Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/737469-aa66-43df-9e94-70393f9f8ae3/1/9UwwobBOpWlFKxqTwCE9qW-44nY.roa
File: 9UwwobBOpWlFKxqTwCE9qW-44nY.roa (raw, json)
Hash identifier: H0L6+IhqW6oM8MbDAghdoxxD9IJyKJEdC3/lOqu3vi0=
Subject key identifier: F5:4C:30:A1:B0:4E:A5:69:45:2B:1A:93:C0:21:3D:A9:6F:B8:E2:76
Certificate issuer: /CN=41f83d21734e0555c7a13c48561ca0b7757a6a0a
Certificate serial: 01941FFA2B5D8B7C6DCE50421FEFA3536292
Authority key identifier: 41:F8:3D:21:73:4E:05:55:C7:A1:3C:48:56:1C:A0:B7:75:7A:6A:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qfg9IXNOBVXHoTxIVhygt3V6ago.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/737469-aa66-43df-9e94-70393f9f8ae3/1/9UwwobBOpWlFKxqTwCE9qW-44nY.roa
Signing time: Wed 01 Jan 2025 03:47:56 +0000
ROA not before: Wed 01 Jan 2025 03:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206391
IP address blocks: 185.187.204.0/24 maxlen: 24
185.187.205.0/24 maxlen: 24
185.187.206.0/24 maxlen: 24
185.187.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:2b:5d:8b:7c:6d:ce:50:42:1f:ef:a3:53:62:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41f83d21734e0555c7a13c48561ca0b7757a6a0a
Validity
Not Before: Jan 1 03:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f54c30a1b04ea569452b1a93c0213da96fb8e276
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:12:25:8a:51:ee:72:f2:aa:d5:ca:2f:67:39:
50:48:38:6e:bc:5c:0f:45:84:89:4d:91:df:f4:09:
ef:34:90:b3:84:7f:63:92:bd:21:75:58:7c:b4:65:
f6:77:5f:e0:aa:08:12:c2:14:d2:f3:4c:a6:c5:31:
ce:50:d2:d4:07:a6:3b:12:2b:e3:25:1b:ab:e7:0a:
1b:16:b0:85:6c:61:5a:a6:20:84:b9:b0:d1:dc:6b:
60:92:76:fe:6b:72:6d:f7:76:57:8c:0f:27:a0:fb:
f6:28:a9:f7:ea:60:18:a9:f6:11:76:1d:24:0b:9c:
a5:d0:bf:d5:8a:20:56:e3:b7:e3:fb:d6:66:e2:73:
1e:08:90:8e:96:2a:14:df:eb:7d:37:ca:01:34:01:
38:71:57:85:84:7d:59:69:cf:d8:2b:d9:3d:09:bf:
dc:f1:f1:25:db:ff:69:9a:f6:05:15:86:4e:2c:7f:
95:ba:2c:60:6c:fa:f3:d0:a6:c4:f0:9c:29:ef:44:
18:36:5d:2c:4f:45:62:d3:73:1d:30:43:bf:12:6c:
52:32:03:e3:3d:cf:42:b9:bf:d6:ea:1e:ef:02:3c:
1d:2f:33:6b:c0:45:92:17:01:ae:5c:e5:61:ba:36:
c0:ac:bc:cc:76:a6:29:9f:34:bd:a5:ed:12:72:3b:
48:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:4C:30:A1:B0:4E:A5:69:45:2B:1A:93:C0:21:3D:A9:6F:B8:E2:76
X509v3 Authority Key Identifier:
keyid:41:F8:3D:21:73:4E:05:55:C7:A1:3C:48:56:1C:A0:B7:75:7A:6A:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qfg9IXNOBVXHoTxIVhygt3V6ago.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/737469-aa66-43df-9e94-70393f9f8ae3/1/9UwwobBOpWlFKxqTwCE9qW-44nY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/737469-aa66-43df-9e94-70393f9f8ae3/1/Qfg9IXNOBVXHoTxIVhygt3V6ago.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.187.204.0/22
