Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/p6HlQ1bKtIrF1xDrk-W2Za8-F1Q.roa
File: p6HlQ1bKtIrF1xDrk-W2Za8-F1Q.roa (raw, json)
Hash identifier: lLhpu7cBvtH17NRFLWXM2kpF1RRfIgh2zHExxuKaifo=
Subject key identifier: A7:A1:E5:43:56:CA:B4:8A:C5:D7:10:EB:93:E5:B6:65:AF:3E:17:54
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018AD11BB0C9AE27F0B39523C78C053B7B1E
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/p6HlQ1bKtIrF1xDrk-W2Za8-F1Q.roa
Signing time: Tue 26 Sep 2023 10:49:27 +0000
ROA not before: Tue 26 Sep 2023 10:49:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203363
IP address blocks: 91.243.176.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:d1:1b:b0:c9:ae:27:f0:b3:95:23:c7:8c:05:3b:7b:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Sep 26 10:49:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a7a1e54356cab48ac5d710eb93e5b665af3e1754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:9d:86:73:9e:73:c0:77:2a:db:7b:49:75:dc:
19:c3:8f:87:7c:e5:97:09:3c:5c:99:2b:c6:41:1b:
b4:d6:4d:1f:4d:c8:9a:ba:74:38:d5:b8:3b:56:07:
d0:1a:71:da:de:12:b4:98:59:4b:8b:62:e5:33:9d:
9e:c0:af:5c:a4:9b:fc:ea:6c:dc:32:3a:ad:95:c8:
68:cc:d0:04:f7:1d:73:c6:b6:aa:94:bb:06:64:12:
fa:31:12:36:f5:5b:5e:e2:b1:05:b6:d1:46:55:44:
94:ba:16:ac:e2:fa:1c:59:b4:24:2c:01:df:50:48:
76:1d:a2:ae:06:42:0d:2d:d4:a3:66:55:2e:a5:25:
4c:90:82:f2:00:f8:ce:3a:a7:8b:e6:c6:c2:e2:fd:
d3:ec:34:13:ab:55:f2:17:92:7e:3f:0e:b3:06:64:
61:ae:5a:4c:bd:e2:30:9c:1f:df:c2:5d:96:67:b5:
cd:19:5b:8c:7e:1a:1c:1d:dd:fe:a7:49:2f:19:57:
c9:e8:56:61:3c:ff:09:c0:3d:e4:a2:f0:6b:cb:6f:
a5:93:09:0f:9f:de:71:d8:db:58:c4:d0:6d:9e:73:
1a:16:3c:14:cb:90:eb:96:7a:51:58:65:cc:78:9d:
7c:52:bc:23:c1:79:6a:7b:52:c5:d0:80:77:01:15:
72:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:A1:E5:43:56:CA:B4:8A:C5:D7:10:EB:93:E5:B6:65:AF:3E:17:54
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/p6HlQ1bKtIrF1xDrk-W2Za8-F1Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.176.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:50:3b:50:96:96:4a:6a:8e:cc:d9:78:54:23:2e:42:81:88:
14:c7:92:d2:43:86:6a:3e:40:09:99:20:ca:4b:f1:7e:b9:9b:
a0:da:f4:42:c1:80:c0:f5:eb:7f:b9:68:bb:c0:f3:f1:64:0d:
12:d1:6a:c3:42:46:43:c3:56:1f:11:d3:7f:8b:43:72:5d:7c:
aa:aa:a9:9e:0e:5a:a7:66:6a:11:d5:8d:53:8a:47:25:e0:c3:
92:09:64:d8:24:18:2a:6b:d5:b4:8d:07:98:67:6b:4e:13:2d:
f0:7f:28:e6:42:e5:01:65:7a:09:d6:6f:07:f5:0b:39:cc:53:
6e:bc:fa:d9:6c:fe:b0:55:cf:02:33:25:c8:30:8f:95:8e:08:
7f:0f:e9:e5:0d:36:8e:46:51:ed:b3:9b:9c:00:06:22:d9:7a:
48:c3:0a:24:a7:31:4e:40:f5:05:ba:31:03:1a:0d:d7:71:20:
d1:c4:a8:9d:8f:f5:77:05:9d:0b:e7:df:5e:ff:07:26:49:11:
86:4f:7e:a8:46:e7:fa:0b:4b:9c:2d:19:32:55:fc:5b:33:4a:
ef:1c:96:f9:cd:c8:99:25:aa:dd:cd:5a:51:62:dc:a3:86:4a:
f9:ee:92:48:5e:ae:b0:b6:c7:1c:0d:f4:a6:04:f9:ff:42:2c:
35:eb:4f:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYrRG7DJrifws5Ujx4wFO3seMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwOTI2MTA0OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ExZTU0MzU2Y2FiNDhhYzVkNzEwZWI5M2U1YjY2NWFmM2UxNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA352Gc55zwHcq23tJddwZw4+HfOWX
CTxcmSvGQRu01k0fTciaunQ41bg7VgfQGnHa3hK0mFlLi2LlM52ewK9cpJv86mzc
MjqtlchozNAE9x1zxraqlLsGZBL6MRI29Vte4rEFttFGVUSUuhas4vocWbQkLAHf
UEh2HaKuBkINLdSjZlUupSVMkILyAPjOOqeL5sbC4v3T7DQTq1XyF5J+Pw6zBmRh
rlpMveIwnB/fwl2WZ7XNGVuMfhocHd3+p0kvGVfJ6FZhPP8JwD3kovBry2+lkwkP
n95x2NtYxNBtnnMaFjwUy5DrlnpRWGXMeJ18UrwjwXlqe1LF0IB3ARVyPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeh5UNWyrSKxdcQ65PltmWvPhdUMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvcDZIbFExYkt0SXJGMXhEcmstVzJaYTgtRjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/OwMA0G
CSqGSIb3DQEBCwUAA4IBAQCpUDtQlpZKao7M2XhUIy5CgYgUx5LSQ4ZqPkAJmSDK
S/F+uZug2vRCwYDA9et/uWi7wPPxZA0S0WrDQkZDw1YfEdN/i0NyXXyqqqmeDlqn
ZmoR1Y1Tikcl4MOSCWTYJBgqa9W0jQeYZ2tOEy3wfyjmQuUBZXoJ1m8H9Qs5zFNu
vPrZbP6wVc8CMyXIMI+Vjgh/D+nlDTaORlHts5ucAAYi2XpIwwokpzFOQPUFujED
Gg3XcSDRxKidj/V3BZ0L599e/wcmSRGGT36oRuf6C0ucLRkyVfxbM0rvHJb5zciZ
JardzVpRYtyjhkr57pJIXq6wtsccDfSmBPn/Qiw160/h
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:57:57 2025 by rpki-client