Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a28ca6-af2f-40cd-b549-7eead1461a54/1/Cb5NzaVF19W_kO9-p5feKwUrI44.roa
File: Cb5NzaVF19W_kO9-p5feKwUrI44.roa (raw, json)
Hash identifier: rx9YIuMQqSeT52UROH2XuUwRB1GhhHouzGp2sbNpchA=
Subject key identifier: 09:BE:4D:CD:A5:45:D7:D5:BF:90:EF:7E:A7:97:DE:2B:05:2B:23:8E
Certificate issuer: /CN=99b8fd292c8a1b896b8752344a3da92378f2ae5a
Certificate serial: 019267ED4A359C68CAA273C01C2184C4E7BB
Authority key identifier: 99:B8:FD:29:2C:8A:1B:89:6B:87:52:34:4A:3D:A9:23:78:F2:AE:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mbj9KSyKG4lrh1I0Sj2pI3jyrlo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/a28ca6-af2f-40cd-b549-7eead1461a54/1/Cb5NzaVF19W_kO9-p5feKwUrI44.roa
Signing time: Mon 07 Oct 2024 17:00:57 +0000
ROA not before: Mon 07 Oct 2024 17:00:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 214998
IP address blocks: 151.216.46.0/24 maxlen: 24
2a07:5900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:67:ed:4a:35:9c:68:ca:a2:73:c0:1c:21:84:c4:e7:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=99b8fd292c8a1b896b8752344a3da92378f2ae5a
Validity
Not Before: Oct 7 17:00:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=09be4dcda545d7d5bf90ef7ea797de2b052b238e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:98:8f:d9:51:d5:1d:55:fe:f4:f4:4c:fa:4e:
2e:87:eb:51:9c:75:08:1a:85:74:06:71:a9:a0:ef:
a0:1b:70:a8:51:88:46:2d:08:8a:ee:9d:0e:51:57:
86:61:99:9f:36:4c:b8:4a:f3:83:c6:2f:dc:a8:f7:
eb:4a:c3:bd:1c:9a:7f:f2:6d:5f:04:c4:d6:93:41:
b5:f2:5f:80:92:f1:07:49:3c:31:ec:82:a5:01:aa:
85:76:0e:aa:bf:e0:05:57:9e:5c:e6:26:86:94:37:
2a:1d:c9:7d:b7:a2:c9:d1:b2:c2:67:b7:7c:1d:8b:
57:a5:16:c5:03:57:94:11:ee:85:e4:a9:75:ee:b3:
d9:58:9b:7e:51:28:51:77:bb:49:d5:43:0e:b4:98:
84:53:94:5e:55:2d:f0:27:ea:cb:aa:5f:8e:e2:a8:
2d:f2:90:b2:ee:5a:53:2c:8c:30:e5:47:fa:80:85:
24:9f:85:d4:84:6e:9f:f5:f0:37:0d:59:fa:1c:83:
64:d4:0c:b6:e0:a0:7e:ef:cc:b1:3f:a4:b4:fc:92:
83:18:f3:64:40:84:a8:97:d9:cd:76:da:bb:07:d1:
c6:d7:01:16:b3:00:17:43:bd:43:5b:17:88:86:21:
47:7c:0d:ab:f0:e8:29:a3:07:60:e0:45:aa:b6:b0:
75:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:BE:4D:CD:A5:45:D7:D5:BF:90:EF:7E:A7:97:DE:2B:05:2B:23:8E
X509v3 Authority Key Identifier:
keyid:99:B8:FD:29:2C:8A:1B:89:6B:87:52:34:4A:3D:A9:23:78:F2:AE:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mbj9KSyKG4lrh1I0Sj2pI3jyrlo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a28ca6-af2f-40cd-b549-7eead1461a54/1/Cb5NzaVF19W_kO9-p5feKwUrI44.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a28ca6-af2f-40cd-b549-7eead1461a54/1/mbj9KSyKG4lrh1I0Sj2pI3jyrlo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.46.0/24
