Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/9170e3-e9b3-4d6d-8787-e46ea89bf849/1/EDehLS2wIAJQ29i9an4DHWJn1Qc.roa
File: EDehLS2wIAJQ29i9an4DHWJn1Qc.roa (raw, json)
Hash identifier: dvRyjNs7voT7/dsRRsqNgHTr129/tbf+q/MiMn860W8=
Subject key identifier: 10:37:A1:2D:2D:B0:20:02:50:DB:D8:BD:6A:7E:03:1D:62:67:D5:07
Certificate issuer: /CN=59a06c187953cfc8133b2beee5f01a15e45da078
Certificate serial: 01856CCB10DF5E0C5A50C38F6543EF263E11
Authority key identifier: 59:A0:6C:18:79:53:CF:C8:13:3B:2B:EE:E5:F0:1A:15:E4:5D:A0:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WaBsGHlTz8gTOyvu5fAaFeRdoHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/9170e3-e9b3-4d6d-8787-e46ea89bf849/1/EDehLS2wIAJQ29i9an4DHWJn1Qc.roa
Signing time: Sun 01 Jan 2023 10:05:25 +0000
ROA not before: Sun 01 Jan 2023 10:05:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210994
IP address blocks: 91.233.120.0/24 maxlen: 24
194.104.235.0/24 maxlen: 24
2a11:6740::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:cb:10:df:5e:0c:5a:50:c3:8f:65:43:ef:26:3e:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=59a06c187953cfc8133b2beee5f01a15e45da078
Validity
Not Before: Jan 1 10:05:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1037a12d2db0200250dbd8bd6a7e031d6267d507
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:a4:58:8b:83:56:c9:88:0a:95:62:cc:26:49:
52:5c:52:01:80:2c:6d:9e:bc:5b:64:d1:e1:08:5c:
a8:36:d5:8b:5f:fe:ee:b1:9c:6c:2c:ec:63:a3:51:
68:7f:16:b2:0d:57:1a:bb:52:1b:a8:c9:fd:e5:16:
23:52:82:1a:94:0e:06:f8:6e:3e:85:cc:18:dd:6a:
a3:e9:df:54:35:e3:d2:f5:d4:3a:f1:53:f7:60:43:
2a:d4:0f:ea:0e:d4:96:20:0d:31:cf:84:55:9b:c1:
ff:1f:07:c5:fe:54:4f:1e:32:9e:81:6b:33:ca:59:
81:9e:c9:9c:96:c5:5e:4b:95:c5:65:75:41:f1:51:
8b:d4:d8:c7:81:63:dd:97:8f:d9:da:a2:d0:70:47:
73:cb:79:7b:b2:ba:36:9f:52:6e:be:ca:15:eb:6d:
f9:64:83:aa:b2:ae:c4:6a:53:a3:63:47:f5:73:d3:
97:66:73:a6:7b:0b:b9:d1:99:20:6b:4e:79:c2:ef:
50:10:c6:bd:1d:06:c8:63:04:8b:b9:23:70:ea:fe:
d0:ba:b9:21:db:f5:42:8e:a2:08:2f:58:e4:36:71:
a4:6a:c3:26:93:89:49:bb:05:50:4a:dc:a2:71:35:
1e:02:b4:49:79:e3:00:cc:5d:f0:26:c5:50:bf:00:
ee:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:37:A1:2D:2D:B0:20:02:50:DB:D8:BD:6A:7E:03:1D:62:67:D5:07
X509v3 Authority Key Identifier:
