Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/96yRQrxPvvT0ZKqWTshvN5b3rCU.roa
File: 96yRQrxPvvT0ZKqWTshvN5b3rCU.roa (raw, json)
Hash identifier: LYa+e5Xg2WV7IojpbLHGNxWizf61D+mssMW1VtFYoDE=
Subject key identifier: F7:AC:91:42:BC:4F:BE:F4:F4:64:AA:96:4E:C8:6F:37:96:F7:AC:25
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 018BE281D55EEF95376CFB22B843C3D0F940
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/96yRQrxPvvT0ZKqWTshvN5b3rCU.roa
Signing time: Sat 18 Nov 2023 12:57:21 +0000
ROA not before: Sat 18 Nov 2023 12:57:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209139
IP address blocks: 141.105.130.0/24 maxlen: 24
141.105.137.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:e2:81:d5:5e:ef:95:37:6c:fb:22:b8:43:c3:d0:f9:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Nov 18 12:57:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f7ac9142bc4fbef4f464aa964ec86f3796f7ac25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:a8:09:39:ac:84:44:06:82:a5:67:0d:b0:14:
8d:8a:2f:0f:a0:a1:e9:a0:f9:8c:1c:c4:da:dc:d6:
22:82:ce:85:86:66:dd:b9:f9:f7:b6:71:c8:8b:b9:
3d:a4:b2:2c:6b:68:13:be:8e:90:c4:4d:4e:dd:c7:
59:79:fb:59:fe:aa:be:e1:aa:58:99:73:68:04:be:
6e:2b:1a:08:ee:9b:7c:e5:51:74:67:92:0d:cc:d4:
9a:bc:82:cd:00:99:6c:31:5b:43:70:38:9e:03:bb:
f0:31:10:45:4a:dc:da:b5:ff:e3:42:b9:c1:f1:24:
7f:d2:20:3e:05:92:94:e4:fe:17:2e:d7:cd:08:d5:
93:5f:08:6c:55:2e:9d:64:8b:84:35:64:d5:02:dd:
2c:16:8f:1c:89:a9:56:c3:18:b8:bf:33:b7:9d:d8:
e4:56:18:f4:64:0d:de:9b:15:ff:d3:f6:04:7c:19:
76:12:f9:c5:23:51:e1:e3:bf:91:83:01:6d:ef:8e:
97:89:35:40:49:7b:34:8d:4a:a9:d3:18:d2:e1:d5:
53:20:be:8c:56:e4:99:2a:d0:bf:07:8a:62:c5:0a:
86:5e:06:b1:e9:b5:1e:39:68:83:b0:62:e0:ee:12:
41:00:dc:94:0e:ed:45:41:67:44:a8:4e:10:19:ac:
8f:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:AC:91:42:BC:4F:BE:F4:F4:64:AA:96:4E:C8:6F:37:96:F7:AC:25
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/96yRQrxPvvT0ZKqWTshvN5b3rCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.130.0/24
141.105.137.0/24
Signature Algorithm: sha256WithRSAEncryption
89:73:75:29:3d:b3:16:b1:b9:cd:29:5f:a1:d3:70:87:9b:ee:
2d:2a:4f:db:42:2d:1a:b8:87:ed:22:6f:ad:66:fc:d5:53:0c:
9d:a1:a4:c2:fc:55:e1:f9:cf:ed:6a:c9:92:c8:f0:ab:bc:9b:
e9:87:61:29:67:c0:60:b4:bd:9f:70:cd:63:18:1a:47:24:6b:
94:98:6d:e1:d1:fa:f7:78:21:77:a4:f3:c3:7f:b8:10:6a:80:
be:60:d9:59:ed:84:f3:d5:7b:90:fe:98:70:ed:33:5c:ae:58:
29:47:f8:52:e7:95:02:8f:96:b5:25:d9:01:bb:91:a4:ca:d2:
bf:12:61:4c:af:73:7b:6b:9b:70:46:6d:38:29:2b:55:7c:2b:
89:f1:07:e4:77:c2:18:d5:35:42:60:75:9c:a8:75:6e:99:20:
f7:53:2a:b6:c6:31:98:53:4f:c1:8d:8a:d1:dc:e3:50:f6:2c:
41:1b:d3:24:dc:66:58:7e:2d:c4:15:bf:c5:2c:75:e8:79:e3:
eb:e6:fa:3e:ec:98:2c:05:e5:a6:87:99:9a:8b:87:ae:94:03:
fc:fe:04:be:35:8d:58:00:09:b6:58:42:e1:b5:60:e1:2e:3f:
8e:61:7e:12:3b:30:6e:14:8b:8c:6a:f2:cc:08:42:fd:7a:8d:
6f:c5:a0:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYvigdVe75U3bPsiuEPD0PlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjMxMTE4MTI1NzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2FjOTE0MmJjNGZiZWY0ZjQ2NGFhOTY0ZWM4NmYzNzk2ZjdhYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6gJOayERAaCpWcNsBSNii8PoKHp
oPmMHMTa3NYigs6Fhmbdufn3tnHIi7k9pLIsa2gTvo6QxE1O3cdZeftZ/qq+4apY
mXNoBL5uKxoI7pt85VF0Z5INzNSavILNAJlsMVtDcDieA7vwMRBFStzatf/jQrnB
8SR/0iA+BZKU5P4XLtfNCNWTXwhsVS6dZIuENWTVAt0sFo8cialWwxi4vzO3ndjk
Vhj0ZA3emxX/0/YEfBl2EvnFI1Hh47+RgwFt746XiTVASXs0jUqp0xjS4dVTIL6M
VuSZKtC/B4pixQqGXgax6bUeOWiDsGLg7hJBANyUDu1FQWdEqE4QGayPmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPeskUK8T7709GSqlk7IbzeW96wlMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvOTZ5UlFyeFB2dlQwWktxV1RzaHZONWIzckNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjWmCAwQA
jWmJMA0GCSqGSIb3DQEBCwUAA4IBAQCJc3UpPbMWsbnNKV+h03CHm+4tKk/bQi0a
uIftIm+tZvzVUwydoaTC/FXh+c/tasmSyPCrvJvph2EpZ8BgtL2fcM1jGBpHJGuU
mG3h0fr3eCF3pPPDf7gQaoC+YNlZ7YTz1XuQ/phw7TNcrlgpR/hS55UCj5a1JdkB
u5GkytK/EmFMr3N7a5twRm04KStVfCuJ8Qfkd8IY1TVCYHWcqHVumSD3Uyq2xjGY
U0/BjYrR3ONQ9ixBG9Mk3GZYfi3EFb/FLHXoeePr5vo+7JgsBeWmh5mai4eulAP8
/gS+NY1YAAm2WELhtWDhLj+OYX4SOzBuFIuMavLMCEL9eo1vxaA2
-----END CERTIFICATE-----
Generated at Tue Jun 17 01:30:59 2025 by rpki-client