Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/_8GisSrM6yndiurzZ3GC0QRkXrw.roa
File: _8GisSrM6yndiurzZ3GC0QRkXrw.roa (raw, json)
Hash identifier: QM6Fj+dFVR234tP326ohpCbUJPzr3fJPyODPlHL7viM=
Subject key identifier: FF:C1:A2:B1:2A:CC:EB:29:DD:8A:EA:F3:67:71:82:D1:04:64:5E:BC
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 081F77EA
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/_8GisSrM6yndiurzZ3GC0QRkXrw.roa
Signing time: Fri 04 Mar 2022 12:43:49 +0000
ROA not before: Fri 04 Mar 2022 12:43:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31008
IP address blocks: 217.168.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 136280042 (0x81f77ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Mar 4 12:43:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ffc1a2b12acceb29dd8aeaf3677182d104645ebc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:21:55:42:05:ec:68:da:83:cc:ce:d4:63:bc:
53:d3:1a:3e:02:32:5d:e7:e3:41:04:13:07:be:b7:
09:bc:56:64:76:b8:75:8f:35:4f:9f:5d:96:87:9f:
bf:4f:34:d3:a4:10:29:8e:29:8d:38:ac:e7:3c:bd:
15:50:07:ae:7f:0d:fc:63:7d:a1:9a:b8:ef:71:55:
67:f4:ca:3f:59:2f:b1:4e:fd:9b:31:3a:d9:76:c5:
e8:2b:c5:c9:77:77:33:97:a1:6d:19:2f:db:b9:56:
e3:0b:56:9e:91:ee:46:a7:ea:04:1f:44:6c:c8:69:
c1:1e:ee:94:25:2a:e4:e3:53:48:c7:42:02:7f:bb:
b6:b9:ca:0a:5e:15:88:e5:a4:33:19:77:82:0b:19:
b7:9d:96:15:a7:b4:8c:5b:85:8f:ea:8b:88:aa:ae:
fe:03:21:1d:02:f6:3b:01:67:10:bb:f1:a4:a6:07:
4c:5b:d6:bf:2d:a2:6c:99:af:90:8f:70:f7:d9:78:
63:29:2f:95:08:e7:91:2a:2b:18:b4:c2:50:9e:40:
19:31:e9:ff:54:91:b7:5b:aa:29:ad:3c:f7:5d:8f:
36:42:cc:27:36:e2:65:b6:ab:13:3a:57:8b:b4:2e:
85:8f:42:08:96:ba:5f:e1:cc:2b:71:c1:d2:56:f2:
22:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:C1:A2:B1:2A:CC:EB:29:DD:8A:EA:F3:67:71:82:D1:04:64:5E:BC
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/_8GisSrM6yndiurzZ3GC0QRkXrw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
95:96:53:cb:af:92:11:d3:81:27:10:0f:38:e1:3e:dd:c5:10:
28:7b:90:71:65:f1:a2:e1:1a:3e:99:08:3b:2b:f6:40:76:78:
a9:18:1d:d6:b2:e4:b7:ab:c4:7d:56:d4:c8:8a:2a:c7:7a:0f:
7f:8a:f7:53:94:21:3b:74:ac:4b:9f:c3:99:c3:5c:a5:02:79:
78:21:28:df:af:48:b2:50:68:3d:42:bc:67:75:3e:0d:b8:51:
f9:15:6b:3a:e7:52:3c:de:4a:d3:ed:26:f0:ea:e8:5b:46:ca:
40:42:a4:45:92:54:f1:33:01:62:b2:13:d9:f9:ef:0f:a2:f7:
a7:a7:3b:3c:17:80:ba:a6:50:e5:dd:68:f8:05:be:4f:c5:8f:
11:fe:7a:03:88:78:27:4a:bf:6b:b1:91:d4:33:2d:c1:15:3a:
74:e8:de:3c:e4:bd:c4:95:f0:ac:af:a5:1f:3a:e5:3a:9d:0c:
85:a2:16:e6:9f:33:8d:82:dc:fb:b7:37:57:41:e9:be:0e:12:
f3:e7:c6:05:b3:47:28:15:4e:74:ac:e3:eb:2e:b7:fa:ba:f1:
fc:85:c4:77:7d:f3:1b:2e:60:c0:40:1e:f7:76:8a:93:41:27:
76:21:b4:d9:d0:a1:70:37:ac:aa:af:51:1f:6b:12:81:90:bc:
bb:93:c2:19
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECB936jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTBjM2NmM2RjNTNjYTU0OWMwM2U0ZjVmNDZkOTFjZTkwYjhlMDcwMB4XDTIyMDMw
NDEyNDM0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmZjMWEyYjEyYWNj
ZWIyOWRkOGFlYWYzNjc3MTgyZDEwNDY0NWViYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMkhVUIF7Gjag8zO1GO8U9MaPgIyXefjQQQTB763CbxWZHa4
dY81T59dloefv08006QQKY4pjTis5zy9FVAHrn8N/GN9oZq473FVZ/TKP1kvsU79
mzE62XbF6CvFyXd3M5ehbRkv27lW4wtWnpHuRqfqBB9EbMhpwR7ulCUq5ONTSMdC
An+7trnKCl4ViOWkMxl3ggsZt52WFae0jFuFj+qLiKqu/gMhHQL2OwFnELvxpKYH
TFvWvy2ibJmvkI9w99l4YykvlQjnkSorGLTCUJ5AGTHp/1SRt1uqKa08912PNkLM
JzbiZbarEzpXi7QuhY9CCJa6X+HMK3HB0lbyIrcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT/waKxKszrKd2K6vNncYLRBGRevDAfBgNVHSMEGDAWgBSxDDzz3FPKVJwD
5PX0bZHOkLjgcDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NRdzg4OXhUeWxTY0EtVDE5RzJSenBDNDRIQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmUvMjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8x
L184R2lzU3JNNnluZGl1cnpaM0dDMFFSa1hydy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUv
MjVjZGI0LWU1MDgtNGIzNy04MWJjLTM2ZjgyYmQzNzliZC8xL3NRdzg4OXhUeWxT
Y0EtVDE5RzJSenBDNDRIQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmo9zANBgkqhkiG9w0BAQsFAAOC
AQEAlZZTy6+SEdOBJxAPOOE+3cUQKHuQcWXxouEaPpkIOyv2QHZ4qRgd1rLkt6vE
fVbUyIoqx3oPf4r3U5QhO3SsS5/DmcNcpQJ5eCEo369IslBoPUK8Z3U+DbhR+RVr
OudSPN5K0+0m8OroW0bKQEKkRZJU8TMBYrIT2fnvD6L3p6c7PBeAuqZQ5d1o+AW+
T8WPEf56A4h4J0q/a7GR1DMtwRU6dOjePOS9xJXwrK+lHzrlOp0MhaIW5p8zjYLc
+7c3V0Hpvg4S8+fGBbNHKBVOdKzj6y63+rrx/IXEd33zGy5gwEAe93aKk0EndiG0
2dChcDesqq9RH2sSgZC8u5PCGQ==
-----END CERTIFICATE-----
Generated at Fri May 16 02:44:39 2025 by rpki-client