Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/cbEbwkmKS6KRBH5homKUwzMUDEo.roa
File: cbEbwkmKS6KRBH5homKUwzMUDEo.roa (raw, json)
Hash identifier: M5wA6IgyVCMXp8AUKczPS8K/K3C056uZQzIxSk715Uo=
Subject key identifier: 71:B1:1B:C2:49:8A:4B:A2:91:04:7E:61:A2:62:94:C3:33:14:0C:4A
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 01956703D7E7B29B6DBDF45B394EA12F6B05
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/cbEbwkmKS6KRBH5homKUwzMUDEo.roa
Signing time: Wed 05 Mar 2025 15:54:19 +0000
ROA not before: Wed 05 Mar 2025 15:54:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212983
IP address blocks: 151.216.38.0/24 maxlen: 24
2001:7fc:7::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:67:03:d7:e7:b2:9b:6d:bd:f4:5b:39:4e:a1:2f:6b:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Mar 5 15:54:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71b11bc2498a4ba291047e61a26294c333140c4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:29:d1:c2:62:62:d0:a7:8c:a2:e5:5f:79:4e:
a9:c7:2f:18:a8:19:38:b4:b1:50:ed:24:37:43:14:
ad:5b:1b:5a:6e:e4:80:d4:37:7a:ce:01:a6:17:e6:
e3:94:18:29:d6:61:e2:d5:aa:21:04:c1:fd:88:ab:
1f:35:21:4a:54:d5:09:c6:eb:c9:e6:4d:4d:e7:9f:
99:a6:04:9e:29:c8:c7:6e:f5:70:5f:58:b0:8a:5e:
d4:48:3b:76:79:c4:0f:48:28:4d:57:23:bf:5b:c3:
a6:60:4c:6d:29:89:e3:37:2d:c6:7a:2f:71:d8:7d:
e8:23:5c:0d:56:90:e8:b3:d3:8f:4c:5f:71:61:81:
b2:98:0c:ec:21:16:26:ca:cb:4b:16:b0:c8:61:ea:
05:9f:30:ce:b0:30:a0:03:a4:58:81:ee:f1:1b:cb:
b4:38:36:d1:01:65:52:86:8b:83:7f:e3:d5:b5:2a:
c4:f4:38:68:a0:0a:d0:47:2e:ec:9d:f0:99:95:42:
77:3e:a0:a3:4d:b1:72:34:e8:96:ce:18:01:9a:69:
30:e0:b8:5e:d1:30:8d:87:74:f2:8d:b4:87:56:cf:
df:d2:cf:80:a2:e0:7c:01:f5:60:21:89:de:ec:33:
45:a2:da:61:74:8d:2b:49:c0:06:c5:6f:a0:f2:36:
83:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:B1:1B:C2:49:8A:4B:A2:91:04:7E:61:A2:62:94:C3:33:14:0C:4A
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/cbEbwkmKS6KRBH5homKUwzMUDEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.38.0/24
IPv6:
2001:7fc:7::/48
Signature Algorithm: sha256WithRSAEncryption
35:e6:df:bf:e0:64:ea:c3:2f:45:c5:80:df:81:a1:c8:b8:cc:
2c:04:54:84:49:12:43:f2:fa:05:f2:91:26:63:a0:31:a9:f4:
eb:76:ee:62:a1:4b:78:20:2e:b8:7a:03:79:2b:ce:19:f4:d0:
4a:29:63:3e:16:7e:41:25:3a:7f:90:1a:d7:5c:93:73:91:23:
5d:63:21:2b:6c:e4:f1:d5:7b:18:fd:9f:5e:e7:05:7a:cc:cf:
90:f5:38:7d:01:24:57:0e:50:76:18:99:ba:dd:5f:cf:df:8c:
82:4c:fd:a7:29:cc:53:87:a7:ec:f7:74:47:63:04:83:46:47:
f4:37:b5:0f:53:6a:1e:7e:71:6e:3e:fa:b1:cf:c1:5a:6f:21:
d3:32:56:a5:25:e9:43:85:a9:f4:ba:58:51:19:52:bc:d9:aa:
24:78:0a:56:64:9f:7e:df:8d:df:98:17:34:2a:b3:94:b2:00:
d0:9b:34:67:d7:29:e9:d4:34:97:75:c4:f7:05:d6:d0:db:2f:
0d:f2:4d:df:a8:d3:29:a4:37:30:b0:2d:e6:ec:42:d3:18:bb:
36:d1:dc:0e:5b:ba:6d:30:0e:6c:bb:f0:7f:1e:57:60:ce:e7:
3f:13:3d:c9:2f:25:bb:93:a8:32:e7:90:2f:6b:39:3b:03:a3:
c1:5e:58:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVnA9fnspttvfRbOU6hL2sFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwMzA1MTU1NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWIxMWJjMjQ5OGE0YmEyOTEwNDdlNjFhMjYyOTRjMzMzMTQwYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCnRwmJi0KeMouVfeU6pxy8YqBk4
tLFQ7SQ3QxStWxtabuSA1Dd6zgGmF+bjlBgp1mHi1aohBMH9iKsfNSFKVNUJxuvJ
5k1N55+ZpgSeKcjHbvVwX1iwil7USDt2ecQPSChNVyO/W8OmYExtKYnjNy3Gei9x
2H3oI1wNVpDos9OPTF9xYYGymAzsIRYmystLFrDIYeoFnzDOsDCgA6RYge7xG8u0
ODbRAWVShouDf+PVtSrE9DhooArQRy7snfCZlUJ3PqCjTbFyNOiWzhgBmmkw4Lhe
0TCNh3TyjbSHVs/f0s+AouB8AfVgIYne7DNFotphdI0rScAGxW+g8jaDhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHGxG8JJikuikQR+YaJilMMzFAxKMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvY2JFYndrbUtTNktSQkg1aG9tS1V3ek1VREVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9gmMA8E
AgACMAkDBwAgAQf8AAcwDQYJKoZIhvcNAQELBQADggEBADXm37/gZOrDL0XFgN+B
oci4zCwEVIRJEkPy+gXykSZjoDGp9Ot27mKhS3ggLrh6A3krzhn00EopYz4WfkEl
On+QGtdck3ORI11jISts5PHVexj9n17nBXrMz5D1OH0BJFcOUHYYmbrdX8/fjIJM
/acpzFOHp+z3dEdjBINGR/Q3tQ9Tah5+cW4++rHPwVpvIdMyVqUl6UOFqfS6WFEZ
UrzZqiR4ClZkn37fjd+YFzQqs5SyANCbNGfXKenUNJd1xPcF1tDbLw3yTd+o0ymk
NzCwLebsQtMYuzbR3A5bum0wDmy78H8eV2DO5z8TPckvJbuTqDLnkC9rOTsDo8Fe
WHI=
-----END CERTIFICATE-----
Generated at Mon Apr 28 16:02:01 2025 by rpki-client