Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/MVO83KOq5PxtLlDqJyjJ3jiceHQ.roa
File: MVO83KOq5PxtLlDqJyjJ3jiceHQ.roa (raw, json)
Hash identifier: NmUK+6fS9vN12iiZEc6cqIH8ypHGBSox5JOc8o3dazw=
Subject key identifier: 31:53:BC:DC:A3:AA:E4:FC:6D:2E:50:EA:27:28:C9:DE:38:9C:78:74
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 0195664CBCDFEB9FB58FFC8AA6D38031CF0D
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/MVO83KOq5PxtLlDqJyjJ3jiceHQ.roa
Signing time: Wed 05 Mar 2025 12:34:19 +0000
ROA not before: Wed 05 Mar 2025 12:34:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213010
IP address blocks: 151.216.33.0/24 maxlen: 24
2001:7fc:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:4c:bc:df:eb:9f:b5:8f:fc:8a:a6:d3:80:31:cf:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 12:34:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3153bcdca3aae4fc6d2e50ea2728c9de389c7874
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:18:72:27:d3:c0:4d:b9:05:01:b4:c7:f9:bd:
60:3c:61:c2:f8:71:7b:35:cb:af:27:fc:f4:c8:52:
93:9a:fe:b5:4e:b7:c6:7d:c9:03:4c:fe:c6:25:68:
1b:e3:a6:3c:00:a3:b0:6e:7a:2f:63:7c:3c:60:f0:
d8:b5:10:7e:86:4a:76:12:44:a5:c4:ff:d0:d8:e7:
28:3b:1f:08:a6:cb:70:34:a4:81:31:fa:5a:31:2a:
65:50:98:52:4d:41:e0:e2:eb:fd:d1:fb:2d:cc:26:
3e:78:f5:ff:f2:16:26:ad:3e:ee:e8:9f:7f:c9:72:
c2:a8:31:d2:09:fd:c3:5e:d9:49:de:09:3b:28:e7:
a7:98:5e:ee:a8:61:a2:22:f8:e1:2e:ea:66:25:d5:
fa:7b:79:42:9e:44:aa:64:9b:d4:c7:18:55:f4:6f:
af:98:9f:77:b0:2f:9b:8a:33:1d:06:c4:5d:04:76:
08:25:a7:a9:03:7b:23:91:44:92:92:2b:5a:ed:f0:
e4:63:90:d7:34:89:02:14:33:4c:37:c9:df:d8:37:
02:48:3a:12:a8:2a:f7:b6:01:22:36:c0:40:d3:0d:
5b:09:ce:00:a6:0f:d9:e0:ff:d5:37:7c:c9:9b:83:
d4:25:13:6f:22:3a:9f:99:34:d0:a8:21:c6:e6:3c:
4a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:53:BC:DC:A3:AA:E4:FC:6D:2E:50:EA:27:28:C9:DE:38:9C:78:74
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/MVO83KOq5PxtLlDqJyjJ3jiceHQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.33.0/24
IPv6:
2001:7fc:2::/48
Signature Algorithm: sha256WithRSAEncryption
14:32:f3:d1:19:9c:9a:d8:2f:8c:83:45:a9:a6:cf:5c:4c:a9:
79:5e:24:31:56:58:28:2b:00:8f:4c:42:f6:28:fd:0c:2a:bf:
9d:9a:48:8a:fd:a9:cc:cc:12:6b:86:47:53:e9:e5:ba:c9:ac:
57:50:21:a7:ea:f0:2d:c5:36:c3:46:79:f1:f7:0c:d2:d0:40:
ed:60:1b:c6:5e:12:a2:26:31:1b:b6:4a:84:c8:c8:2b:fa:17:
06:c7:d0:c4:1e:09:1e:52:d9:c0:e4:38:de:a4:b1:42:4e:f4:
54:39:5c:d8:ec:b4:1a:19:35:6b:d6:42:4a:28:6c:57:36:63:
27:de:a2:23:55:16:89:c0:fa:13:f2:05:77:4d:24:dc:b7:e7:
55:ce:0a:01:7a:4e:0c:bf:90:b7:d3:2a:da:52:f3:d1:bd:85:
64:2c:11:3e:da:b4:dd:3f:e1:9f:72:7c:1c:0d:b2:1c:b6:b2:
5f:9b:e6:bf:10:75:68:84:09:21:43:b0:3b:d0:74:cf:84:8c:
91:89:56:f9:b6:0c:aa:40:78:fc:ef:1c:14:cb:5b:dd:d9:a2:
e2:a6:d3:51:6d:40:66:29:dd:7e:0a:3f:90:63:e6:d9:fd:7b:
e2:81:e7:98:b8:4a:52:0d:a7:1f:c2:38:7c:97:35:e9:a7:68:
fd:da:93:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVmTLzf65+1j/yKptOAMc8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTIzNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTUzYmNkY2EzYWFlNGZjNmQyZTUwZWEyNzI4YzlkZTM4OWM3ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxhyJ9PATbkFAbTH+b1gPGHC+HF7
NcuvJ/z0yFKTmv61TrfGfckDTP7GJWgb46Y8AKOwbnovY3w8YPDYtRB+hkp2EkSl
xP/Q2OcoOx8IpstwNKSBMfpaMSplUJhSTUHg4uv90fstzCY+ePX/8hYmrT7u6J9/
yXLCqDHSCf3DXtlJ3gk7KOenmF7uqGGiIvjhLupmJdX6e3lCnkSqZJvUxxhV9G+v
mJ93sC+bijMdBsRdBHYIJaepA3sjkUSSkita7fDkY5DXNIkCFDNMN8nf2DcCSDoS
qCr3tgEiNsBA0w1bCc4Apg/Z4P/VN3zJm4PUJRNvIjqfmTTQqCHG5jxK9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDFTvNyjquT8bS5Q6icoyd44nHh0MB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvTVZPODNLT3E1UHh0TGxEcUp5akozamljZUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9ghMA8E
AgACMAkDBwAgAQf8AAIwDQYJKoZIhvcNAQELBQADggEBABQy89EZnJrYL4yDRamm
z1xMqXleJDFWWCgrAI9MQvYo/Qwqv52aSIr9qczMEmuGR1Pp5brJrFdQIafq8C3F
NsNGefH3DNLQQO1gG8ZeEqImMRu2SoTIyCv6FwbH0MQeCR5S2cDkON6ksUJO9FQ5
XNjstBoZNWvWQkoobFc2YyfeoiNVFonA+hPyBXdNJNy351XOCgF6Tgy/kLfTKtpS
89G9hWQsET7atN0/4Z9yfBwNshy2sl+b5r8QdWiECSFDsDvQdM+EjJGJVvm2DKpA
ePzvHBTLW93ZouKm01FtQGYp3X4KP5Bj5tn9e+KB55i4SlINpx/COHyXNemnaP3a
kz8=
-----END CERTIFICATE-----
Generated at Mon Apr 28 22:02:47 2025 by rpki-client