Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/1a6159-1dc6-4a09-844f-5128560dbdfc/1/MP9Rx9k8ZEIHAET1cvhYwnM4xsk.roa
File: MP9Rx9k8ZEIHAET1cvhYwnM4xsk.roa (raw, json)
Hash identifier: ibU3+DXeoy8Q+99jxySzroVnIvAq1CJwph+KiVU/JGs=
Subject key identifier: 30:FF:51:C7:D9:3C:64:42:07:00:44:F5:72:F8:58:C2:73:38:C6:C9
Certificate issuer: /CN=c4eba1fdf6c4de192c1d3edf8a800ca597f97d68
Certificate serial: 0181ECF0252C37083A8378A5D90E74A955E4
Authority key identifier: C4:EB:A1:FD:F6:C4:DE:19:2C:1D:3E:DF:8A:80:0C:A5:97:F9:7D:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xOuh_fbE3hksHT7fioAMpZf5fWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/1a6159-1dc6-4a09-844f-5128560dbdfc/1/MP9Rx9k8ZEIHAET1cvhYwnM4xsk.roa
Signing time: Mon 11 Jul 2022 11:06:09 +0000
ROA not before: Mon 11 Jul 2022 11:06:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197692
IP address blocks: 151.216.0.0/23 maxlen: 24
185.131.0.0/22 maxlen: 24
31.22.120.0/21 maxlen: 24
2a02:6f00::/32 maxlen: 48
2a02:6f00::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:ec:f0:25:2c:37:08:3a:83:78:a5:d9:0e:74:a9:55:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4eba1fdf6c4de192c1d3edf8a800ca597f97d68
Validity
Not Before: Jul 11 11:06:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=30ff51c7d93c6442070044f572f858c27338c6c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:db:4e:ae:b9:3a:26:bc:0c:ec:14:49:4f:e7:
65:67:28:47:b7:80:66:a2:45:98:6b:9c:c7:bb:1e:
70:a5:73:9e:39:2f:4a:99:cd:18:ef:57:e2:2d:e1:
e0:a2:11:db:6a:98:b1:f2:ee:b0:c5:1f:81:b5:c6:
69:82:a7:4a:ea:6e:55:de:0f:e1:4c:2b:c6:2f:ea:
52:69:73:b5:28:6d:0f:3c:34:ab:9c:70:3c:1d:a8:
7d:4c:c6:f6:a6:dd:22:05:18:a8:17:b1:9c:b5:0d:
cb:26:47:ae:11:7c:97:c3:26:4e:c6:88:1a:a6:f0:
b6:b9:60:5b:b5:3d:4a:40:0f:03:ae:d9:79:37:02:
a1:3e:10:6a:63:98:33:28:cc:b1:3b:aa:2b:87:0f:
1a:cb:ad:1f:b8:1e:d2:bf:12:4f:8f:71:e7:1d:a4:
71:ba:7a:0e:0c:50:9d:23:2a:f8:ab:aa:df:22:6c:
82:b0:31:e3:02:51:5d:23:d8:7e:79:e3:79:4e:08:
06:32:38:cd:46:d9:f2:ee:c5:8c:81:1f:94:61:e0:
54:01:d8:f8:81:a0:b9:4c:a2:e5:cc:2c:bf:2d:03:
92:ab:7d:5e:bb:c0:56:03:35:5f:0d:36:da:ea:df:
18:14:16:9e:11:0b:93:a8:61:90:c6:29:11:21:7b:
bc:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:FF:51:C7:D9:3C:64:42:07:00:44:F5:72:F8:58:C2:73:38:C6:C9
X509v3 Authority Key Identifier:
keyid:C4:EB:A1:FD:F6:C4:DE:19:2C:1D:3E:DF:8A:80:0C:A5:97:F9:7D:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOuh_fbE3hksHT7fioAMpZf5fWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1a6159-1dc6-4a09-844f-5128560dbdfc/1/MP9Rx9k8ZEIHAET1cvhYwnM4xsk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1a6159-1dc6-4a09-844f-5128560dbdfc/1/xOuh_fbE3hksHT7fioAMpZf5fWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.22.120.0/21
