Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/olqAPDWccqfsb2rmn6nSrD4vydU.roa
File: olqAPDWccqfsb2rmn6nSrD4vydU.roa (raw, json)
Hash identifier: 6YXqrM+4L3anysswQzfCiyGLOFWubIz21XnQzfbMPlk=
Subject key identifier: A2:5A:80:3C:35:9C:72:A7:EC:6F:6A:E6:9F:A9:D2:AC:3E:2F:C9:D5
Certificate issuer: /CN=3f47f75757413ccc172d3d1b826fae5ae9385a1b
Certificate serial: 07B0159C
Authority key identifier: 3F:47:F7:57:57:41:3C:CC:17:2D:3D:1B:82:6F:AE:5A:E9:38:5A:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P0f3V1dBPMwXLT0bgm-uWuk4Whs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/olqAPDWccqfsb2rmn6nSrD4vydU.roa
Signing time: Mon 31 Jan 2022 08:56:21 +0000
ROA not before: Mon 31 Jan 2022 08:56:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208684
IP address blocks: 91.230.168.0/24 maxlen: 24
91.230.188.0/24 maxlen: 24
91.231.47.0/24 maxlen: 24
45.89.112.0/22 maxlen: 24
91.231.89.0/24 maxlen: 24
2a0b:2640::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 128980380 (0x7b0159c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f47f75757413ccc172d3d1b826fae5ae9385a1b
Validity
Not Before: Jan 31 08:56:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a25a803c359c72a7ec6f6ae69fa9d2ac3e2fc9d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:fc:0f:0b:a4:53:f4:1f:53:dd:14:93:86:9a:
71:27:b7:d2:b3:4a:06:15:e5:65:57:51:93:b5:50:
f8:18:c9:79:aa:05:07:c3:f4:a4:c7:de:0b:c2:3a:
35:f9:0f:c6:48:f4:12:6e:3b:59:bd:0a:9f:d6:d2:
a7:f7:f4:93:fc:76:8c:a5:d9:eb:af:d6:88:c7:01:
a1:bb:07:8b:51:fa:ba:e2:a0:1e:cd:58:4e:69:ba:
1d:59:b4:7e:13:da:f0:7f:66:52:1f:90:fc:f9:d5:
21:91:27:a9:db:f7:ab:0d:1c:85:89:4b:a2:30:7e:
20:23:b5:b8:81:b5:cf:65:1a:95:d6:88:61:83:c2:
ef:f1:4e:17:16:a3:a2:9f:c1:4b:16:e5:03:ac:67:
34:a4:fb:02:15:4d:c0:63:81:6d:35:bf:ba:6a:32:
a0:ab:9a:af:70:bd:8a:76:46:17:bc:2d:d1:b0:84:
fc:ca:43:6a:72:a5:73:3e:aa:22:16:66:37:c6:58:
15:cd:93:0e:9f:37:71:07:89:40:dd:ed:60:66:2c:
ce:e5:21:e1:f7:bb:1f:56:a4:7c:6d:d5:b4:ec:76:
19:60:3a:47:91:c7:2d:f5:b4:c7:42:71:66:85:ec:
65:d5:c1:b4:fc:c2:6c:e8:6a:61:af:8e:24:f2:db:
4e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:5A:80:3C:35:9C:72:A7:EC:6F:6A:E6:9F:A9:D2:AC:3E:2F:C9:D5
X509v3 Authority Key Identifier:
keyid:3F:47:F7:57:57:41:3C:CC:17:2D:3D:1B:82:6F:AE:5A:E9:38:5A:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P0f3V1dBPMwXLT0bgm-uWuk4Whs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/olqAPDWccqfsb2rmn6nSrD4vydU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/P0f3V1dBPMwXLT0bgm-uWuk4Whs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.112.0/22
91.230.168.0/24
91.230.188.0/24
91.231.47.0/24
