Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/7ciwAQF580O98C-WtJgpd4ZGjKo.roa
File: 7ciwAQF580O98C-WtJgpd4ZGjKo.roa (raw, json)
Hash identifier: UnA2EbbKwqBY//tV77lJos5nCrq9kSQ2daq5Uyhuof0=
Subject key identifier: ED:C8:B0:01:01:79:F3:43:BD:F0:2F:96:B4:98:29:77:86:46:8C:AA
Certificate issuer: /CN=47b80caa97c13147d680c80976f8a4b15cade04f
Certificate serial: 019759D939CBFC2550DB0512E749F2C8D7E3
Authority key identifier: 47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/7ciwAQF580O98C-WtJgpd4ZGjKo.roa
Signing time: Tue 10 Jun 2025 12:38:17 +0000
ROA not before: Tue 10 Jun 2025 12:38:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44547
IP address blocks: 185.171.91.0/24 maxlen: 24
2a07:5dc0::/29 maxlen: 29
2a0c:f500::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:59:d9:39:cb:fc:25:50:db:05:12:e7:49:f2:c8:d7:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47b80caa97c13147d680c80976f8a4b15cade04f
Validity
Not Before: Jun 10 12:38:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=edc8b0010179f343bdf02f96b498297786468caa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:53:2c:68:e5:80:e8:91:7e:86:3e:9e:83:5a:
6d:4c:66:cb:ba:85:41:15:b3:f7:36:3a:5f:e3:b9:
a8:b1:89:fd:56:0a:c5:e1:65:ff:0c:5a:7b:34:e4:
6d:f6:62:f9:0f:b3:1d:2f:b6:41:d3:9e:f5:ca:1c:
6b:2b:b3:9c:b3:43:67:e0:fa:6d:e9:09:c8:ed:58:
93:10:56:6b:1a:00:95:1b:b4:3f:e1:b5:d8:92:db:
dc:a1:b5:a8:30:b9:7c:67:06:a0:e5:88:b1:ee:7d:
3d:1d:bc:96:68:6f:c3:90:29:56:40:e9:57:e1:99:
58:ed:15:26:a1:cb:a1:11:60:39:b5:22:f6:38:d1:
29:a8:12:16:de:5f:91:aa:0e:a4:ab:50:9a:78:1e:
9d:9c:0c:06:95:2f:44:47:b7:ff:93:b0:43:81:77:
fe:03:6e:83:b0:28:74:ff:9c:54:87:74:49:49:58:
c5:b6:42:27:5e:8a:ed:75:d4:0a:3b:96:21:d4:b6:
dd:f5:3d:03:99:6c:e1:ec:23:60:c9:8b:23:7c:55:
aa:2b:79:7e:9a:96:ce:d7:6a:73:e8:ca:1a:6a:a6:
ec:f2:13:df:26:be:43:78:2a:73:b3:25:d6:f0:b4:
ea:e6:1a:0f:fb:d0:c9:2f:22:e6:c1:b9:30:2a:9c:
9a:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:C8:B0:01:01:79:F3:43:BD:F0:2F:96:B4:98:29:77:86:46:8C:AA
X509v3 Authority Key Identifier:
keyid:47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/7ciwAQF580O98C-WtJgpd4ZGjKo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.171.91.0/24
IPv6:
2a07:5dc0::/29
2a0c:f500::/29
Signature Algorithm: sha256WithRSAEncryption
01:5f:fc:8e:94:8b:cc:2f:a2:a2:1b:ea:fd:8f:bf:fd:c6:6d:
