Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/uBUAiwB67fdJwUBlGFtTdWoHXlQ.roa
File: uBUAiwB67fdJwUBlGFtTdWoHXlQ.roa (raw, json)
Hash identifier: muT2JwyroV/dhObgw/tIotAaPt9Xvn/9O03w4YERLp0=
Subject key identifier: B8:15:00:8B:00:7A:ED:F7:49:C1:40:65:18:5B:53:75:6A:07:5E:54
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018A4BBD94809804A8FDCE53AC5D05E90E49
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/uBUAiwB67fdJwUBlGFtTdWoHXlQ.roa
Signing time: Thu 31 Aug 2023 13:17:10 +0000
ROA not before: Thu 31 Aug 2023 13:17:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.243.179.0/24 maxlen: 24
91.243.176.0/24 maxlen: 24
195.242.241.0/24 maxlen: 24
195.242.243.0/24 maxlen: 24
185.81.181.0/24 maxlen: 24
185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4b:bd:94:80:98:04:a8:fd:ce:53:ac:5d:05:e9:0e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Aug 31 13:17:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b815008b007aedf749c14065185b53756a075e54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:05:d2:55:2b:0b:dc:26:5f:c0:4b:db:3d:84:
9d:01:7c:05:60:3e:79:e7:9f:25:ca:93:ad:3e:c3:
91:66:59:3a:dc:e2:1d:23:97:20:16:f6:85:0b:3c:
af:93:ee:27:63:ee:99:2d:ac:c1:fd:cf:34:9a:f7:
71:8a:5e:5b:89:d1:42:6b:00:84:76:39:55:14:10:
ec:d1:b6:a7:de:cb:97:67:82:dd:17:4d:a8:79:b4:
55:7c:d6:42:73:6f:6a:c2:fa:ff:28:70:6d:f7:0e:
19:cf:24:6f:c0:40:77:8a:c0:a3:6b:5b:48:4b:c6:
fb:28:b9:e1:ca:19:63:a8:c1:48:a9:9a:53:80:e5:
4b:50:5a:19:18:85:20:8c:53:ae:56:f1:d7:98:c6:
9f:fd:03:74:09:89:21:4b:4a:b4:6d:4f:7c:01:6a:
dc:78:fe:e9:3f:d3:7b:eb:67:4b:67:d2:b0:6f:57:
ff:ce:1b:1b:dd:e0:1a:07:41:26:5b:c8:d1:38:66:
d4:09:ae:9a:fe:48:36:6e:17:d9:c3:73:1a:58:cb:
65:cd:e2:94:25:66:54:94:19:96:3d:9e:19:da:d8:
14:b7:5d:77:60:3f:73:37:20:5f:85:87:65:4e:19:
d5:21:d0:d1:5f:42:ae:2f:36:1d:61:9b:b0:bc:6f:
79:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:15:00:8B:00:7A:ED:F7:49:C1:40:65:18:5B:53:75:6A:07:5E:54
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/uBUAiwB67fdJwUBlGFtTdWoHXlQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.176.0/24
91.243.179.0/24
93.114.61.0/24
185.81.180.0/23
195.242.241.0/24
195.242.243.0/24
Signature Algorithm: sha256WithRSAEncryption
93:d5:f1:f4:a4:c6:75:fe:9a:d0:2e:8b:e0:44:a7:cc:31:c4:
0a:bd:fe:a2:2a:54:5a:83:95:4d:84:e1:cf:97:d9:6f:94:95:
76:24:e3:f2:e8:3a:8d:23:7c:3f:f5:96:ab:0c:2d:9b:69:40:
33:61:99:ed:4a:76:11:b0:78:5d:31:c9:da:06:11:04:a8:77:
68:60:80:c6:f0:cd:fe:b5:da:71:21:5e:94:e8:28:4d:44:5d:
df:94:0f:e2:4e:05:cc:c9:11:42:31:6f:ff:cb:37:cc:9c:ba:
af:7f:53:84:f6:e1:31:29:49:00:33:55:df:a5:3a:e1:17:44:
50:89:2b:05:7a:4d:37:2e:94:92:42:d0:0f:95:f0:e2:85:0c:
b5:18:75:e8:a8:5a:c8:44:7c:1e:04:19:b0:34:32:68:25:6f:
e6:28:30:76:06:19:5a:5e:cf:69:29:22:dc:22:51:d6:ae:03:
1b:7a:b3:07:85:a6:22:d9:6c:64:2e:4c:fc:d2:b8:46:e2:c1:
73:f6:8c:2f:56:ee:d8:89:22:06:ab:8f:91:b9:b8:dd:b7:67:
6e:f7:35:36:79:11:16:d2:cd:13:84:72:02:cc:5f:fd:65:35:
cc:04:44:f3:67:6e:91:0d:d8:73:99:c6:46:72:66:3a:48:96:
26:eb:99:2f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYpLvZSAmASo/c5TrF0F6Q5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwODMxMTMxNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODE1MDA4YjAwN2FlZGY3NDljMTQwNjUxODViNTM3NTZhMDc1ZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwXSVSsL3CZfwEvbPYSdAXwFYD55
558lypOtPsORZlk63OIdI5cgFvaFCzyvk+4nY+6ZLazB/c80mvdxil5bidFCawCE
djlVFBDs0ban3suXZ4LdF02oebRVfNZCc29qwvr/KHBt9w4ZzyRvwEB3isCja1tI
S8b7KLnhyhljqMFIqZpTgOVLUFoZGIUgjFOuVvHXmMaf/QN0CYkhS0q0bU98AWrc
eP7pP9N762dLZ9Kwb1f/zhsb3eAaB0EmW8jROGbUCa6a/kg2bhfZw3MaWMtlzeKU
JWZUlBmWPZ4Z2tgUt113YD9zNyBfhYdlThnVIdDRX0KuLzYdYZuwvG95OwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLgVAIsAeu33ScFAZRhbU3VqB15UMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvdUJVQWl3QjY3ZmRKd1VCbEdGdFRkV29IWGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAW/OwAwQA
W/OzAwQAXXI9AwQBuVG0AwQAw/LxAwQAw/LzMA0GCSqGSIb3DQEBCwUAA4IBAQCT
1fH0pMZ1/prQLovgRKfMMcQKvf6iKlRag5VNhOHPl9lvlJV2JOPy6DqNI3w/9Zar
DC2baUAzYZntSnYRsHhdMcnaBhEEqHdoYIDG8M3+tdpxIV6U6ChNRF3flA/iTgXM
yRFCMW//yzfMnLqvf1OE9uExKUkAM1XfpTrhF0RQiSsFek03LpSSQtAPlfDihQy1
GHXoqFrIRHweBBmwNDJoJW/mKDB2BhlaXs9pKSLcIlHWrgMberMHhaYi2WxkLkz8
0rhG4sFz9owvVu7YiSIGq4+Rubjdt2du9zU2eREW0s0ThHICzF/9ZTXMBETzZ26R
DdhzmcZGcmY6SJYm65kv
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:46:50 2025 by rpki-client