Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/024641-0568-4a54-9599-c0588aae02ed/1/UAiGtFt2gOkDcX7IrnRgiclF6Q8.roa
File: UAiGtFt2gOkDcX7IrnRgiclF6Q8.roa (raw, json)
Hash identifier: 8cj/r3m2gk0LI7OzsyMTtzsN0+hge3ePcyUBIxs3F9w=
Subject key identifier: 50:08:86:B4:5B:76:80:E9:03:71:7E:C8:AE:74:60:89:C9:45:E9:0F
Certificate issuer: /CN=c3ae20b4a389e854d26a65aab9b0d01997f0ac22
Certificate serial: 018CC6B7BCA8705553503924EA35261C8226
Authority key identifier: C3:AE:20:B4:A3:89:E8:54:D2:6A:65:AA:B9:B0:D0:19:97:F0:AC:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w64gtKOJ6FTSamWqubDQGZfwrCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/024641-0568-4a54-9599-c0588aae02ed/1/UAiGtFt2gOkDcX7IrnRgiclF6Q8.roa
Signing time: Mon 01 Jan 2024 20:29:39 +0000
ROA not before: Mon 01 Jan 2024 20:29:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 27970
IP address blocks: 91.221.208.0/24 maxlen: 24
91.221.209.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:bc:a8:70:55:53:50:39:24:ea:35:26:1c:82:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3ae20b4a389e854d26a65aab9b0d01997f0ac22
Validity
Not Before: Jan 1 20:29:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=500886b45b7680e903717ec8ae746089c945e90f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:a6:00:ed:9a:db:85:cf:4d:0f:a0:b6:05:04:
aa:dd:d5:e3:e8:2a:60:2f:d3:32:52:5d:6e:7f:53:
77:3a:31:92:15:74:c6:93:ce:16:88:39:f4:da:7a:
1f:50:f2:cd:58:d1:da:75:3a:4d:a5:a6:58:e3:a8:
9f:1d:8a:98:42:89:e7:2d:7f:6d:6a:d1:6c:eb:03:
a2:80:45:8b:09:bd:10:90:aa:a7:3e:58:93:88:2d:
6e:26:73:3c:e5:72:e3:ba:8d:0a:39:0b:c3:04:16:
39:28:b0:4a:5c:0a:b3:2b:33:53:16:c5:df:23:c4:
09:1e:27:48:8b:74:92:68:b8:8c:74:ff:3d:a1:86:
d6:5c:c5:c6:42:b7:7c:6d:b9:d7:16:f6:34:78:70:
95:2e:af:cb:2c:fc:2e:2e:fc:4d:2c:b7:fa:89:1b:
ea:77:9e:22:05:5e:6d:d7:c0:82:0d:08:67:8b:da:
d0:1b:df:d6:26:bb:6d:13:86:44:f9:da:48:b4:17:
81:c5:6e:01:55:78:ee:1a:bb:ab:f4:02:2f:c9:33:
6c:a9:38:99:ed:00:e7:fb:3d:fe:80:ad:03:26:21:
8f:c4:a5:21:6c:7a:b1:9b:81:15:b9:69:91:52:03:
b8:85:ec:05:66:6a:1e:0a:bd:29:c8:28:cc:61:fb:
f6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:08:86:B4:5B:76:80:E9:03:71:7E:C8:AE:74:60:89:C9:45:E9:0F
X509v3 Authority Key Identifier:
keyid:C3:AE:20:B4:A3:89:E8:54:D2:6A:65:AA:B9:B0:D0:19:97:F0:AC:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w64gtKOJ6FTSamWqubDQGZfwrCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/024641-0568-4a54-9599-c0588aae02ed/1/UAiGtFt2gOkDcX7IrnRgiclF6Q8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/024641-0568-4a54-9599-c0588aae02ed/1/w64gtKOJ6FTSamWqubDQGZfwrCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.221.208.0/23
