Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/8FRBx7KPuXI7QZgSj39PF94B4iQ.roa
File: 8FRBx7KPuXI7QZgSj39PF94B4iQ.roa (raw, json)
Hash identifier: WtWfvENuCz3pCVyHojfqHn+671JphebIxmI8zf9gQMg=
Subject key identifier: F0:54:41:C7:B2:8F:B9:72:3B:41:98:12:8F:7F:4F:17:DE:01:E2:24
Certificate issuer: /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial: 0188F870497609ACCCC63D3350A203018594
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/8FRBx7KPuXI7QZgSj39PF94B4iQ.roa
Signing time: Mon 26 Jun 2023 16:01:28 +0000
ROA not before: Mon 26 Jun 2023 16:01:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42910
IP address blocks: 5.250.242.0/24 maxlen: 24
5.250.241.0/24 maxlen: 24
5.250.245.0/24 maxlen: 24
5.250.244.0/24 maxlen: 24
5.250.243.0/24 maxlen: 24
5.250.246.0/24 maxlen: 24
5.250.252.0/24 maxlen: 24
5.250.251.0/24 maxlen: 24
5.250.250.0/24 maxlen: 24
5.250.253.0/24 maxlen: 24
5.250.249.0/24 maxlen: 24
5.250.248.0/24 maxlen: 24
5.250.247.0/24 maxlen: 24
185.67.121.0/24 maxlen: 24
185.67.120.0/24 maxlen: 24
185.67.123.0/24 maxlen: 24
185.67.122.0/24 maxlen: 24
5.250.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f8:70:49:76:09:ac:cc:c6:3d:33:50:a2:03:01:85:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Validity
Not Before: Jun 26 16:01:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f05441c7b28fb9723b4198128f7f4f17de01e224
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d4:d1:89:b5:07:e3:2f:12:7c:bf:00:0e:4d:
fa:8a:8c:07:26:9e:7b:0a:32:1b:cd:53:03:19:e8:
c3:f4:97:67:d0:76:af:c0:f1:26:b0:f0:86:95:4b:
f7:fd:dd:41:02:32:08:d0:f6:09:21:7c:cb:3a:0a:
77:d8:40:b9:e8:90:c0:5d:a1:d1:91:f5:69:aa:10:
37:52:37:8f:82:e8:36:be:ae:71:e4:f3:18:06:a7:
19:85:39:ff:f0:4f:36:66:6a:5a:8b:5a:22:c0:ad:
45:27:2b:7e:f6:d8:a2:60:de:1f:48:1e:ed:d6:9c:
fd:dd:8c:b3:c2:fe:ce:85:29:7f:22:74:85:07:83:
29:10:49:62:2b:26:0a:72:5b:91:8e:e9:2e:b6:3c:
05:ca:4f:cb:b6:74:fc:5b:1e:d3:b8:04:77:e6:1a:
b5:5b:c0:25:af:2d:00:f4:79:c0:a5:3a:63:90:f4:
9d:19:a1:30:ed:5c:4f:fd:70:93:0d:79:25:b9:76:
d5:2c:e9:f7:87:c4:d7:4a:2c:8f:5f:8d:7b:7b:48:
18:51:df:2c:ce:b0:bb:75:08:b7:5f:31:8e:c4:d4:
73:2b:9a:e7:12:0c:ae:dc:50:19:a9:a8:14:ff:6e:
be:a0:13:76:64:63:de:b8:d7:4c:fa:24:a9:51:d9:
fb:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:54:41:C7:B2:8F:B9:72:3B:41:98:12:8F:7F:4F:17:DE:01:E2:24
X509v3 Authority Key Identifier:
keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/8FRBx7KPuXI7QZgSj39PF94B4iQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.240.0-5.250.253.255
185.67.120.0/22
Signature Algorithm: sha256WithRSAEncryption
89:47:a7:86:3d:18:d0:61:09:41:df:e6:a1:fe:72:67:5b:90:
4b:ed:29:c6:fe:9d:be:bc:a8:36:75:13:3f:09:ba:05:8c:35:
a1:37:c9:17:eb:3d:d5:c6:f3:5a:5c:2c:9f:90:c5:6a:57:39:
f3:46:52:d6:b8:7c:92:58:e4:49:ba:1c:be:c2:bc:79:d6:d3:
58:1f:c0:60:37:80:ac:d1:e1:fe:f3:b0:80:72:04:71:a9:53:
ea:20:4f:67:04:93:aa:2c:0a:99:90:a0:89:87:be:9d:f6:25:
8f:31:76:57:3b:a1:d6:f3:1a:2a:86:f5:e6:e3:88:31:e6:27:
9b:26:47:7e:c9:1f:20:c5:7a:87:be:33:0e:1f:09:69:8b:c7:
8a:97:00:46:23:a3:d5:16:61:6d:7d:67:f9:1d:6a:ad:67:6e:
92:0f:c2:e7:a0:73:a3:fd:e2:b8:1a:18:f1:f2:54:c2:77:a8:
c1:13:98:7f:3c:ef:e7:e3:59:7a:3f:79:a4:8d:e2:4e:07:cf:
48:f6:fc:82:52:13:be:f9:22:7f:95:a3:1f:3b:db:c7:ca:d1:
3a:3e:92:ab:9b:fc:26:19:f5:ec:c4:b9:ec:13:69:57:2a:d8:
22:c1:4b:1f:40:c3:a6:7d:20:dc:b2:34:d8:1d:9c:17:b5:28:
9a:c7:52:dd
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYj4cEl2CazMxj0zUKIDAYWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwNjI2MTYwMTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDU0NDFjN2IyOGZiOTcyM2I0MTk4MTI4ZjdmNGYxN2RlMDFlMjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydTRibUH4y8SfL8ADk36iowHJp57
CjIbzVMDGejD9Jdn0HavwPEmsPCGlUv3/d1BAjII0PYJIXzLOgp32EC56JDAXaHR
kfVpqhA3UjePgug2vq5x5PMYBqcZhTn/8E82Zmpai1oiwK1FJyt+9tiiYN4fSB7t
1pz93Yyzwv7OhSl/InSFB4MpEEliKyYKcluRjukutjwFyk/LtnT8Wx7TuAR35hq1
W8Alry0A9HnApTpjkPSdGaEw7VxP/XCTDXkluXbVLOn3h8TXSiyPX417e0gYUd8s
zrC7dQi3XzGOxNRzK5rnEgyu3FAZqagU/26+oBN2ZGPeuNdM+iSpUdn78wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPBUQceyj7lyO0GYEo9/TxfeAeIkMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvOEZSQng3S1B1WEk3UVpnU2ozOVBGOTRCNGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQF+vAD
BAEF+vwDBAK5Q3gwDQYJKoZIhvcNAQELBQADggEBAIlHp4Y9GNBhCUHf5qH+cmdb
kEvtKcb+nb68qDZ1Ez8JugWMNaE3yRfrPdXG81pcLJ+QxWpXOfNGUta4fJJY5Em6
HL7CvHnW01gfwGA3gKzR4f7zsIByBHGpU+ogT2cEk6osCpmQoImHvp32JY8xdlc7
odbzGiqG9ebjiDHmJ5smR37JHyDFeoe+Mw4fCWmLx4qXAEYjo9UWYW19Z/kdaq1n
bpIPwuegc6P94rgaGPHyVMJ3qMETmH887+fjWXo/eaSN4k4Hz0j2/IJSE775In+V
ox8728fK0To+kqub/CYZ9ezEuewTaVcq2CLBSx9Aw6Z9INyyNNgdnBe1KJrHUt0=
-----END CERTIFICATE-----
Generated at Sat May 3 17:31:39 2025 by rpki-client