Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b15851-a83b-415c-aee5-f9efc0457fb9/1/Ok5SSw9lI8Fbe8usimCvhipu7FY.roa
File: Ok5SSw9lI8Fbe8usimCvhipu7FY.roa (raw, json)
Hash identifier: lFmZr5KSEng1/TiIGpmYdiU3kVgBS+qek3k37yg0qRM=
Subject key identifier: 3A:4E:52:4B:0F:65:23:C1:5B:7B:CB:AC:8A:60:AF:86:2A:6E:EC:56
Certificate issuer: /CN=582c74fc59b7ab096a257d3b6299d2f6fda46a80
Certificate serial: 0192DE2D441ABC65883645DF1BB8512AF6CD
Authority key identifier: 58:2C:74:FC:59:B7:AB:09:6A:25:7D:3B:62:99:D2:F6:FD:A4:6A:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WCx0_Fm3qwlqJX07YpnS9v2kaoA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/b15851-a83b-415c-aee5-f9efc0457fb9/1/Ok5SSw9lI8Fbe8usimCvhipu7FY.roa
Signing time: Wed 30 Oct 2024 16:06:01 +0000
ROA not before: Wed 30 Oct 2024 16:06:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212598
IP address blocks: 91.142.130.0/24 maxlen: 24
2a13:7240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:de:2d:44:1a:bc:65:88:36:45:df:1b:b8:51:2a:f6:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=582c74fc59b7ab096a257d3b6299d2f6fda46a80
Validity
Not Before: Oct 30 16:06:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3a4e524b0f6523c15b7bcbac8a60af862a6eec56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:99:08:9a:e2:6e:36:9c:dd:5b:3b:c7:48:d5:
a4:31:5c:34:5a:26:83:bf:d7:20:83:54:75:c8:9f:
85:c0:bc:d6:36:d9:9f:1b:b3:da:04:52:23:36:0c:
64:4f:fe:c1:18:d4:47:ec:7a:4c:71:2b:e6:ed:21:
04:19:3f:62:fa:87:51:75:d4:de:8e:50:cd:04:63:
bc:35:e8:18:fa:48:95:1d:ba:02:a6:ed:36:26:75:
3d:85:e6:8b:ad:eb:5e:6b:38:6c:eb:f1:27:ab:4c:
8f:e5:af:28:6a:73:2a:36:45:cc:86:f5:b8:9c:ca:
d3:d9:e8:65:af:d2:07:ca:f3:76:b0:44:73:5d:4b:
9b:52:62:3e:91:0a:60:90:44:84:cd:b0:fb:06:12:
00:e3:8b:5f:a7:f5:37:9c:03:06:77:84:84:80:3d:
22:28:2f:dc:94:d8:5a:10:82:55:20:49:83:26:b1:
2e:3e:fa:4a:77:ff:c5:73:1e:bd:74:fc:ce:59:50:
cd:2f:24:af:da:07:b5:2e:75:64:c7:66:6d:5d:20:
05:59:e8:06:6a:55:fa:28:b1:5a:1a:64:3e:c9:9e:
c6:cf:cc:59:38:aa:2f:41:88:02:ae:68:6f:24:11:
6a:36:b4:50:9c:de:46:35:e9:3b:1e:d6:5b:0a:d9:
0a:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:4E:52:4B:0F:65:23:C1:5B:7B:CB:AC:8A:60:AF:86:2A:6E:EC:56
X509v3 Authority Key Identifier:
keyid:58:2C:74:FC:59:B7:AB:09:6A:25:7D:3B:62:99:D2:F6:FD:A4:6A:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WCx0_Fm3qwlqJX07YpnS9v2kaoA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b15851-a83b-415c-aee5-f9efc0457fb9/1/Ok5SSw9lI8Fbe8usimCvhipu7FY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b15851-a83b-415c-aee5-f9efc0457fb9/1/WCx0_Fm3qwlqJX07YpnS9v2kaoA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.142.130.0/24
