Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/coI_8sREKsDRU77OjlHmmWkQ6Pc.roa
File: coI_8sREKsDRU77OjlHmmWkQ6Pc.roa (raw, json)
Hash identifier: CfJlxk25TQvjyuG8bgs41c1cLhi7LDfkRcJFLpzcB5o=
Subject key identifier: 72:82:3F:F2:C4:44:2A:C0:D1:53:BE:CE:8E:51:E6:99:69:10:E8:F7
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 01856DC1E63B50061EC62840C0914B45F2E4
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/coI_8sREKsDRU77OjlHmmWkQ6Pc.roa
Signing time: Sun 01 Jan 2023 14:35:01 +0000
ROA not before: Sun 01 Jan 2023 14:35:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57899
IP address blocks: 91.236.134.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:e6:3b:50:06:1e:c6:28:40:c0:91:4b:45:f2:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 14:35:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=72823ff2c4442ac0d153bece8e51e6996910e8f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:45:f2:ea:da:43:28:80:0f:fa:ca:5b:53:60:
db:9f:f0:7d:62:ae:a4:0c:93:02:f6:75:4d:82:be:
8d:2e:11:a9:ef:e5:1c:0b:6a:b7:12:69:f5:f1:f7:
78:fc:3e:d6:04:f8:7c:e2:a4:1b:32:22:49:cf:73:
fb:80:f7:aa:61:67:47:4b:00:25:89:3c:dc:1d:0c:
36:cc:e3:bc:a3:73:1d:f1:ac:2a:f6:ed:3e:fd:f3:
41:aa:4c:b4:a1:13:6a:72:51:64:1b:bd:94:a0:48:
39:f9:1a:a6:3b:cd:0f:b1:21:75:af:4c:bc:03:8e:
41:5d:64:7c:03:1a:75:56:84:34:4a:db:6f:2e:99:
f5:e5:71:a8:df:4c:71:b8:d9:5d:0f:db:52:38:98:
8e:82:92:96:b9:69:4a:cc:76:de:e5:2d:d2:83:2c:
93:a3:e4:c2:f8:41:ed:53:62:94:b5:7d:a3:e4:73:
83:ac:24:10:bc:9c:47:fa:a6:be:b3:80:bb:74:f3:
52:79:8a:63:7e:4b:a2:4e:a2:38:56:f3:b9:16:8f:
c0:52:de:ed:57:7b:fd:e6:fa:19:0b:d2:2f:d0:f0:
bd:db:f0:90:df:27:1b:a5:4e:86:01:ff:cf:5b:55:
fa:9d:ff:f4:40:ae:33:46:58:49:89:fc:aa:de:42:
61:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:82:3F:F2:C4:44:2A:C0:D1:53:BE:CE:8E:51:E6:99:69:10:E8:F7
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/coI_8sREKsDRU77OjlHmmWkQ6Pc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.236.134.0/23
Signature Algorithm: sha256WithRSAEncryption
04:a9:76:30:e8:ae:59:be:f7:eb:66:a4:b9:fc:67:0b:76:de:
35:00:e4:2d:de:d4:e6:82:97:e6:ad:24:b5:5f:d7:80:12:e5:
76:be:9c:3c:60:cc:8d:ae:5a:59:48:9a:8e:23:22:89:f5:c7:
f1:23:df:60:86:ba:c1:48:9e:93:b7:8e:87:2a:8f:1f:d5:3a:
8b:79:b5:b6:87:8e:4c:9c:c6:2d:20:8d:33:98:4e:22:11:e1:
df:3b:2a:a6:1c:12:bf:05:be:d8:c1:b9:a9:0b:b2:33:6b:59:
a3:68:a3:71:94:45:36:e0:39:78:ee:fe:96:f7:8a:30:26:b8:
01:f3:36:da:ba:bc:a1:c4:b9:fe:1e:7e:22:2f:73:0c:ff:19:
61:2d:ce:ca:a3:71:50:8f:1e:0d:06:4e:71:7b:4c:ba:10:53:
8d:80:a4:5a:dd:7b:9b:7f:e5:a2:22:1f:ae:47:99:ef:14:cd:
33:c1:47:5e:24:3a:76:ce:da:f7:79:92:3e:04:44:49:cc:a4:
9c:05:3a:20:0a:de:96:5c:22:71:16:ec:71:9c:78:15:bd:c1:
05:f9:7d:cb:23:1d:19:4b:b7:90:10:ca:e5:b4:48:8a:ba:a9:
16:85:45:96:90:58:4a:ad:bd:30:87:da:1d:a0:ab:75:6a:9a:
d6:d1:a1:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtweY7UAYexihAwJFLRfLkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjMwMTAxMTQzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjgyM2ZmMmM0NDQyYWMwZDE1M2JlY2U4ZTUxZTY5OTY5MTBlOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEXy6tpDKIAP+spbU2Dbn/B9Yq6k
DJMC9nVNgr6NLhGp7+UcC2q3Emn18fd4/D7WBPh84qQbMiJJz3P7gPeqYWdHSwAl
iTzcHQw2zOO8o3Md8awq9u0+/fNBqky0oRNqclFkG72UoEg5+RqmO80PsSF1r0y8
A45BXWR8Axp1VoQ0SttvLpn15XGo30xxuNldD9tSOJiOgpKWuWlKzHbe5S3SgyyT
o+TC+EHtU2KUtX2j5HODrCQQvJxH+qa+s4C7dPNSeYpjfkuiTqI4VvO5Fo/AUt7t
V3v95voZC9Iv0PC92/CQ3ycbpU6GAf/PW1X6nf/0QK4zRlhJifyq3kJhHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKCP/LERCrA0VO+zo5R5plpEOj3MB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvY29JXzhzUkVLc0RSVTc3T2psSG1tV2tRNlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+yGMA0G
CSqGSIb3DQEBCwUAA4IBAQAEqXYw6K5ZvvfrZqS5/GcLdt41AOQt3tTmgpfmrSS1
X9eAEuV2vpw8YMyNrlpZSJqOIyKJ9cfxI99ghrrBSJ6Tt46HKo8f1TqLebW2h45M
nMYtII0zmE4iEeHfOyqmHBK/Bb7YwbmpC7Iza1mjaKNxlEU24Dl47v6W94owJrgB
8zbauryhxLn+Hn4iL3MM/xlhLc7Ko3FQjx4NBk5xe0y6EFONgKRa3Xubf+WiIh+u
R5nvFM0zwUdeJDp2ztr3eZI+BERJzKScBTogCt6WXCJxFuxxnHgVvcEF+X3LIx0Z
S7eQEMrltEiKuqkWhUWWkFhKrb0wh9odoKt1aprW0aG0
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:26:33 2025 by rpki-client