Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/JEEvWF0xMJIBZiUgx3DCw6kawZU.roa
File: JEEvWF0xMJIBZiUgx3DCw6kawZU.roa (raw, json)
Hash identifier: NtFfwbAvVqGCFNFoLNCCruAxrJboP6mmOw6Y1t6s6Iw=
Subject key identifier: 24:41:2F:58:5D:31:30:92:01:66:25:20:C7:70:C2:C3:A9:1A:C1:95
Certificate issuer: /CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Certificate serial: 01C2A59F
Authority key identifier: 89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/JEEvWF0xMJIBZiUgx3DCw6kawZU.roa
Signing time: Sat 01 Jan 2022 02:54:50 +0000
ROA not before: Sat 01 Jan 2022 02:54:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50643
IP address blocks: 195.191.200.0/23 maxlen: 23
91.221.191.0/24 maxlen: 24
91.221.190.0/24 maxlen: 24
91.221.190.0/23 maxlen: 23
2001:678:b4c::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29533599 (0x1c2a59f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Validity
Not Before: Jan 1 02:54:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=24412f585d31309201662520c770c2c3a91ac195
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:08:2c:96:f8:71:44:36:b2:0c:7d:42:fd:20:
62:6d:36:e3:96:17:53:8b:c3:85:ab:83:e8:5b:dc:
aa:7b:47:f7:64:a0:8e:ce:ef:82:61:bb:08:2f:aa:
64:b6:cd:44:df:95:0b:57:5d:df:b3:2a:09:89:c1:
5c:07:7a:d9:96:5c:81:07:ba:f1:6b:f1:9d:0c:22:
af:4a:4e:2d:5a:60:a8:73:1d:9c:47:a3:ce:f3:30:
04:7a:24:a6:26:ba:2e:28:84:e1:df:d0:ab:47:49:
11:fb:55:0f:65:bc:4c:23:94:ae:7c:1a:ef:1a:96:
9e:f8:19:c5:f8:bc:66:d2:ce:64:b0:7f:37:83:87:
55:d7:be:02:b4:85:60:14:6a:10:c3:cd:57:de:d9:
e1:52:8d:f3:f9:f0:42:17:5c:34:88:d1:2f:20:80:
0c:09:db:8e:5e:4e:55:04:99:71:cc:02:92:60:44:
2d:dc:e9:db:fc:b0:ea:36:d0:25:db:90:51:93:c5:
84:4f:28:0f:20:76:b5:73:15:63:1c:2b:91:4c:d1:
df:84:c6:2e:69:03:a7:07:e7:2a:d6:90:2c:da:e7:
9d:86:91:b3:ac:1c:34:a1:dd:b6:86:e1:73:5c:31:
28:1a:ed:8b:ff:4a:76:fc:0e:a4:67:88:1f:d4:6d:
dc:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:41:2F:58:5D:31:30:92:01:66:25:20:C7:70:C2:C3:A9:1A:C1:95
X509v3 Authority Key Identifier:
keyid:89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/JEEvWF0xMJIBZiUgx3DCw6kawZU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.221.190.0/23
195.191.200.0/23
IPv6:
2001:678:b4c::/48
Signature Algorithm: sha256WithRSAEncryption
a4:27:73:58:76:8a:f5:1d:7f:70:2c:8c:d2:6d:9d:a8:cc:09:
2b:c8:9a:e8:a7:46:23:0e:a3:fd:c0:df:aa:24:8b:9b:81:80:
bf:3a:d8:df:4c:0c:8c:f3:d9:0c:61:98:fc:8f:3a:85:51:98:
