Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/BS8vu7xHY5ug-pacQeWTG_o7SR8.roa
File: BS8vu7xHY5ug-pacQeWTG_o7SR8.roa (raw, json)
Hash identifier: 6BFjL5+9Zd0iAnxhG12b9m4NEgAd2Mp27B+jQftgVMs=
Subject key identifier: 05:2F:2F:BB:BC:47:63:9B:A0:FA:96:9C:41:E5:93:1B:FA:3B:49:1F
Certificate issuer: /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial: 018D13D7EF7A3ADD28217AA05E29576D9550
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/BS8vu7xHY5ug-pacQeWTG_o7SR8.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 91.242.240.0/24 maxlen: 24
176.100.44.0/24 maxlen: 24
185.252.208.0/24 maxlen: 24
193.243.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ef:7a:3a:dd:28:21:7a:a0:5e:29:57:6d:95:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=052f2fbbbc47639ba0fa969c41e5931bfa3b491f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:27:7a:e8:72:1f:d2:c6:b1:73:11:6d:18:63:
a1:20:fb:81:48:8c:62:5e:fd:d0:0f:fe:da:2f:f0:
e3:06:97:50:80:cb:8e:46:5f:8a:99:a3:fa:5c:b3:
12:a2:bd:8e:6c:5a:f2:5e:6e:02:af:9a:ff:7a:5f:
bc:ca:2b:57:ce:7a:89:67:36:d2:c9:b4:c8:12:71:
98:f7:b3:56:bf:e3:94:c0:cf:11:94:85:d2:7e:d1:
cb:71:b9:6a:f9:63:4f:e8:d3:87:77:3f:fa:e8:dd:
47:6c:12:f9:0f:40:4d:bb:d8:b2:8c:6a:86:53:47:
55:24:12:6a:55:0e:be:09:3e:62:ab:79:05:48:e0:
48:99:f7:6a:b1:2b:e5:8c:74:49:d8:72:86:4c:32:
b9:be:ab:55:37:c4:38:85:c0:c9:37:0e:2e:8e:75:
cb:e5:74:23:e7:de:4c:38:26:0a:8a:09:b3:87:3c:
49:e4:e5:ab:cf:1a:25:9c:3f:50:34:9f:8d:8a:93:
2b:de:60:bc:57:09:ae:61:14:9d:66:c2:f9:30:7b:
3c:f7:56:b2:b4:ac:17:37:39:f6:62:fe:6a:f1:4a:
84:9a:72:09:00:fd:14:7e:0d:04:3e:56:2c:c6:1c:
45:bc:ed:93:ba:32:27:03:95:38:6a:15:79:ce:2b:
95:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:2F:2F:BB:BC:47:63:9B:A0:FA:96:9C:41:E5:93:1B:FA:3B:49:1F
X509v3 Authority Key Identifier:
keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/BS8vu7xHY5ug-pacQeWTG_o7SR8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.242.240.0/24
176.100.44.0/24
185.252.208.0/24
193.243.191.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:e1:ba:c1:0e:60:45:38:13:78:c1:77:9e:8d:c2:6e:df:dc:
34:7b:fe:8d:fd:51:2c:62:d1:e8:2a:2a:e5:a7:79:54:af:ce:
57:21:70:20:5f:2d:bd:72:c1:c9:45:59:89:3f:ca:55:ad:aa:
89:31:1d:1f:7c:46:85:21:15:36:4f:a7:76:bd:2d:90:73:d9:
34:22:78:de:5b:36:bf:8a:00:4c:57:68:5f:a5:95:ed:ea:d6:
a9:6d:b9:4a:4e:ae:db:f8:4d:d5:52:d1:12:f2:95:4f:f1:d5:
6c:00:d3:27:6a:36:f4:05:6e:6c:65:ab:9f:46:42:05:94:9d:
4d:ee:31:13:be:f2:38:c4:88:bd:8b:93:fc:57:36:a0:5f:41:
b7:53:d4:c8:d4:6c:6b:55:91:20:2c:c7:a4:86:cd:16:40:27:
48:02:15:54:da:7e:d8:f1:71:90:cf:f2:b4:37:5e:a5:6d:77:
ea:40:d7:2e:8d:0d:c8:43:b8:f9:92:60:7f:a7:e7:6b:c2:80:
8f:06:b2:96:b2:68:9e:d0:3e:f1:90:cc:fa:85:01:b4:2d:36:
94:3d:7d:d5:0e:21:8b:d2:24:17:94:9c:ef:4c:0d:f8:44:34:
ac:79:27:c9:79:c8:8f:f4:85:d6:ee:71:80:4c:35:bc:71:95:
52:30:33:31
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0T1+96Ot0oIXqgXilXbZVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTJmMmZiYmJjNDc2MzliYTBmYTk2OWM0MWU1OTMxYmZhM2I0OTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSd66HIf0saxcxFtGGOhIPuBSIxi
Xv3QD/7aL/DjBpdQgMuORl+KmaP6XLMSor2ObFryXm4Cr5r/el+8yitXznqJZzbS
ybTIEnGY97NWv+OUwM8RlIXSftHLcblq+WNP6NOHdz/66N1HbBL5D0BNu9iyjGqG
U0dVJBJqVQ6+CT5iq3kFSOBImfdqsSvljHRJ2HKGTDK5vqtVN8Q4hcDJNw4ujnXL
5XQj595MOCYKigmzhzxJ5OWrzxolnD9QNJ+NipMr3mC8VwmuYRSdZsL5MHs891ay
tKwXNzn2Yv5q8UqEmnIJAP0Ufg0EPlYsxhxFvO2TujInA5U4ahV5ziuVNwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAUvL7u8R2OboPqWnEHlkxv6O0kfMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvQlM4dnU3eEhZNXVnLXBhY1FlV1RHX283U1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW/LwAwQA
sGQsAwQAufzQAwQAwfO/MA0GCSqGSIb3DQEBCwUAA4IBAQBc4brBDmBFOBN4wXee
jcJu39w0e/6N/VEsYtHoKirlp3lUr85XIXAgXy29csHJRVmJP8pVraqJMR0ffEaF
IRU2T6d2vS2Qc9k0InjeWza/igBMV2hfpZXt6tapbblKTq7b+E3VUtES8pVP8dVs
ANMnajb0BW5sZaufRkIFlJ1N7jETvvI4xIi9i5P8VzagX0G3U9TI1GxrVZEgLMek
hs0WQCdIAhVU2n7Y8XGQz/K0N16lbXfqQNcujQ3IQ7j5kmB/p+drwoCPBrKWsmie
0D7xkMz6hQG0LTaUPX3VDiGL0iQXlJzvTA34RDSseSfJeciP9IXW7nGATDW8cZVS
MDMx
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:12 2025 by rpki-client