Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa
File: Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa (raw, json)
Hash identifier: vnw/0ncBSWUU8xbBYh2BOiK5njrn0jYTEvwS+kkMIA4=
Subject key identifier: 52:7D:05:B1:BE:DB:4D:51:B0:BB:97:88:16:16:0A:FF:CF:50:5C:70
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018CC500CE5864E8FFC109DBE93669C82DA7
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa
Signing time: Mon 01 Jan 2024 12:30:13 +0000
ROA not before: Mon 01 Jan 2024 12:30:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31008
IP address blocks: 217.168.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:ce:58:64:e8:ff:c1:09:db:e9:36:69:c8:2d:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 1 12:30:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=527d05b1bedb4d51b0bb978816160affcf505c70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:76:2c:3d:cc:7c:37:ac:51:59:86:77:5a:4c:
07:e8:88:df:ce:29:fe:bc:39:19:b5:78:68:fe:6c:
00:20:c5:ea:97:27:9d:56:f2:45:28:f2:64:65:33:
fd:b4:82:3b:da:99:d8:9a:93:31:ee:7d:c4:bd:c3:
c2:fe:e4:dc:3d:4b:fc:6e:b3:1c:a3:5d:5f:b0:de:
37:19:6e:7c:ae:d3:05:db:85:ef:e0:c0:06:33:02:
6c:e0:3c:ef:18:8d:8e:86:2e:4d:34:b3:f2:f5:b2:
c2:d9:69:3f:1c:bd:ac:81:b7:f0:a3:da:8c:cd:87:
e8:21:d9:80:ad:70:ac:f0:30:1c:38:b7:7f:d6:46:
a4:57:2b:8e:a7:29:a2:f2:67:04:4e:3a:27:2f:d3:
ce:1d:86:2d:ad:98:b9:7d:9a:1c:af:31:d6:ee:06:
94:4b:02:b7:4a:31:6f:b7:55:b5:33:33:33:fd:06:
8f:c7:a6:69:2b:6d:a2:45:82:66:89:7e:a0:2f:d5:
b4:1e:78:e4:19:80:8c:8a:36:4a:5b:5a:36:ba:93:
85:c5:2d:55:bf:ea:ad:a6:09:19:3b:be:ed:74:6c:
f5:b8:4d:29:87:37:ae:96:aa:b5:5e:35:7b:ec:ca:
b9:13:9a:ce:9e:bf:77:3c:74:65:df:9c:7d:a2:23:
08:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:7D:05:B1:BE:DB:4D:51:B0:BB:97:88:16:16:0A:FF:CF:50:5C:70
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:e7:a4:e3:ae:5d:4c:cf:03:c4:3a:47:2d:6e:ee:dc:1b:8c:
61:2f:c1:3f:1c:f0:8f:6f:38:88:e9:83:a1:d5:a3:7a:58:b6:
a7:2f:b9:42:47:ce:52:8e:92:32:fe:37:73:f5:43:bb:46:da:
32:03:5b:fd:14:f3:ae:07:7c:e1:dc:18:23:c6:f8:bb:91:14:
c6:5c:94:64:78:0e:63:87:10:f1:7b:cb:ae:79:76:c3:26:f6:
16:b5:cd:5e:69:4f:6e:96:4e:e8:3b:80:52:a8:e0:55:27:8b:
38:2b:49:cd:a5:f5:96:26:b2:53:43:87:98:5a:2c:fc:82:f3:
a9:74:de:1c:4c:81:09:56:e6:00:02:a7:b3:8e:4a:63:ec:59:
be:64:67:00:2e:b6:f0:b2:29:78:02:a4:75:52:d5:b9:d2:46:
3a:a1:a8:83:0d:e3:6a:20:84:37:e2:1c:1f:80:7e:50:48:a2:
bf:c0:9c:be:de:75:29:36:66:cc:df:2a:6d:b6:72:31:12:38:
4c:d2:01:d3:60:05:49:f8:62:53:a4:27:67:99:ac:d7:02:c2:
4a:95:e4:47:2e:39:7f:22:58:8d:a6:1f:ef:5a:bb:0a:a9:da:
bd:72:17:46:19:4e:0b:8a:6b:1d:f6:0d:b2:32:5c:ef:bd:7b:
61:0f:5a:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAM5YZOj/wQnb6TZpyC2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdkMDViMWJlZGI0ZDUxYjBiYjk3ODgxNjE2MGFmZmNmNTA1YzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXYsPcx8N6xRWYZ3WkwH6Ijfzin+
vDkZtXho/mwAIMXqlyedVvJFKPJkZTP9tII72pnYmpMx7n3EvcPC/uTcPUv8brMc
o11fsN43GW58rtMF24Xv4MAGMwJs4DzvGI2Ohi5NNLPy9bLC2Wk/HL2sgbfwo9qM
zYfoIdmArXCs8DAcOLd/1kakVyuOpymi8mcETjonL9POHYYtrZi5fZocrzHW7gaU
SwK3SjFvt1W1MzMz/QaPx6ZpK22iRYJmiX6gL9W0HnjkGYCMijZKW1o2upOFxS1V
v+qtpgkZO77tdGz1uE0phzeulqq1XjV77Mq5E5rOnr93PHRl35x9oiMIUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ9BbG+201RsLuXiBYWCv/PUFxwMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvVW4wRnNiN2JUVkd3dTVlSUZoWUtfODlRWEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aj3MA0G
CSqGSIb3DQEBCwUAA4IBAQBe56Tjrl1MzwPEOkctbu7cG4xhL8E/HPCPbziI6YOh
1aN6WLanL7lCR85SjpIy/jdz9UO7RtoyA1v9FPOuB3zh3Bgjxvi7kRTGXJRkeA5j
hxDxe8uueXbDJvYWtc1eaU9ulk7oO4BSqOBVJ4s4K0nNpfWWJrJTQ4eYWiz8gvOp
dN4cTIEJVuYAAqezjkpj7Fm+ZGcALrbwsil4AqR1UtW50kY6oaiDDeNqIIQ34hwf
gH5QSKK/wJy+3nUpNmbM3ypttnIxEjhM0gHTYAVJ+GJTpCdnmazXAsJKleRHLjl/
IliNph/vWrsKqdq9chdGGU4Limsd9g2yMlzvvXthD1o3
-----END CERTIFICATE-----
Generated at Wed Jun 11 10:56:15 2025 by rpki-client