e7:31:73:30:44:d3:d1:6a:d7:57:bc:ce:05:64:e2:
f5:8e:ba:be:c1:e5:53:3e:ac:1d:dc:f4:a6:a3:bd:
a5:f4:a2:c8:4d:be:9f:d2:f9:e2:b4:22:e2:21:8f:
e6:37:7a:a1:6d:5a:da:60:40:63:f0:aa:64:18:43:
7d:c2:9d:a3:e4:22:13:7a:9f:e6:65:0f:13:b8:7c:
91:c0:07:da:40:97:5b:18:b6:68:58:5d:80:24:3f:
ff:8e:ab:7e:ee:7c:17:24:34:0b:67:f8:18:d2:f7:
62:b2:8c:44:98:ec:9d:f1:3b:bf:70:0a:a4:cc:c8:
69:70:95:0d:d4:b1:5d:ca:c9:14:a4:fd:ff:38:aa:
71:81:a5:0f:85:3b:1e:66:63:ec:c0:13:30:24:90:
aa:15:37:1e:00:13:48:a1:c6:89:87:83:6e:39:bc:
88:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:0D:89:D7:15:18:4A:75:85:2A:45:22:37:48:9A:2E:16:CF:C0:28
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/3g2J1xUYSnWFKkUiN0iaLhbPwCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.162.199.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:7f:21:93:fc:44:a6:bc:6c:b4:af:98:58:cc:06:f9:9b:43:
3d:dd:fd:1b:a6:08:53:bd:57:fb:b1:da:3e:30:7f:28:c5:36:
9d:bc:cb:8a:84:2d:86:b4:fe:d8:3c:61:ab:d0:3e:4e:5b:fb:
6c:97:1c:4c:57:09:70:53:8b:a5:c4:38:66:e5:17:99:7f:ab:
2b:c3:f9:e3:82:cc:5b:4b:e0:42:f3:b9:30:dc:97:8e:d3:14:
fa:1e:ee:93:3a:53:23:f7:ec:05:fd:d6:76:ca:ba:64:23:28:
d6:88:4b:bb:06:c8:c9:c7:71:8d:51:a2:f1:76:15:96:98:98:
4c:70:91:6f:7e:fe:27:e3:38:67:a3:1c:58:50:6b:3d:36:57:
30:8a:2c:2b:0a:34:7d:a3:be:62:84:f1:ba:ba:73:7b:ea:27:
17:93:a7:e1:cf:4f:6f:54:4a:39:f2:83:ae:4c:06:f3:03:e3:
d9:74:16:ca:8b:f5:d4:74:1a:7b:bb:cb:62:5a:d8:07:4c:39:
99:58:16:cf:2a:30:db:98:4e:de:c5:49:7b:5b:5f:ab:57:df:
43:05:0e:5d:8b:fa:5d:4b:c2:0f:90:02:11:c3:65:9c:86:56:
db:9e:c3:c1:f1:1a:6b:10:f8:7b:79:ac:8d:a9:25:09:83:05:
0e:42:de:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/C2mIvXO6T9kYoLnY1T6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjUwMTAxMTc0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTBkODlkNzE1MTg0YTc1ODUyYTQ1MjIzNzQ4OWEyZTE2Y2ZjMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6IBI40sFsjuvggqVxDdKavrbQwA
BPoMHd9PYTHHMLA2P39SFhGkYthUXnaxFIzPWBEThs7AdnJ8AmBl3VB8vqtapZZG
4FzJvLcAyq34J36iJ5ttpEaFjNjnMXMwRNPRatdXvM4FZOL1jrq+weVTPqwd3PSm
o72l9KLITb6f0vnitCLiIY/mN3qhbVraYEBj8KpkGEN9wp2j5CITep/mZQ8TuHyR
wAfaQJdbGLZoWF2AJD//jqt+7nwXJDQLZ/gY0vdisoxEmOyd8Tu/cAqkzMhpcJUN
1LFdyskUpP3/OKpxgaUPhTseZmPswBMwJJCqFTceABNIocaJh4NuObyIawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4NidcVGEp1hSpFIjdImi4Wz8AoMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvM2cySjF4VVlTbldGS2tVaU4waWFMaGJQd0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLHMA0G
CSqGSIb3DQEBCwUAA4IBAQAOfyGT/ESmvGy0r5hYzAb5m0M93f0bpghTvVf7sdo+
MH8oxTadvMuKhC2GtP7YPGGr0D5OW/tslxxMVwlwU4ulxDhm5ReZf6srw/njgsxb
S+BC87kw3JeO0xT6Hu6TOlMj9+wF/dZ2yrpkIyjWiEu7BsjJx3GNUaLxdhWWmJhM
cJFvfv4n4zhnoxxYUGs9NlcwiiwrCjR9o75ihPG6unN76icXk6fhz09vVEo58oOu
TAbzA+PZdBbKi/XUdBp7u8tiWtgHTDmZWBbPKjDbmE7exUl7W1+rV99DBQ5di/pd
S8IPkAIRw2WchlbbnsPB8RprEPh7eayNqSUJgwUOQt7J
-----END CERTIFICATE-----
Generated at Wed Apr 23 04:20:31 2025 by rpki-client