Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/DRuMQPHspeepI0fmvogtOkf6L-0.roa
File: DRuMQPHspeepI0fmvogtOkf6L-0.roa (raw, json)
Hash identifier: d9E6EqCxzuHrml838j0q6YpkdBua29pKohha6v99PVI=
Subject key identifier: 0D:1B:8C:40:F1:EC:A5:E7:A9:23:47:E6:BE:88:2D:3A:47:FA:2F:ED
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018CC56E1DDDF31061E1E58C53C38FDDA9A9
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/DRuMQPHspeepI0fmvogtOkf6L-0.roa
Signing time: Mon 01 Jan 2024 14:29:37 +0000
ROA not before: Mon 01 Jan 2024 14:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42831
IP address blocks: 91.243.177.0/24 maxlen: 24
93.114.61.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:1d:dd:f3:10:61:e1:e5:8c:53:c3:8f:dd:a9:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 1 14:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0d1b8c40f1eca5e7a92347e6be882d3a47fa2fed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:0e:f9:ea:27:4c:7f:45:57:0b:22:f1:11:bd:
b4:d2:44:25:d6:02:38:02:c2:60:6a:9d:86:5b:93:
9d:98:9d:13:45:f4:6d:2b:71:85:cc:d8:91:d0:23:
0c:13:9a:48:59:85:9b:84:75:77:78:f3:fa:3b:31:
35:63:17:d8:04:cc:87:1a:2c:c6:4c:15:ca:35:c3:
28:43:85:6b:94:20:74:c4:f7:f0:80:41:a6:8e:c9:
eb:d3:3e:2b:5e:11:30:1b:0c:8a:0d:65:37:5a:59:
9d:1f:a0:64:0d:98:fc:e5:6d:2b:71:cb:47:59:ea:
f6:77:49:c2:c9:92:5c:e2:82:0d:df:ba:21:05:4e:
65:a7:eb:90:7d:27:46:18:5a:77:2d:98:09:ac:68:
c4:9f:b3:03:13:d0:9e:c0:ef:93:e5:2c:0b:fc:44:
b1:3b:ea:eb:5d:22:74:25:9a:8c:d5:32:d4:74:3d:
a1:a0:f9:0f:51:29:3e:a4:66:42:b8:79:a3:54:05:
72:a1:0f:0c:f8:23:0e:e5:d4:c7:c9:22:50:d0:c1:
de:40:f5:11:ca:b3:b1:40:b0:5c:4b:9c:bd:5b:79:
98:f8:45:25:85:73:5b:b1:54:ae:2c:f9:30:55:24:
85:3f:2a:89:a3:44:57:e1:34:23:45:c7:9f:e4:d6:
ea:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:1B:8C:40:F1:EC:A5:E7:A9:23:47:E6:BE:88:2D:3A:47:FA:2F:ED
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/DRuMQPHspeepI0fmvogtOkf6L-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.177.0/24
93.114.61.0/24
Signature Algorithm: sha256WithRSAEncryption
63:9a:53:59:73:7d:69:a8:5a:a6:cd:9c:28:07:b7:b8:a2:3e:
af:cb:56:5e:1b:e1:6f:da:81:25:27:6f:18:32:54:fc:e7:dd:
bd:37:cb:bf:74:47:79:f3:3f:2b:a3:b0:41:78:eb:23:0b:ac:
59:39:5c:41:60:6a:95:e6:f5:c0:80:f3:b1:b3:4f:59:aa:64:
ef:e8:9b:d9:26:32:9d:6f:ae:a4:00:9e:e4:88:c7:b2:b7:5d:
d3:24:89:33:5b:0f:f4:12:f5:63:54:11:d8:a1:82:39:3a:49:
99:7a:d7:69:e0:80:d5:5d:2d:c6:f5:8d:59:66:5c:52:9f:9b:
5a:14:31:6a:43:36:fe:41:f7:50:9d:3c:77:82:55:2c:e5:c7:
36:3e:9c:79:ec:c8:97:7c:ee:68:f8:13:ff:77:b3:d9:2a:43:
e3:1f:e6:1f:08:8a:4e:57:85:07:36:c4:b4:39:68:16:fd:6b:
dc:d1:93:ff:bb:f2:fd:6a:33:c2:a7:dd:71:8e:ac:5d:b3:52:
76:df:d1:f1:04:3b:be:e2:28:bb:7c:17:a4:fd:d0:07:d9:1b:
0f:21:41:c4:e7:fb:4e:1f:68:0f:f1:85:1a:ce:a2:18:a5:f9:
18:f8:31:ab:37:88:30:08:f2:88:b0:5b:04:78:1a:f8:91:37:
ed:12:45:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbh3d8xBh4eWMU8OP3ampMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFiOGM0MGYxZWNhNWU3YTkyMzQ3ZTZiZTg4MmQzYTQ3ZmEyZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQ756idMf0VXCyLxEb200kQl1gI4
AsJgap2GW5OdmJ0TRfRtK3GFzNiR0CMME5pIWYWbhHV3ePP6OzE1YxfYBMyHGizG
TBXKNcMoQ4VrlCB0xPfwgEGmjsnr0z4rXhEwGwyKDWU3WlmdH6BkDZj85W0rcctH
Wer2d0nCyZJc4oIN37ohBU5lp+uQfSdGGFp3LZgJrGjEn7MDE9CewO+T5SwL/ESx
O+rrXSJ0JZqM1TLUdD2hoPkPUSk+pGZCuHmjVAVyoQ8M+CMO5dTHySJQ0MHeQPUR
yrOxQLBcS5y9W3mY+EUlhXNbsVSuLPkwVSSFPyqJo0RX4TQjRcef5NbqOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA0bjEDx7KXnqSNH5r6ILTpH+i/tMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvRFJ1TVFQSHNwZWVwSTBmbXZvZ3RPa2Y2TC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/OxAwQA
XXI9MA0GCSqGSIb3DQEBCwUAA4IBAQBjmlNZc31pqFqmzZwoB7e4oj6vy1ZeG+Fv
2oElJ28YMlT85929N8u/dEd58z8ro7BBeOsjC6xZOVxBYGqV5vXAgPOxs09ZqmTv
6JvZJjKdb66kAJ7kiMeyt13TJIkzWw/0EvVjVBHYoYI5OkmZetdp4IDVXS3G9Y1Z
ZlxSn5taFDFqQzb+QfdQnTx3glUs5cc2Ppx57MiXfO5o+BP/d7PZKkPjH+YfCIpO
V4UHNsS0OWgW/Wvc0ZP/u/L9ajPCp91xjqxds1J239HxBDu+4ii7fBek/dAH2RsP
IUHE5/tOH2gP8YUazqIYpfkY+DGrN4gwCPKIsFsEeBr4kTftEkWS
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:20 2025 by rpki-client