IPv6:
2a13:7240::/29
Signature Algorithm: sha256WithRSAEncryption
86:05:44:0a:54:33:5d:bd:b8:01:ff:6f:02:82:ef:61:60:84:
5f:7b:a8:fc:5b:05:df:8c:3a:12:22:0b:ce:af:5c:5d:11:88:
64:32:50:05:dd:fc:4d:ff:a1:ab:64:98:98:ca:2d:80:03:d7:
58:e4:b2:23:c1:ff:3e:7e:eb:79:32:96:11:23:5a:af:8a:1c:
34:0c:5f:4b:2d:58:7d:1f:af:f8:e3:23:9e:69:25:e6:51:8a:
02:91:17:77:1d:ed:a2:37:9d:4d:32:b3:5b:ee:4a:3b:a3:56:
d9:fc:b1:86:1c:b0:3f:20:f4:b3:54:90:28:41:8f:84:a3:e9:
11:26:09:99:a2:5e:18:45:70:5e:af:d4:44:94:8e:bc:cf:46:
f3:03:77:df:95:d8:a1:eb:b3:9b:22:38:f0:94:fa:52:19:d5:
21:b0:56:7e:34:a2:e9:2a:cd:f4:7a:c8:e6:5e:88:50:ca:43:
ac:c6:55:12:96:80:2c:99:d0:51:1f:1b:fd:cd:be:5a:d0:b0:
ff:c4:03:6d:c1:78:11:4b:9c:84:2c:b5:4c:19:9d:d3:f1:ff:
4b:b0:2d:e8:e9:9c:22:1c:b3:2e:42:ff:b2:19:f4:16:41:13:
80:6c:34:de:b3:ad:af:28:06:e0:5a:73:eb:81:5c:d2:0b:d9:
3e:d2:ab:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZLeLUQavGWINkXfG7hRKvbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MmM3NGZjNTliN2FiMDk2YTI1N2QzYjYyOTlkMmY2ZmRh
NDZhODAwHhcNMjQxMDMwMTYwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRlNTI0YjBmNjUyM2MxNWI3YmNiYWM4YTYwYWY4NjJhNmVlYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZkImuJuNpzdWzvHSNWkMVw0WiaD
v9cgg1R1yJ+FwLzWNtmfG7PaBFIjNgxkT/7BGNRH7HpMcSvm7SEEGT9i+odRddTe
jlDNBGO8NegY+kiVHboCpu02JnU9heaLreteazhs6/Enq0yP5a8oanMqNkXMhvW4
nMrT2ehlr9IHyvN2sERzXUubUmI+kQpgkESEzbD7BhIA44tfp/U3nAMGd4SEgD0i
KC/clNhaEIJVIEmDJrEuPvpKd//Fcx69dPzOWVDNLySv2ge1LnVkx2ZtXSAFWegG
alX6KLFaGmQ+yZ7Gz8xZOKovQYgCrmhvJBFqNrRQnN5GNek7HtZbCtkK9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDpOUksPZSPBW3vLrIpgr4YqbuxWMB8GA1UdIwQY
MBaAFFgsdPxZt6sJaiV9O2KZ0vb9pGqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0N4MF9GbTNxd2xxSlgwN1lwblM5djJrYW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iMTU4NTEtYTgzYi00MTVjLWFlZTUt
ZjllZmMwNDU3ZmI5LzEvT2s1U1N3OWxJOEZiZTh1c2ltQ3ZoaXB1N0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iMTU4NTEtYTgzYi00MTVjLWFlZTUtZjllZmMwNDU3ZmI5
LzEvV0N4MF9GbTNxd2xxSlgwN1lwblM5djJrYW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW46CMA0E
AgACMAcDBQMqE3JAMA0GCSqGSIb3DQEBCwUAA4IBAQCGBUQKVDNdvbgB/28Cgu9h
YIRfe6j8WwXfjDoSIgvOr1xdEYhkMlAF3fxN/6GrZJiYyi2AA9dY5LIjwf8+fut5
MpYRI1qvihw0DF9LLVh9H6/44yOeaSXmUYoCkRd3He2iN51NMrNb7ko7o1bZ/LGG
HLA/IPSzVJAoQY+Eo+kRJgmZol4YRXBer9RElI68z0bzA3ffldih67ObIjjwlPpS
GdUhsFZ+NKLpKs30esjmXohQykOsxlUSloAsmdBRHxv9zb5a0LD/xANtwXgRS5yE
LLVMGZ3T8f9LsC3o6ZwiHLMuQv+yGfQWQROAbDTes62vKAbgWnPrgVzSC9k+0qup
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:19:57 2025 by rpki-client