95:09:93:1a:fc:f2:5e:1b:c3:e4:e2:9f:98:df:2b:0b:08:fc:
91:13:84:7c:e4:ad:af:31:29:0e:54:67:2d:93:de:11:2e:8c:
93:16:37:08:2d:eb:ca:86:70:e6:c7:c2:d1:f6:db:e1:ae:c6:
77:54:8f:7e:a9:30:f5:a3:58:de:4b:57:4a:60:1e:ef:93:2d:
a0:87:e1:0a:c5:0a:a8:95:9a:6c:7a:0a:da:1b:96:a1:ec:37:
06:23:cc:ca:55:42:bc:d1:8b:32:21:6c:80:cb:0b:b8:47:ad:
6b:ed:35:87:ff:3c:07:de:f0:79:a0:d9:97:82:ac:a0:40:43:
89:45:02:94:b2:4e:0e:3b:56:c1:4c:6b:b8:6e:85:39:f4:3f:
48:fd:69:a6:a8:98:8a:44:93:9c:18:c8:5c:99:d6:da:45:ab:
7c:f6:d9:a7:4c:ec:40:94:29:a2:be:a9:be:a0:93:fb:15:7e:
c4:ff:aa:eb:c7:1d:69:45:c9:7d:5b:1e:fa:e2:a5:c6:91:43:
24:29:aa:02:84:ef:b0:4e:5b:1f:da:56:c3:f4:83:0c:93:3b:
bf:5f:dd:ea:17:db:af:75:3e:62:2d:bf:e7:01:91:cd:eb:e3:
1b:c0:09:f1
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZdZ2TnL/CVQ2wUS50nyyNfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YjgwY2FhOTdjMTMxNDdkNjgwYzgwOTc2ZjhhNGIxNWNh
ZGUwNGYwHhcNMjUwNjEwMTIzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM4YjAwMTAxNzlmMzQzYmRmMDJmOTZiNDk4Mjk3Nzg2NDY4Y2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlMsaOWA6JF+hj6eg1ptTGbLuoVB
FbP3Njpf47mosYn9VgrF4WX/DFp7NORt9mL5D7MdL7ZB0571yhxrK7Ocs0Nn4Ppt
6QnI7ViTEFZrGgCVG7Q/4bXYktvcobWoMLl8Zwag5Yix7n09HbyWaG/DkClWQOlX
4ZlY7RUmocuhEWA5tSL2ONEpqBIW3l+Rqg6kq1CaeB6dnAwGlS9ER7f/k7BDgXf+
A26DsCh0/5xUh3RJSVjFtkInXortddQKO5Yh1Lbd9T0DmWzh7CNgyYsjfFWqK3l+
mpbO12pz6Moaaqbs8hPfJr5DeCpzsyXW8LTq5hoP+9DJLyLmwbkwKpyaFwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFO3IsAEBefNDvfAvlrSYKXeGRoyqMB8GA1UdIwQY
MBaAFEe4DKqXwTFH1oDICXb4pLFcreBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAt
MTBlMjRlOWQwZmE3LzEvN2Npd0FRRjU4ME85OEMtV3RKZ3BkNFpHaktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hNTlmYzUtMjA0OS00MmRlLWIxYjAtMTBlMjRlOWQwZmE3
LzEvUjdnTXFwZkJNVWZXZ01nSmR2aWtzVnl0NEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAuatbMBQE
AgACMA4DBQMqB13AAwUDKgz1ADANBgkqhkiG9w0BAQsFAAOCAQEAAV/8jpSLzC+i
ohvq/Y+//cZtlQmTGvzyXhvD5OKfmN8rCwj8kROEfOStrzEpDlRnLZPeES6MkxY3
CC3ryoZw5sfC0fbb4a7Gd1SPfqkw9aNY3ktXSmAe75MtoIfhCsUKqJWabHoK2huW
oew3BiPMylVCvNGLMiFsgMsLuEeta+01h/88B97weaDZl4KsoEBDiUUClLJODjtW
wUxruG6FOfQ/SP1ppqiYikSTnBjIXJnW2kWrfPbZp0zsQJQpor6pvqCT+xV+xP+q
68cdaUXJfVse+uKlxpFDJCmqAoTvsE5bH9pWw/SDDJM7v1/d6hfbr3U+Yi2/5wGR
zevjG8AJ8Q==
-----END CERTIFICATE-----
Generated at Wed Jun 18 23:43:30 2025 by rpki-client