bf:0f:fb:05:e0:71:90:b7:c8:13:31:6f:b4:ec:5b:10:42:82:
1c:23:0e:96:e3:99:56:51:dd:1e:96:e9:5c:7f:83:82:85:65:
eb:68:e9:a6:f0:43:58:8c:3c:5a:86:46:14:9e:e5:a5:28:af:
3a:fc:5b:a4:4c:b3:ce:f1:10:e1:4e:df:d8:bd:e1:46:fb:84:
47:ba:1a:8b:3f:f1:b0:11:d1:dc:81:6a:a8:d8:6d:67:45:a8:
90:19:49:08:df:fb:99:38:a1:47:b7:b5:15:67:72:1c:79:98:
90:dc:23:24:74:49:31:2b:9b:3a:8e:92:db:bd:7c:2a:45:5c:
d8:10:f7:cc:bb:df:42:b0:a8:ff:10:57:33:90:6d:37:26:ee:
2e:47:99:f9:8d:74:1e:a8:8c:b1:da:a8:05:dc:d5:07:ee:4d:
07:2d:cb:c7:78:d0:33:f7:f8:67:95:fa:8d:4d:27:fe:ac:97:
5e:5d:b3:d6:7c:52:58:d6:44:b5:07:32:b8:68:f2:27:2a:88:
b0:56:3e:c3
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEAcKlnzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWU0YmY1OTg3N2EzYjJlZjE0ZjVmMTIwYTY3NTBkYzE0OTM5YzZiMB4XDTIyMDEw
MTAyNTQ1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjQ0MTJmNTg1ZDMx
MzA5MjAxNjYyNTIwYzc3MGMyYzNhOTFhYzE5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMcILJb4cUQ2sgx9Qv0gYm0245YXU4vDhauD6FvcqntH92Sg
js7vgmG7CC+qZLbNRN+VC1dd37MqCYnBXAd62ZZcgQe68WvxnQwir0pOLVpgqHMd
nEejzvMwBHokpia6LiiE4d/Qq0dJEftVD2W8TCOUrnwa7xqWnvgZxfi8ZtLOZLB/
N4OHVde+ArSFYBRqEMPNV97Z4VKN8/nwQhdcNIjRLyCADAnbjl5OVQSZccwCkmBE
Ldzp2/yw6jbQJduQUZPFhE8oDyB2tXMVYxwrkUzR34TGLmkDpwfnKtaQLNrnnYaR
s6wcNKHdtobhc1wxKBrti/9KdvwOpGeIH9Rt3N0CAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBQkQS9YXTEwkgFmJSDHcMLDqRrBlTAfBgNVHSMEGDAWgBSJ5L9Zh3o7LvFP
XxIKZ1DcFJOcazAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2llU19XWWQ2T3k3eFQxOFNDbWRRM0JTVG5Hcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmYvMDc1YmMxLTJiNTUtNDBiMS05OTBlLTIzYmI0MjAzZWI1Ny8x
L0pFRXZXRjB4TUpJQlppVWd4M0RDdzZrYXdaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmYv
MDc1YmMxLTJiNTUtNDBiMS05OTBlLTIzYmI0MjAzZWI1Ny8xL2llU19XWWQ2T3k3
eFQxOFNDbWRRM0JTVG5Hcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA2
BggrBgEFBQcBBwEB/wQnMCUwEgQCAAEwDAMEAVvdvgMEAcO/yDAPBAIAAjAJAwcA
IAEGeAtMMA0GCSqGSIb3DQEBCwUAA4IBAQCkJ3NYdor1HX9wLIzSbZ2ozAkryJro
p0YjDqP9wN+qJIubgYC/OtjfTAyM89kMYZj8jzqFUZi/D/sF4HGQt8gTMW+07FsQ
QoIcIw6W45lWUd0elulcf4OChWXraOmm8ENYjDxahkYUnuWlKK86/FukTLPO8RDh
Tt/YveFG+4RHuhqLP/GwEdHcgWqo2G1nRaiQGUkI3/uZOKFHt7UVZ3IceZiQ3CMk
dEkxK5s6jpLbvXwqRVzYEPfMu99CsKj/EFczkG03Ju4uR5n5jXQeqIyx2qgF3NUH
7k0HLcvHeNAz9/hnlfqNTSf+rJdeXbPWfFJY1kS1BzK4aPInKoiwVj7D
-----END CERTIFICATE-----
Generated at Sun Apr 20 14:42:02 2025 by rpki-client