Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/0pl97zppIBxfZxlgHoJzIrFXL4k.roa
File: 0pl97zppIBxfZxlgHoJzIrFXL4k.roa (raw, json)
Hash identifier: lH+AY7+Jqdqaq0LtIXkddfxu6j6UPYQLuVk5uFS94G4=
Subject key identifier: D2:99:7D:EF:3A:69:20:1C:5F:67:19:60:1E:82:73:22:B1:57:2F:89
Certificate issuer: /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial: 01975A1F456299258FB3125A324174CDB280
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/0pl97zppIBxfZxlgHoJzIrFXL4k.roa
Signing time: Tue 10 Jun 2025 13:54:48 +0000
ROA not before: Tue 10 Jun 2025 13:54:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56971
IP address blocks: 45.11.92.0/24 maxlen: 32
45.11.93.0/24 maxlen: 32
45.11.94.0/24 maxlen: 32
45.145.6.0/24 maxlen: 32
45.145.7.0/24 maxlen: 32
45.152.84.0/24 maxlen: 32
45.152.86.0/24 maxlen: 32
45.154.1.0/24 maxlen: 32
45.154.2.0/24 maxlen: 32
45.154.3.0/24 maxlen: 32
193.43.72.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5a:1f:45:62:99:25:8f:b3:12:5a:32:41:74:cd:b2:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Validity
Not Before: Jun 10 13:54:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2997def3a69201c5f6719601e827322b1572f89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a1:58:c7:97:50:a7:8a:5a:eb:fa:9f:80:bf:
6e:78:96:e4:53:75:14:5b:1e:bd:bd:4c:b2:b6:17:
56:96:62:43:42:28:33:e9:5e:2f:b9:b8:59:db:e0:
d6:c4:0d:bf:b2:9c:05:72:2e:55:d8:2d:46:a8:2c:
6a:1b:47:88:a5:2a:54:64:22:a3:9c:07:9a:69:64:
0a:9f:87:63:69:4f:ca:fd:ee:fc:b5:71:a1:6f:ee:
ae:4d:91:f2:ae:99:b2:9c:cd:91:f1:9e:04:18:16:
f9:55:9b:a7:83:41:d7:7f:4d:da:c8:7f:09:28:19:
31:d1:49:18:ec:91:29:b6:ba:ed:ba:c2:b9:50:86:
9e:58:df:b4:79:be:b3:9f:02:37:64:a9:9e:52:80:
9b:19:d3:fa:a9:98:eb:1d:30:c5:5e:e8:1f:6d:95:
24:8f:f1:ff:b2:cb:92:63:96:7e:3e:36:47:a9:68:
c5:69:04:a7:01:a6:27:fa:df:aa:4b:a1:5a:21:7f:
c8:0d:e2:a3:63:aa:77:cb:e9:f9:7f:9d:96:50:b2:
86:b4:ad:78:91:b0:49:95:39:b9:b6:ba:8e:fe:dd:
a1:c8:97:a7:00:0a:ea:e3:1e:fa:8f:34:5a:e5:07:
ba:fe:5a:5a:8a:7e:76:8e:7d:27:5d:21:97:6b:a6:
64:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:99:7D:EF:3A:69:20:1C:5F:67:19:60:1E:82:73:22:B1:57:2F:89
X509v3 Authority Key Identifier:
keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/0pl97zppIBxfZxlgHoJzIrFXL4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.92.0-45.11.94.255
45.145.6.0/23
45.152.84.0/24
45.152.86.0/24
45.154.1.0-45.154.3.255
193.43.72.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:d2:ec:07:e5:2e:da:78:74:b6:80:f3:c1:e7:6e:7f:f0:39:
c2:57:69:ac:a9:52:3a:35:ff:e8:68:26:08:1e:16:ea:32:85:
bd:e1:3a:9d:ab:4d:2f:67:04:d1:6e:86:eb:8b:4b:52:88:0f:
2f:1a:68:3c:43:ee:99:d0:6e:e9:54:8b:55:63:65:1e:f5:b1:
79:e4:01:50:a2:20:18:62:ca:77:0b:fc:77:f4:f0:f4:14:5c:
fe:d3:72:2e:9b:de:cf:39:b7:d8:c1:e9:61:55:44:7d:c7:0f:
47:53:2c:18:2a:b5:6c:98:e9:39:b4:ec:a3:ef:1c:5a:a3:e6:
59:61:1b:14:8c:86:a9:9f:4c:fc:59:4d:11:6b:ac:48:1c:47:
a1:fa:bb:6e:e3:18:1c:8c:b9:61:19:bd:c6:4c:67:73:65:db:
a0:45:c0:3e:c1:0b:fb:d0:fd:aa:cf:5f:02:da:82:9d:6c:a1:
b2:f2:fc:da:9a:c9:dc:12:93:7c:da:2c:42:e8:44:3f:bb:a0:
8a:17:af:8a:dc:14:0f:0a:23:c1:6e:8d:a4:7d:c4:2f:f7:80:
e3:3a:00:53:97:c0:8d:5e:ea:bd:b9:0e:9d:dc:11:a1:4e:9c:
f7:2a:82:3e:67:a3:58:d1:41:d2:5c:0c:9f:fd:7e:7e:c3:eb:
0e:c9:6f:e8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZdaH0VimSWPsxJaMkF0zbKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjUwNjEwMTM1NDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjk5N2RlZjNhNjkyMDFjNWY2NzE5NjAxZTgyNzMyMmIxNTcyZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qFYx5dQp4pa6/qfgL9ueJbkU3UU
Wx69vUyythdWlmJDQigz6V4vubhZ2+DWxA2/spwFci5V2C1GqCxqG0eIpSpUZCKj
nAeaaWQKn4djaU/K/e78tXGhb+6uTZHyrpmynM2R8Z4EGBb5VZung0HXf03ayH8J
KBkx0UkY7JEptrrtusK5UIaeWN+0eb6znwI3ZKmeUoCbGdP6qZjrHTDFXugfbZUk
j/H/ssuSY5Z+PjZHqWjFaQSnAaYn+t+qS6FaIX/IDeKjY6p3y+n5f52WULKGtK14
kbBJlTm5trqO/t2hyJenAArq4x76jzRa5Qe6/lpain52jn0nXSGXa6Zk1wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFNKZfe86aSAcX2cZYB6CcyKxVy+JMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvMHBsOTd6cHBJQnhmWnhsZ0hvSnpJckZYTDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAItC1wD
BAAtC14DBAEtkQYDBAAtmFQDBAAtmFYwDAMEAC2aAQMEAi2aAAMEAMErSDANBgkq
hkiG9w0BAQsFAAOCAQEAb9LsB+Uu2nh0toDzweduf/A5wldprKlSOjX/6GgmCB4W
6jKFveE6natNL2cE0W6G64tLUogPLxpoPEPumdBu6VSLVWNlHvWxeeQBUKIgGGLK
dwv8d/Tw9BRc/tNyLpvezzm32MHpYVVEfccPR1MsGCq1bJjpObTso+8cWqPmWWEb
FIyGqZ9M/FlNEWusSBxHofq7buMYHIy5YRm9xkxnc2XboEXAPsEL+9D9qs9fAtqC
nWyhsvL82prJ3BKTfNosQuhEP7ugihevitwUDwojwW6NpH3EL/eA4zoAU5fAjV7q
vbkOndwRoU6c9yqCPmejWNFB0lwMn/1+fsPrDslv6A==
-----END CERTIFICATE-----
Generated at Sun Jun 15 04:02:58 2025 by rpki-client