Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/j7e1ma5rYbtjljJykWYcD532sI4.roa
File: j7e1ma5rYbtjljJykWYcD532sI4.roa (raw, json)
Hash identifier: ojJ/6yPfgJjGjtZoxEsXLaeiNWl5e1alfKvKsnVFUKU=
Subject key identifier: 8F:B7:B5:99:AE:6B:61:BB:63:96:32:72:91:66:1C:0F:9D:F6:B0:8E
Certificate issuer: /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial: 019619E4E23C1E4610088C97AF7D7FDDD553
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/j7e1ma5rYbtjljJykWYcD532sI4.roa
Signing time: Wed 09 Apr 2025 09:32:32 +0000
ROA not before: Wed 09 Apr 2025 09:32:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58026
IP address blocks: 104.167.24.0/21 maxlen: 21
104.207.32.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:19:e4:e2:3c:1e:46:10:08:8c:97:af:7d:7f:dd:d5:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Validity
Not Before: Apr 9 09:32:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8fb7b599ae6b61bb6396327291661c0f9df6b08e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d3:48:60:93:5e:25:f3:e8:59:b0:ee:f1:86:
de:b6:51:69:d5:76:a6:76:c3:00:90:80:a0:c9:e7:
66:30:f9:f1:82:08:99:c6:7b:80:7a:97:2b:fc:de:
bd:b1:73:07:5d:7a:24:ac:5d:5e:66:6f:ff:9b:98:
d8:eb:ee:85:d6:de:1f:7c:ab:f2:a1:48:78:23:ef:
6b:70:69:be:e1:d1:79:db:47:0f:5c:af:60:a2:0e:
19:05:b4:76:86:62:8c:9c:20:86:2c:87:62:b9:04:
aa:89:01:15:bf:67:8f:42:f1:b8:98:db:d5:74:51:
60:91:c8:41:5f:60:ab:cc:a0:d4:4d:9c:c0:47:ae:
3e:2d:31:8a:ea:94:ae:a6:6f:07:d8:b3:df:33:5b:
7a:b0:bd:ae:f0:14:84:22:52:c6:0f:cc:3c:04:36:
7f:cf:7b:03:92:21:26:2f:d2:d6:1f:f0:f7:d8:28:
d4:9b:d5:ab:23:e7:7b:7a:99:9f:b2:07:bb:9a:56:
c4:07:95:9a:65:dd:6c:6a:46:a0:5d:46:9e:9e:d8:
b5:7a:6b:99:90:63:f7:96:b0:43:f0:0f:b6:90:f2:
7e:ab:1b:d3:ee:9e:cd:8a:3c:63:82:cb:c1:fe:78:
28:c7:16:1f:55:71:29:12:83:20:cd:f3:34:b1:e1:
85:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:B7:B5:99:AE:6B:61:BB:63:96:32:72:91:66:1C:0F:9D:F6:B0:8E
X509v3 Authority Key Identifier:
keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/j7e1ma5rYbtjljJykWYcD532sI4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.167.24.0/21
104.207.32.0/19
Signature Algorithm: sha256WithRSAEncryption
4f:a2:d6:f4:26:af:3e:cd:4d:cc:68:8a:07:0d:49:c5:de:ea:
d8:77:32:84:ef:81:7d:84:61:36:6f:cb:8d:8c:e6:7d:cf:93:
38:eb:32:4f:1c:c3:84:a4:db:9f:c7:56:8c:a7:bf:3e:41:a9:
b8:db:44:a5:55:a2:5e:16:19:e4:70:8f:73:99:3c:4b:f8:21:
43:b8:0f:1d:9c:5e:0b:c8:bf:cf:63:25:50:2c:89:75:e5:25:
e0:ca:73:cb:2f:3e:33:01:f6:f5:83:be:b3:62:16:fb:b0:df:
f5:05:1b:71:37:5e:cf:1c:b9:0f:62:e3:ef:c6:c9:a2:07:5b:
c0:79:3e:f7:50:1a:3c:13:cb:7b:fa:99:a8:2d:4d:d3:22:04:
c0:29:4f:58:2e:34:aa:49:d8:12:c1:9e:a9:ef:08:a3:f1:b8:
e0:09:15:2c:6e:6e:7e:f2:30:99:05:fc:64:53:7e:23:2d:9a:
70:58:6e:49:87:87:80:ba:05:b4:13:c5:19:3d:84:bc:01:73:
b0:3b:9d:a4:f4:27:d0:47:e2:09:86:b5:b5:5e:3d:88:c2:d2:
df:72:9c:27:e4:43:2d:08:99:c9:16:f6:05:61:37:a9:87:66:
dd:e3:f3:db:d6:28:5e:e8:85:e2:88:b7:0c:59:46:6f:6c:d2:
94:7c:86:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYZ5OI8HkYQCIyXr31/3dVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjUwNDA5MDkzMjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI3YjU5OWFlNmI2MWJiNjM5NjMyNzI5MTY2MWMwZjlkZjZiMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9NIYJNeJfPoWbDu8YbetlFp1Xam
dsMAkICgyedmMPnxggiZxnuAepcr/N69sXMHXXokrF1eZm//m5jY6+6F1t4ffKvy
oUh4I+9rcGm+4dF520cPXK9gog4ZBbR2hmKMnCCGLIdiuQSqiQEVv2ePQvG4mNvV
dFFgkchBX2CrzKDUTZzAR64+LTGK6pSupm8H2LPfM1t6sL2u8BSEIlLGD8w8BDZ/
z3sDkiEmL9LWH/D32CjUm9WrI+d7epmfsge7mlbEB5WaZd1sakagXUaenti1emuZ
kGP3lrBD8A+2kPJ+qxvT7p7NijxjgsvB/ngoxxYfVXEpEoMgzfM0seGFGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+3tZmua2G7Y5YycpFmHA+d9rCOMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvajdlMW1hNXJZYnRqbGpKeWtXWWNENTMyc0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDaKcYAwQF
aM8gMA0GCSqGSIb3DQEBCwUAA4IBAQBPotb0Jq8+zU3MaIoHDUnF3urYdzKE74F9
hGE2b8uNjOZ9z5M46zJPHMOEpNufx1aMp78+Qam420SlVaJeFhnkcI9zmTxL+CFD
uA8dnF4LyL/PYyVQLIl15SXgynPLLz4zAfb1g76zYhb7sN/1BRtxN17PHLkPYuPv
xsmiB1vAeT73UBo8E8t7+pmoLU3TIgTAKU9YLjSqSdgSwZ6p7wij8bjgCRUsbm5+
8jCZBfxkU34jLZpwWG5Jh4eAugW0E8UZPYS8AXOwO52k9CfQR+IJhrW1Xj2IwtLf
cpwn5EMtCJnJFvYFYTeph2bd4/Pb1ihe6IXiiLcMWUZvbNKUfIYK
-----END CERTIFICATE-----
Generated at Tue Apr 29 10:18:52 2025 by rpki-client