Signature Algorithm: sha256WithRSAEncryption
c8:cb:e1:aa:45:e9:7b:23:27:91:84:ad:f8:70:65:e4:a3:4c:
d8:86:10:57:25:57:9d:a0:c6:d0:9e:b2:c8:c5:06:57:82:cd:
9b:58:6d:a6:dc:c6:21:8a:c5:61:11:25:44:0d:e2:b5:90:a9:
c9:4a:23:6d:3e:ab:59:b3:92:cf:ec:d4:29:ec:49:a2:b7:8e:
8f:fe:30:01:f9:e7:28:41:9b:b3:dd:02:22:ce:06:1b:18:49:
5e:e5:2f:40:6e:b0:49:de:3b:9f:ae:04:22:b0:6c:3c:4f:66:
fb:ba:93:70:ee:54:b8:6d:06:e4:4f:69:d0:55:84:3d:5b:98:
42:0e:85:af:42:6c:92:b5:b5:2b:6f:9a:13:36:5b:c9:46:36:
d7:76:e1:ac:71:49:5a:fc:c7:c3:06:12:2f:8d:bb:56:5f:8b:
7d:87:8b:03:14:d4:79:78:1c:90:9d:0d:aa:0a:b5:63:29:9b:
15:fc:7f:fd:37:2e:11:86:a1:27:76:6b:55:71:69:33:bd:79:
89:7e:6a:4a:76:a2:f1:e3:44:69:d4:03:73:47:61:da:fb:e2:
b7:be:97:dc:71:cd:d5:7d:b9:05:35:b4:e8:ac:09:22:43:eb:
c4:4d:1a:6f:c7:f5:03:1e:97:24:85:14:b8:1c:e8:ae:df:f8:
16:29:ef:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7yocFVTUDkk6jUmHIImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWUyMGI0YTM4OWU4NTRkMjZhNjVhYWI5YjBkMDE5OTdm
MGFjMjIwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDA4ODZiNDViNzY4MGU5MDM3MTdlYzhhZTc0NjA4OWM5NDVlOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqYA7Zrbhc9ND6C2BQSq3dXj6Cpg
L9MyUl1uf1N3OjGSFXTGk84WiDn02nofUPLNWNHadTpNpaZY46ifHYqYQonnLX9t
atFs6wOigEWLCb0QkKqnPliTiC1uJnM85XLjuo0KOQvDBBY5KLBKXAqzKzNTFsXf
I8QJHidIi3SSaLiMdP89oYbWXMXGQrd8bbnXFvY0eHCVLq/LLPwuLvxNLLf6iRvq
d54iBV5t18CCDQhni9rQG9/WJrttE4ZE+dpItBeBxW4BVXjuGrur9AIvyTNsqTiZ
7QDn+z3+gK0DJiGPxKUhbHqxm4EVuWmRUgO4hewFZmoeCr0pyCjMYfv2xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAIhrRbdoDpA3F+yK50YInJRekPMB8GA1UdIwQY
MBaAFMOuILSjiehU0mplqrmw0BmX8KwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzY0Z3RLT0o2RlRTYW1XcXViRFFHWmZ3ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wMjQ2NDEtMDU2OC00YTU0LTk1OTkt
YzA1ODhhYWUwMmVkLzEvVUFpR3RGdDJnT2tEY1g3SXJuUmdpY2xGNlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wMjQ2NDEtMDU2OC00YTU0LTk1OTktYzA1ODhhYWUwMmVk
LzEvdzY0Z3RLT0o2RlRTYW1XcXViRFFHWmZ3ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93QMA0G
CSqGSIb3DQEBCwUAA4IBAQDIy+GqRel7IyeRhK34cGXko0zYhhBXJVedoMbQnrLI
xQZXgs2bWG2m3MYhisVhESVEDeK1kKnJSiNtPqtZs5LP7NQp7Emit46P/jAB+eco
QZuz3QIizgYbGEle5S9AbrBJ3jufrgQisGw8T2b7upNw7lS4bQbkT2nQVYQ9W5hC
DoWvQmyStbUrb5oTNlvJRjbXduGscUla/MfDBhIvjbtWX4t9h4sDFNR5eByQnQ2q
CrVjKZsV/H/9Ny4RhqEndmtVcWkzvXmJfmpKdqLx40Rp1ANzR2Ha++K3vpfccc3V
fbkFNbTorAkiQ+vETRpvx/UDHpckhRS4HOiu3/gWKe88
-----END CERTIFICATE-----
Generated at Mon Jun 10 09:43:47 2024 by rpki-client on console-fra.rpki-client.org