151.216.0.0/23
185.131.0.0/22
IPv6:
2a02:6f00::/29
Signature Algorithm: sha256WithRSAEncryption
01:89:64:e1:b1:20:56:ff:22:2d:1c:86:0d:f7:fb:0f:6b:c2:
f6:f6:93:d5:17:89:20:90:d7:39:00:b7:d2:47:3f:b2:a1:50:
75:f9:a1:ea:d6:4b:a2:c8:6a:12:d8:2c:f7:3a:ab:cb:13:bf:
e6:d0:f1:e7:59:aa:a5:74:8c:6d:60:cd:9a:58:75:fc:08:c9:
90:22:af:97:42:14:f2:92:b5:bc:9c:17:e3:93:3f:31:50:6b:
8f:c0:db:0d:38:45:7c:03:19:67:40:8c:24:70:7b:16:44:e6:
68:b3:63:18:40:ba:a7:f9:39:a3:89:87:94:1d:29:39:2a:36:
2f:31:66:01:21:b1:94:3b:1a:ae:e8:29:89:fb:9f:aa:82:4d:
4d:c3:b7:5c:11:d7:7f:c8:04:c1:e9:cc:66:4d:ca:23:d2:8b:
de:b7:1a:7f:ab:87:8e:c4:7c:ba:5a:d0:40:24:3f:9d:f0:b0:
ec:4f:02:75:b2:f4:3d:c1:c3:33:05:76:ca:10:b3:eb:71:3e:
74:af:27:87:74:36:3f:a8:20:5b:77:c2:29:e6:d3:8f:63:27:
1c:a4:83:90:2a:72:58:5a:ee:b1:f1:a2:34:7d:85:97:a6:07:
a3:5c:93:75:cb:40:5a:90:69:1f:73:14:ad:eb:cf:1f:85:d5:
1a:4e:88:97
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYHs8CUsNwg6g3il2Q50qVXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWJhMWZkZjZjNGRlMTkyYzFkM2VkZjhhODAwY2E1OTdm
OTdkNjgwHhcNMjIwNzExMTEwNjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGZmNTFjN2Q5M2M2NDQyMDcwMDQ0ZjU3MmY4NThjMjczMzhjNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNtOrrk6JrwM7BRJT+dlZyhHt4Bm
okWYa5zHux5wpXOeOS9Kmc0Y71fiLeHgohHbapix8u6wxR+BtcZpgqdK6m5V3g/h
TCvGL+pSaXO1KG0PPDSrnHA8Hah9TMb2pt0iBRioF7GctQ3LJkeuEXyXwyZOxoga
pvC2uWBbtT1KQA8Drtl5NwKhPhBqY5gzKMyxO6orhw8ay60fuB7SvxJPj3HnHaRx
unoODFCdIyr4q6rfImyCsDHjAlFdI9h+eeN5TggGMjjNRtny7sWMgR+UYeBUAdj4
gaC5TKLlzCy/LQOSq31eu8BWAzVfDTba6t8YFBaeEQuTqGGQxikRIXu8HwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDD/UcfZPGRCBwBE9XL4WMJzOMbJMB8GA1UdIwQY
MBaAFMTrof32xN4ZLB0+34qADKWX+X1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE91aF9mYkUzaGtzSFQ3ZmlvQU1wWmY1ZldnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xYTYxNTktMWRjNi00YTA5LTg0NGYt
NTEyODU2MGRiZGZjLzEvTVA5Ung5azhaRUlIQUVUMWN2aFl3bk00eHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xYTYxNTktMWRjNi00YTA5LTg0NGYtNTEyODU2MGRiZGZj
LzEveE91aF9mYkUzaGtzSFQ3ZmlvQU1wWmY1ZldnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDHxZ4AwQB
l9gAAwQCuYMAMA0EAgACMAcDBQMqAm8AMA0GCSqGSIb3DQEBCwUAA4IBAQABiWTh
sSBW/yItHIYN9/sPa8L29pPVF4kgkNc5ALfSRz+yoVB1+aHq1kuiyGoS2Cz3OqvL
E7/m0PHnWaqldIxtYM2aWHX8CMmQIq+XQhTykrW8nBfjkz8xUGuPwNsNOEV8Axln
QIwkcHsWROZos2MYQLqn+TmjiYeUHSk5KjYvMWYBIbGUOxqu6CmJ+5+qgk1Nw7dc
Edd/yATB6cxmTcoj0ovetxp/q4eOxHy6WtBAJD+d8LDsTwJ1svQ9wcMzBXbKELPr
cT50ryeHdDY/qCBbd8Ip5tOPYyccpIOQKnJYWu6x8aI0fYWXpgejXJN1y0BakGkf
cxSt688fhdUaToiX
-----END CERTIFICATE-----
Generated at Mon Apr 28 09:11:54 2025 by rpki-client