Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/KfE3WshBYj0K5CgrGZLLgN4D7Ik.roa
File: KfE3WshBYj0K5CgrGZLLgN4D7Ik.roa (raw, json)
Hash identifier: hequOBVDCQuupT56xC1eotYDPdWhxTDumspSA20ve/A=
Subject key identifier: 29:F1:37:5A:C8:41:62:3D:0A:E4:28:2B:19:92:CB:80:DE:03:EC:89
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 0195668CD3AED885E331BED7FB20264E95DF
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/KfE3WshBYj0K5CgrGZLLgN4D7Ik.roa
Signing time: Wed 05 Mar 2025 13:44:20 +0000
ROA not before: Wed 05 Mar 2025 13:44:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212993
IP address blocks: 151.216.36.0/24 maxlen: 24
2001:7fc:5::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:8c:d3:ae:d8:85:e3:31:be:d7:fb:20:26:4e:95:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 13:44:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=29f1375ac841623d0ae4282b1992cb80de03ec89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b0:74:cf:d2:a2:4e:2c:a6:a9:9d:cf:00:b0:
82:ab:1e:de:49:09:a2:36:90:84:6d:3c:13:48:b9:
69:0c:fa:9c:6f:b1:4b:cb:fd:4f:2b:c5:f6:36:7f:
65:ab:15:1f:08:8e:48:bd:37:8d:83:df:b0:86:77:
6a:92:df:8a:92:e6:30:a1:25:e4:de:6a:6b:3f:ff:
22:13:a6:04:7a:87:46:08:c5:fc:d5:f3:96:fb:60:
b6:9d:51:57:d1:2e:88:e7:10:d6:9f:f9:59:9f:76:
d3:ac:b8:0b:ee:53:e0:3c:e3:75:68:6e:11:b7:b7:
98:2d:a4:dc:29:4a:d0:87:33:b0:6e:d6:8b:14:a1:
ba:b6:56:b1:a1:7e:3b:4c:89:87:f6:aa:d0:85:d8:
cc:c5:a1:33:25:cd:b9:ae:3e:0a:23:31:c1:09:b0:
0d:16:b7:76:6c:f9:58:f3:a0:34:9d:04:fe:88:6c:
88:e5:9a:ac:f4:1d:9a:3c:f6:fe:84:e6:a5:65:0a:
40:fa:bc:5f:88:dc:56:fd:f4:36:8f:ca:c9:89:74:
5a:3e:ea:1e:44:74:d1:39:9d:1b:d2:12:27:3a:65:
69:8b:f9:71:5d:cd:f4:b2:c8:77:7e:37:9f:0e:e7:
76:3f:75:53:65:9d:9a:9a:8c:26:7c:2e:16:62:82:
05:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F1:37:5A:C8:41:62:3D:0A:E4:28:2B:19:92:CB:80:DE:03:EC:89
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/KfE3WshBYj0K5CgrGZLLgN4D7Ik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.36.0/24
IPv6:
2001:7fc:5::/48
Signature Algorithm: sha256WithRSAEncryption
7a:d3:4e:b9:90:52:a1:09:2e:db:19:a1:fa:07:1d:07:bb:92:
f8:50:e6:00:e3:ca:20:c3:60:0a:2e:42:99:57:70:01:a6:1b:
60:cb:59:1c:cb:60:65:ec:f8:91:3d:a2:c3:01:6b:94:aa:90:
fe:16:aa:98:3b:3f:2e:7e:16:37:c3:04:7d:e6:c3:7a:64:ff:
99:f5:2c:17:53:3c:cb:f8:ba:6e:29:72:8c:67:4a:54:df:ce:
89:a1:ba:0f:75:d3:39:57:89:88:05:c4:9a:5f:09:3d:82:df:
8e:41:16:fc:dd:9f:c7:c5:94:d0:b2:84:1e:db:21:01:03:65:
81:e7:9b:30:6f:e7:3d:9d:0a:52:32:86:93:a5:29:bb:ef:8b:
06:a3:8f:a9:62:c0:9e:f2:b1:0d:50:83:02:3a:b1:83:f8:ce:
b2:3f:fa:31:b8:cd:a6:42:21:e9:fe:3d:79:56:d0:c8:6d:06:
85:8d:ba:6a:cb:33:c9:a4:24:dd:ff:9f:00:c6:1b:49:3c:ce:
92:ff:9c:65:16:c5:83:35:9b:34:c2:de:f3:13:80:af:29:5b:
2e:ce:74:0b:76:60:23:f9:25:d1:e1:55:36:a2:b5:d0:bf:78:
fb:37:49:89:b4:a5:b6:03:54:c8:3b:16:77:b1:8e:68:77:c9:
25:2a:4f:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVmjNOu2IXjMb7X+yAmTpXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTM0NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYxMzc1YWM4NDE2MjNkMGFlNDI4MmIxOTkyY2I4MGRlMDNlYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7B0z9KiTiymqZ3PALCCqx7eSQmi
NpCEbTwTSLlpDPqcb7FLy/1PK8X2Nn9lqxUfCI5IvTeNg9+whndqkt+KkuYwoSXk
3mprP/8iE6YEeodGCMX81fOW+2C2nVFX0S6I5xDWn/lZn3bTrLgL7lPgPON1aG4R
t7eYLaTcKUrQhzOwbtaLFKG6tlaxoX47TImH9qrQhdjMxaEzJc25rj4KIzHBCbAN
Frd2bPlY86A0nQT+iGyI5Zqs9B2aPPb+hOalZQpA+rxfiNxW/fQ2j8rJiXRaPuoe
RHTROZ0b0hInOmVpi/lxXc30ssh3fjefDud2P3VTZZ2amowmfC4WYoIFqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCnxN1rIQWI9CuQoKxmSy4DeA+yJMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvS2ZFM1dzaEJZajBLNUNnckdaTExnTjREN0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9gkMA8E
AgACMAkDBwAgAQf8AAUwDQYJKoZIhvcNAQELBQADggEBAHrTTrmQUqEJLtsZofoH
HQe7kvhQ5gDjyiDDYAouQplXcAGmG2DLWRzLYGXs+JE9osMBa5SqkP4Wqpg7Py5+
FjfDBH3mw3pk/5n1LBdTPMv4um4pcoxnSlTfzomhug910zlXiYgFxJpfCT2C345B
Fvzdn8fFlNCyhB7bIQEDZYHnmzBv5z2dClIyhpOlKbvviwajj6liwJ7ysQ1QgwI6
sYP4zrI/+jG4zaZCIen+PXlW0MhtBoWNumrLM8mkJN3/nwDGG0k8zpL/nGUWxYM1
mzTC3vMTgK8pWy7OdAt2YCP5JdHhVTaitdC/ePs3SYm0pbYDVMg7Fnexjmh3ySUq
T04=
-----END CERTIFICATE-----
Generated at Mon Apr 28 09:08:37 2025 by rpki-client