IPv6:
2a07:5900::/29
Signature Algorithm: sha256WithRSAEncryption
6d:b4:c4:ad:a2:c8:37:94:79:03:fd:b8:8c:41:a5:9a:d9:9b:
49:d3:e7:0b:93:da:41:3e:7a:be:74:63:c5:de:51:ad:7d:d3:
6c:16:18:bb:74:61:34:da:47:d2:bd:ae:a9:78:11:9b:10:51:
46:98:0b:ee:10:61:82:88:1e:11:58:44:3a:f8:18:99:a1:c5:
8d:bd:37:1a:87:d8:76:7b:3f:5e:83:24:bb:a0:01:5a:08:85:
01:2f:5c:47:6d:ba:29:03:fb:60:4e:b6:5d:7c:65:a0:33:5d:
75:b3:59:ae:19:8f:a3:d8:35:54:1c:9c:04:b4:5d:d1:bc:2e:
28:a9:10:a6:01:ac:0d:ef:1c:b3:aa:78:95:47:51:47:f0:6b:
0a:93:6a:75:38:65:94:94:e9:a4:29:e8:12:6e:eb:55:6b:84:
cf:41:9a:9c:81:aa:e2:f0:f3:c1:c3:21:47:65:29:04:70:19:
01:72:ef:6b:38:9e:89:74:35:6c:26:93:24:b0:71:1b:e9:6f:
d2:13:9e:40:c7:82:b2:06:91:0a:2d:89:a2:fc:06:7b:0c:60:
9d:75:f2:9a:29:17:37:f7:c4:29:71:52:1d:43:20:a1:2f:12:
8b:92:4b:d2:c3:d4:99:6c:5e:ef:32:53:c5:65:27:b0:5c:ad:
eb:89:8e:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJn7Uo1nGjKonPAHCGExOe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YjhmZDI5MmM4YTFiODk2Yjg3NTIzNDRhM2RhOTIzNzhm
MmFlNWEwHhcNMjQxMDA3MTcwMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJlNGRjZGE1NDVkN2Q1YmY5MGVmN2VhNzk3ZGUyYjA1MmIyMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0piP2VHVHVX+9PRM+k4uh+tRnHUI
GoV0BnGpoO+gG3CoUYhGLQiK7p0OUVeGYZmfNky4SvODxi/cqPfrSsO9HJp/8m1f
BMTWk0G18l+AkvEHSTwx7IKlAaqFdg6qv+AFV55c5iaGlDcqHcl9t6LJ0bLCZ7d8
HYtXpRbFA1eUEe6F5Kl17rPZWJt+UShRd7tJ1UMOtJiEU5ReVS3wJ+rLql+O4qgt
8pCy7lpTLIww5Uf6gIUkn4XUhG6f9fA3DVn6HINk1Ay24KB+78yxP6S0/JKDGPNk
QISol9nNdtq7B9HG1wEWswAXQ71DWxeIhiFHfA2r8Ogpowdg4EWqtrB1DwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAm+Tc2lRdfVv5DvfqeX3isFKyOOMB8GA1UdIwQY
MBaAFJm4/SksihuJa4dSNEo9qSN48q5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWJqOUtTeUtHNGxyaDFJMFNqMnBJM2p5cmxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hMjhjYTYtYWYyZi00MGNkLWI1NDkt
N2VlYWQxNDYxYTU0LzEvQ2I1TnphVkYxOVdfa085LXA1ZmVLd1VySTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hMjhjYTYtYWYyZi00MGNkLWI1NDktN2VlYWQxNDYxYTU0
LzEvbWJqOUtTeUtHNGxyaDFJMFNqMnBJM2p5cmxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAl9guMA0E
AgACMAcDBQMqB1kAMA0GCSqGSIb3DQEBCwUAA4IBAQBttMStosg3lHkD/biMQaWa
2ZtJ0+cLk9pBPnq+dGPF3lGtfdNsFhi7dGE02kfSva6peBGbEFFGmAvuEGGCiB4R
WEQ6+BiZocWNvTcah9h2ez9egyS7oAFaCIUBL1xHbbopA/tgTrZdfGWgM111s1mu
GY+j2DVUHJwEtF3RvC4oqRCmAawN7xyzqniVR1FH8GsKk2p1OGWUlOmkKegSbutV
a4TPQZqcgari8PPBwyFHZSkEcBkBcu9rOJ6JdDVsJpMksHEb6W/SE55Ax4KyBpEK
LYmi/AZ7DGCddfKaKRc398QpcVIdQyChLxKLkkvSw9SZbF7vMlPFZSewXK3riY4N
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:20:47 2025 by rpki-client