Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/Ui3xmWg5zBz5Ha-UBVHDjOmrjJQ.roa
File: Ui3xmWg5zBz5Ha-UBVHDjOmrjJQ.roa (raw, json)
Hash identifier: sKJva5EvoRK85Ksve/lCTsmLLBLCsm/nIhFQG35WTKk=
Subject key identifier: 52:2D:F1:99:68:39:CC:1C:F9:1D:AF:94:05:51:C3:8C:E9:AB:8C:94
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 01887BB5312A4C8E123E155B7EF1EBF1E13C
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/Ui3xmWg5zBz5Ha-UBVHDjOmrjJQ.roa
Signing time: Fri 02 Jun 2023 10:44:12 +0000
ROA not before: Fri 02 Jun 2023 10:44:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42831
IP address blocks: 91.243.177.0/24 maxlen: 24
93.114.61.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:7b:b5:31:2a:4c:8e:12:3e:15:5b:7e:f1:eb:f1:e1:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jun 2 10:44:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=522df1996839cc1cf91daf940551c38ce9ab8c94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:d0:56:e1:58:28:09:ef:f9:7e:5b:b7:11:ae:
d5:09:99:39:82:67:df:bf:68:6e:fd:15:a5:ab:22:
36:96:62:62:81:bc:c3:89:23:79:b0:dc:eb:2a:e3:
6e:2b:36:f6:3e:76:6e:83:04:ab:6d:a4:96:72:3c:
30:f0:3c:9a:67:f0:8b:df:44:d2:fd:5b:c3:2c:a8:
e5:29:20:c7:c6:c2:d6:d7:e5:5d:b6:71:10:4a:f7:
17:d6:31:03:0f:d4:31:16:b1:b0:8f:c3:be:23:ea:
23:3e:2b:40:79:7d:3d:7b:23:de:6e:31:31:ac:7f:
f9:25:22:b0:27:9e:f3:41:bd:ba:09:56:e1:a3:53:
e1:37:56:04:15:a2:70:43:fa:13:db:7a:1d:42:39:
e8:36:9d:5a:77:d1:63:a9:86:6d:78:39:58:74:19:
48:d8:d5:69:7d:14:3c:e1:c8:6d:df:9c:4f:1c:60:
d7:bc:58:22:3e:3d:5a:ed:13:04:ef:07:72:44:33:
15:85:ea:22:c5:b1:6e:0c:e6:28:d7:db:a5:43:ed:
8d:05:ea:05:af:00:7e:03:2f:15:f8:0e:11:1a:e9:
4c:30:7c:90:a5:72:9e:87:fb:6d:45:cd:2c:9f:c5:
0c:f9:f0:26:eb:74:f6:d8:17:1d:a0:92:c9:e7:26:
60:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:2D:F1:99:68:39:CC:1C:F9:1D:AF:94:05:51:C3:8C:E9:AB:8C:94
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/Ui3xmWg5zBz5Ha-UBVHDjOmrjJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.177.0/24
93.114.61.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:4c:8a:6c:59:f6:d6:66:70:3b:73:87:5b:ab:58:57:21:34:
41:43:f3:57:86:29:84:6c:28:ee:3d:73:77:36:17:ea:48:3a:
6d:fd:de:08:67:1b:7f:18:f6:ee:80:d7:b9:b0:c1:0e:40:39:
2c:9f:a9:a7:1b:3e:cc:bc:f3:61:30:97:b4:c7:a8:86:4e:24:
72:5c:ec:a2:1c:34:71:af:81:d9:a0:d1:5d:f8:4b:fb:5b:10:
64:39:1f:9a:83:d5:81:20:54:d9:29:11:ac:b1:26:f7:c9:72:
c6:cd:93:57:1b:01:b7:4a:7f:9d:c5:2b:71:44:8c:f2:cb:17:
d2:72:79:5a:8d:9c:43:c8:04:ce:00:1b:5c:de:d8:46:4b:b8:
f8:cf:20:e6:7e:bf:5b:7b:ec:18:6c:b4:c4:5b:5f:1d:e3:64:
da:4e:29:bd:9b:ff:dd:ec:6c:7a:f6:ef:95:d3:c7:89:76:3a:
fa:6c:e2:d5:88:32:6f:70:1a:ba:4b:e0:a6:84:d8:dc:13:03:
bd:8e:67:49:26:6a:12:ea:32:0d:03:20:2c:d3:21:db:15:bf:
c2:36:b8:77:c0:38:7f:d1:3c:c4:0d:00:63:93:96:ce:b3:f5:
b9:d2:a7:0c:fe:c4:53:d8:02:34:61:1d:a3:55:88:11:74:3d:
48:30:87:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYh7tTEqTI4SPhVbfvHr8eE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwNjAyMTA0NDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJkZjE5OTY4MzljYzFjZjkxZGFmOTQwNTUxYzM4Y2U5YWI4Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9BW4VgoCe/5flu3Ea7VCZk5gmff
v2hu/RWlqyI2lmJigbzDiSN5sNzrKuNuKzb2PnZugwSrbaSWcjww8DyaZ/CL30TS
/VvDLKjlKSDHxsLW1+VdtnEQSvcX1jEDD9QxFrGwj8O+I+ojPitAeX09eyPebjEx
rH/5JSKwJ57zQb26CVbho1PhN1YEFaJwQ/oT23odQjnoNp1ad9FjqYZteDlYdBlI
2NVpfRQ84cht35xPHGDXvFgiPj1a7RME7wdyRDMVheoixbFuDOYo19ulQ+2NBeoF
rwB+Ay8V+A4RGulMMHyQpXKeh/ttRc0sn8UM+fAm63T22BcdoJLJ5yZgBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFIt8ZloOcwc+R2vlAVRw4zpq4yUMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvVWkzeG1XZzV6Qno1SGEtVUJWSERqT21yakpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/OxAwQA
XXI9MA0GCSqGSIb3DQEBCwUAA4IBAQCNTIpsWfbWZnA7c4dbq1hXITRBQ/NXhimE
bCjuPXN3NhfqSDpt/d4IZxt/GPbugNe5sMEOQDksn6mnGz7MvPNhMJe0x6iGTiRy
XOyiHDRxr4HZoNFd+Ev7WxBkOR+ag9WBIFTZKRGssSb3yXLGzZNXGwG3Sn+dxStx
RIzyyxfScnlajZxDyATOABtc3thGS7j4zyDmfr9be+wYbLTEW18d42TaTim9m//d
7Gx69u+V08eJdjr6bOLViDJvcBq6S+CmhNjcEwO9jmdJJmoS6jINAyAs0yHbFb/C
Nrh3wDh/0TzEDQBjk5bOs/W50qcM/sRT2AI0YR2jVYgRdD1IMIc7
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:03:48 2025 by rpki-client