Signature Algorithm: sha256WithRSAEncryption
02:6b:0c:e9:d9:3b:9f:c0:23:08:8e:be:8b:81:9c:4b:69:df:
a5:1c:8f:f6:38:9f:a3:7f:f6:0e:7a:95:86:2c:af:47:86:7f:
26:e4:ac:38:1f:0b:06:87:fd:fb:df:a5:1e:81:b5:be:cc:f0:
aa:8b:d2:9a:0f:e4:62:3e:fa:07:21:f0:15:3b:47:29:96:78:
50:53:33:1a:4b:e5:90:4b:13:51:3c:0c:7f:61:b5:fb:98:a2:
fa:73:fe:2b:d3:95:20:28:ba:63:b0:07:e8:b3:16:5b:a1:c9:
96:2a:71:85:8d:6a:8f:2e:7a:21:6a:5a:6f:d0:5e:96:cb:84:
e7:5c:4e:98:bd:09:c7:16:3e:58:36:e0:b6:10:ab:6c:6e:93:
33:fd:9c:c3:91:06:c0:c0:a7:20:9a:2e:0d:53:55:19:c9:bb:
ee:53:6e:ed:eb:08:7b:9e:34:cd:88:63:41:d6:f2:3b:1b:11:
cc:b4:ad:ef:f6:d1:da:40:41:50:81:ef:54:9e:a6:28:11:47:
39:57:b9:7e:4e:6f:6a:1b:2d:68:eb:66:d0:ca:77:22:d2:85:
85:54:01:f8:1f:74:23:9e:fa:7f:44:1c:0c:32:67:28:b1:39:
60:97:3d:08:ef:a2:8a:26:48:cc:75:d3:d5:b1:44:71:dd:e8:
a5:68:9b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+itdi3xtzlBCH++jU2KSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjgzZDIxNzM0ZTA1NTVjN2ExM2M0ODU2MWNhMGI3NzU3
YTZhMGEwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRjMzBhMWIwNGVhNTY5NDUyYjFhOTNjMDIxM2RhOTZmYjhlMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphIlilHucvKq1covZzlQSDhuvFwP
RYSJTZHf9AnvNJCzhH9jkr0hdVh8tGX2d1/gqggSwhTS80ymxTHOUNLUB6Y7Eivj
JRur5wobFrCFbGFapiCEubDR3Gtgknb+a3Jt93ZXjA8noPv2KKn36mAYqfYRdh0k
C5yl0L/ViiBW47fj+9Zm4nMeCJCOlioU3+t9N8oBNAE4cVeFhH1Zac/YK9k9Cb/c
8fEl2/9pmvYFFYZOLH+VuixgbPrz0KbE8Jwp70QYNl0sT0Vi03MdMEO/EmxSMgPj
Pc9Cub/W6h7vAjwdLzNrwEWSFwGuXOVhujbArLzMdqYpnzS9pe0ScjtILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVMMKGwTqVpRSsak8AhPalvuOJ2MB8GA1UdIwQY
MBaAFEH4PSFzTgVVx6E8SFYcoLd1emoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZnOUlYTk9CVlhIb1R4SVZoeWd0M1Y2YWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83Mzc0NjktYWE2Ni00M2RmLTllOTQt
NzAzOTNmOWY4YWUzLzEvOVV3d29iQk9wV2xGS3hxVHdDRTlxVy00NG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83Mzc0NjktYWE2Ni00M2RmLTllOTQtNzAzOTNmOWY4YWUz
LzEvUWZnOUlYTk9CVlhIb1R4SVZoeWd0M1Y2YWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubvMMA0G
CSqGSIb3DQEBCwUAA4IBAQACawzp2TufwCMIjr6LgZxLad+lHI/2OJ+jf/YOepWG
LK9Hhn8m5Kw4HwsGh/3736UegbW+zPCqi9KaD+RiPvoHIfAVO0cplnhQUzMaS+WQ
SxNRPAx/YbX7mKL6c/4r05UgKLpjsAfosxZbocmWKnGFjWqPLnohalpv0F6Wy4Tn
XE6YvQnHFj5YNuC2EKtsbpMz/ZzDkQbAwKcgmi4NU1UZybvuU27t6wh7njTNiGNB
1vI7GxHMtK3v9tHaQEFQge9UnqYoEUc5V7l+Tm9qGy1o62bQynci0oWFVAH4H3Qj
nvp/RBwMMmcosTlglz0I76KKJkjMddPVsURx3eilaJvU
-----END CERTIFICATE-----
Generated at Thu May 15 18:27:18 2025 by rpki-client