91.231.89.0/24
IPv6:
2a0b:2640::/29
Signature Algorithm: sha256WithRSAEncryption
2e:ff:b3:31:80:6b:51:46:6e:0d:17:90:71:1a:bf:cc:ad:7b:
a2:c8:4c:b8:88:02:cd:a1:aa:f7:f1:59:12:89:39:23:d8:da:
cf:9d:95:42:19:e0:97:79:2d:ec:d8:cb:19:24:0d:e9:b6:25:
76:aa:41:52:99:e4:4a:be:c1:64:8b:8d:cd:ef:99:c6:a5:4b:
8f:9a:0c:73:33:f3:7c:f4:fe:ea:15:4c:ca:34:00:3b:ed:81:
bc:bb:6f:87:a5:c7:55:81:3f:b5:72:87:13:44:e8:e5:2c:f7:
aa:8f:a4:88:a4:b7:2d:38:ad:56:b4:fb:2b:ad:11:c9:7a:51:
53:bf:b9:52:7b:5b:fa:bc:fc:b2:9c:06:cf:5f:19:9d:9f:7f:
04:8a:33:7f:e2:9e:31:8f:5b:82:f8:7d:9b:3b:ee:9e:ec:f7:
d9:30:5b:89:4e:9e:15:60:c7:4b:c5:c0:19:8d:12:99:7c:0a:
a3:f3:26:38:fd:88:a7:fd:ce:89:b9:1f:d9:a9:31:01:f8:97:
1e:fe:0e:88:0e:d9:6a:83:42:a9:33:98:ca:f5:b2:2f:26:87:
fe:c6:1f:d3:b1:d3:8b:4b:27:a6:2c:55:ca:06:0b:f0:10:11:
f7:4c:52:95:ff:96:fc:dd:66:d8:c1:28:2e:c5:e2:32:1a:c9:
cf:0b:81:1b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEB7AVnDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZjQ3Zjc1NzU3NDEzY2NjMTcyZDNkMWI4MjZmYWU1YWU5Mzg1YTFiMB4XDTIyMDEz
MTA4NTYyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTI1YTgwM2MzNTlj
NzJhN2VjNmY2YWU2OWZhOWQyYWMzZTJmYzlkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN38DwukU/QfU90Uk4aacSe30rNKBhXlZVdRk7VQ+BjJeaoF
B8P0pMfeC8I6NfkPxkj0Em47Wb0Kn9bSp/f0k/x2jKXZ66/WiMcBobsHi1H6uuKg
Hs1YTmm6HVm0fhPa8H9mUh+Q/PnVIZEnqdv3qw0chYlLojB+ICO1uIG1z2UaldaI
YYPC7/FOFxajop/BSxblA6xnNKT7AhVNwGOBbTW/umoyoKuar3C9inZGF7wt0bCE
/MpDanKlcz6qIhZmN8ZYFc2TDp83cQeJQN3tYGYszuUh4fe7H1akfG3VtOx2GWA6
R5HHLfW0x0JxZoXsZdXBtPzCbOhqYa+OJPLbTmsCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBSiWoA8NZxyp+xvauafqdKsPi/J1TAfBgNVHSMEGDAWgBQ/R/dXV0E8zBct
PRuCb65a6ThaGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1AwZjNWMWRCUE13WExUMGJnbS11V3VrNFdocy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvOWY4OGQ4LThhNmQtNGM1Yy1iMTk0LWUxNTVhY2M2Yjg0ZS8x
L29scUFQRFdjY3Fmc2Iycm1uNm5TckQ0dnlkVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
OWY4OGQ4LThhNmQtNGM1Yy1iMTk0LWUxNTVhY2M2Yjg0ZS8xL1AwZjNWMWRCUE13
WExUMGJnbS11V3VrNFdocy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAi1ZcAMEAFvmqAMEAFvmvAMEAFvn
LwMEAFvnWTANBAIAAjAHAwUDKgsmQDANBgkqhkiG9w0BAQsFAAOCAQEALv+zMYBr
UUZuDReQcRq/zK17oshMuIgCzaGq9/FZEok5I9jaz52VQhngl3kt7NjLGSQN6bYl
dqpBUpnkSr7BZIuNze+ZxqVLj5oMczPzfPT+6hVMyjQAO+2BvLtvh6XHVYE/tXKH
E0To5Sz3qo+kiKS3LTitVrT7K60RyXpRU7+5Untb+rz8spwGz18ZnZ9/BIozf+Ke
MY9bgvh9mzvunuz32TBbiU6eFWDHS8XAGY0SmXwKo/MmOP2Ip/3Oibkf2akxAfiX
Hv4OiA7ZaoNCqTOYyvWyLyaH/sYf07HTi0snpixVygYL8BAR90xSlf+W/N1m2MEo
LsXiMhrJzwuBGw==
-----END CERTIFICATE-----
Generated at Tue Apr 22 18:37:16 2025 by rpki-client