Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/lQRiejEm8rJ6fEhfSzQ8kgoduQY.roa
File: lQRiejEm8rJ6fEhfSzQ8kgoduQY.roa (raw, json)
Hash identifier: Q7EW46euw1Tqh/ALGJ2N82EJDTQWmPee8I0Ih/jUFlc=
Subject key identifier: 95:04:62:7A:31:26:F2:B2:7A:7C:48:5F:4B:34:3C:92:0A:1D:B9:06
Certificate issuer: /CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Certificate serial: 01942444E2D64BE5A051110AAB5D1630BE97
Authority key identifier: 89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/lQRiejEm8rJ6fEhfSzQ8kgoduQY.roa
Signing time: Wed 01 Jan 2025 23:48:01 +0000
ROA not before: Wed 01 Jan 2025 23:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59956
IP address blocks: 91.221.190.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:e2:d6:4b:e5:a0:51:11:0a:ab:5d:16:30:be:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Validity
Not Before: Jan 1 23:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9504627a3126f2b27a7c485f4b343c920a1db906
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:93:3d:80:8a:dc:80:85:48:ff:f9:52:35:13:
7a:2a:8f:f1:da:eb:92:a6:51:23:e0:2d:7c:8c:03:
93:0a:64:5a:ce:e1:50:9d:a8:bd:94:2c:c0:53:9a:
25:e7:cc:7b:f0:8e:e3:a9:04:32:ca:e8:71:df:be:
c6:f1:25:09:7f:96:21:35:5c:a1:cf:03:18:64:60:
82:ea:2f:14:df:4f:7e:a1:10:4c:92:4d:a7:35:41:
ad:b5:79:2b:83:4b:9d:c0:c5:ac:ab:d5:30:6a:50:
58:68:5c:64:a0:ad:dd:ee:bc:39:63:80:41:3d:f5:
bc:1a:d4:2f:a8:27:3a:1a:73:58:91:77:f8:b4:90:
cc:da:4b:c7:95:92:75:b1:2e:2f:af:70:a2:0c:0e:
e6:f4:88:79:ec:9c:3c:d6:b9:f8:93:eb:eb:82:39:
13:1d:86:b2:8d:2e:98:6a:e9:9f:97:24:91:8e:b7:
06:16:83:80:07:25:ab:28:14:b1:39:6a:97:1c:cc:
e4:e0:91:de:b1:2a:27:5d:fc:aa:53:40:a6:73:36:
40:cf:bd:07:42:44:ac:20:93:a5:55:8f:3b:71:3c:
85:8b:9a:3e:2b:db:ab:7f:e2:e1:93:cc:6e:e2:50:
81:82:6a:27:14:be:64:09:3f:4b:c9:27:4c:9e:df:
4d:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:04:62:7A:31:26:F2:B2:7A:7C:48:5F:4B:34:3C:92:0A:1D:B9:06
X509v3 Authority Key Identifier:
keyid:89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/lQRiejEm8rJ6fEhfSzQ8kgoduQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.221.190.0/23
Signature Algorithm: sha256WithRSAEncryption
74:a4:41:d3:53:66:e5:ec:16:82:a6:3e:cf:9a:55:2c:03:0b:
4e:b9:9b:81:ae:cb:ee:ce:46:fd:7a:d3:bd:fd:4f:23:77:52:
f8:ac:e2:83:4d:e2:3e:69:5b:43:d0:78:c5:9f:c2:86:b9:47:
0d:b2:6f:ad:52:c1:9a:94:b0:3d:c1:4b:60:2d:11:97:1f:3a:
28:ef:cd:00:3b:0b:fc:d7:7f:13:cf:30:bc:7a:1a:9f:45:93:
78:80:48:e5:dd:21:64:b0:87:71:be:4d:41:44:3d:d9:bc:38:
ab:fd:d1:fb:51:a6:fd:fb:ef:2e:da:ae:d3:31:d5:f6:fe:d3:
e6:84:bb:87:52:80:45:a3:af:e7:26:ce:58:d6:50:38:ee:82:
01:1e:63:e4:54:8a:11:b0:fe:82:fc:5d:c7:b0:c0:a6:79:4c:
ca:e3:3c:d3:d4:39:cc:7c:0e:02:93:b0:80:cb:16:f9:fe:bf:
1e:a2:ae:83:54:36:de:1c:b2:93:fd:df:4f:5d:26:a8:8e:6e:
9e:7a:e5:60:c2:8b:af:ad:68:ec:a4:7f:27:63:8b:5c:29:ff:
36:88:a8:08:9a:86:7f:e7:db:db:aa:83:2e:72:40:93:e5:2e:
30:2c:62:bb:79:24:84:34:69:20:e0:87:9a:0f:12:12:5b:57:
5b:10:bd:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkROLWS+WgUREKq10WML6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTRiZjU5ODc3YTNiMmVmMTRmNWYxMjBhNjc1MGRjMTQ5
MzljNmIwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA0NjI3YTMxMjZmMmIyN2E3YzQ4NWY0YjM0M2M5MjBhMWRiOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5M9gIrcgIVI//lSNRN6Ko/x2uuS
plEj4C18jAOTCmRazuFQnai9lCzAU5ol58x78I7jqQQyyuhx377G8SUJf5YhNVyh
zwMYZGCC6i8U309+oRBMkk2nNUGttXkrg0udwMWsq9UwalBYaFxkoK3d7rw5Y4BB
PfW8GtQvqCc6GnNYkXf4tJDM2kvHlZJ1sS4vr3CiDA7m9Ih57Jw81rn4k+vrgjkT
HYayjS6YaumflySRjrcGFoOAByWrKBSxOWqXHMzk4JHesSonXfyqU0CmczZAz70H
QkSsIJOlVY87cTyFi5o+K9urf+Lhk8xu4lCBgmonFL5kCT9LySdMnt9NmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUEYnoxJvKyenxIX0s0PJIKHbkGMB8GA1UdIwQY
MBaAFInkv1mHejsu8U9fEgpnUNwUk5xrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUt
MjNiYjQyMDNlYjU3LzEvbFFSaWVqRW04cko2ZkVoZlN6UThrZ29kdVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUtMjNiYjQyMDNlYjU3
LzEvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW92+MA0G
CSqGSIb3DQEBCwUAA4IBAQB0pEHTU2bl7BaCpj7PmlUsAwtOuZuBrsvuzkb9etO9
/U8jd1L4rOKDTeI+aVtD0HjFn8KGuUcNsm+tUsGalLA9wUtgLRGXHzoo780AOwv8
138TzzC8ehqfRZN4gEjl3SFksIdxvk1BRD3ZvDir/dH7Uab9++8u2q7TMdX2/tPm
hLuHUoBFo6/nJs5Y1lA47oIBHmPkVIoRsP6C/F3HsMCmeUzK4zzT1DnMfA4Ck7CA
yxb5/r8eoq6DVDbeHLKT/d9PXSaojm6eeuVgwouvrWjspH8nY4tcKf82iKgImoZ/
59vbqoMuckCT5S4wLGK7eSSENGkg4IeaDxISW1dbEL2N
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:44:27 2025 by rpki-client