keyid:59:A0:6C:18:79:53:CF:C8:13:3B:2B:EE:E5:F0:1A:15:E4:5D:A0:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WaBsGHlTz8gTOyvu5fAaFeRdoHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9170e3-e9b3-4d6d-8787-e46ea89bf849/1/EDehLS2wIAJQ29i9an4DHWJn1Qc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9170e3-e9b3-4d6d-8787-e46ea89bf849/1/WaBsGHlTz8gTOyvu5fAaFeRdoHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.233.120.0/24
194.104.235.0/24
IPv6:
2a11:6740::/29
Signature Algorithm: sha256WithRSAEncryption
79:0a:ea:84:ee:c8:bd:a6:03:f6:7a:54:84:b8:0a:ec:29:65:
48:7e:dc:7b:0d:63:57:cb:88:c4:49:16:2c:6c:e3:37:e6:65:
43:dc:71:46:f1:93:13:82:3d:e4:cb:8d:ee:89:6e:78:fd:72:
dd:b6:06:e9:70:5d:71:4f:d2:fb:e9:9f:ee:55:50:b3:6e:bc:
39:0b:89:9c:12:bc:48:1b:44:51:f6:86:e9:e4:8a:19:74:c6:
c0:f2:53:58:45:20:a5:20:40:3e:e3:13:9e:db:e4:c3:8e:cc:
19:5c:9b:9e:b6:2d:2e:6b:56:ec:f6:cf:b7:6a:2c:1b:67:52:
63:76:e0:df:6d:0c:ae:61:e6:f0:c9:95:6a:a3:44:7e:c6:bf:
57:27:44:3a:67:83:68:40:3d:ba:ed:08:c0:0a:f1:a4:95:f8:
3e:c5:84:fe:b3:95:7c:5a:b9:28:99:6e:72:20:45:f4:22:6f:
7e:99:80:04:77:ed:74:ff:2e:85:de:bb:4a:ce:86:dd:49:33:
69:73:80:7b:c5:ff:d4:82:6e:1f:6b:2f:04:d9:89:5d:40:31:
93:df:d8:17:c2:2e:9a:1f:22:ca:61:04:f3:a1:0f:ec:03:59:
8f:56:9a:23:61:ee:c8:5d:c0:ba:a5:bd:15:d5:03:c4:2c:0c:
e9:41:96:fa
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVsyxDfXgxaUMOPZUPvJj4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YTA2YzE4Nzk1M2NmYzgxMzNiMmJlZWU1ZjAxYTE1ZTQ1
ZGEwNzgwHhcNMjMwMTAxMTAwNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM3YTEyZDJkYjAyMDAyNTBkYmQ4YmQ2YTdlMDMxZDYyNjdkNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6RYi4NWyYgKlWLMJklSXFIBgCxt
nrxbZNHhCFyoNtWLX/7usZxsLOxjo1FofxayDVcau1IbqMn95RYjUoIalA4G+G4+
hcwY3Wqj6d9UNePS9dQ68VP3YEMq1A/qDtSWIA0xz4RVm8H/HwfF/lRPHjKegWsz
ylmBnsmclsVeS5XFZXVB8VGL1NjHgWPdl4/Z2qLQcEdzy3l7sro2n1JuvsoV6235
ZIOqsq7EalOjY0f1c9OXZnOmewu50Zkga055wu9QEMa9HQbIYwSLuSNw6v7Qurkh
2/VCjqIIL1jkNnGkasMmk4lJuwVQStyicTUeArRJeeMAzF3wJsVQvwDu+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBA3oS0tsCACUNvYvWp+Ax1iZ9UHMB8GA1UdIwQY
MBaAFFmgbBh5U8/IEzsr7uXwGhXkXaB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2FCc0dIbFR6OGdUT3l2dTVmQWFGZVJkb0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi85MTcwZTMtZTliMy00ZDZkLTg3ODct
ZTQ2ZWE4OWJmODQ5LzEvRURlaExTMndJQUpRMjlpOWFuNERIV0puMVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi85MTcwZTMtZTliMy00ZDZkLTg3ODctZTQ2ZWE4OWJmODQ5
LzEvV2FCc0dIbFR6OGdUT3l2dTVmQWFGZVJkb0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+l4AwQA
wmjrMA0EAgACMAcDBQMqEWdAMA0GCSqGSIb3DQEBCwUAA4IBAQB5CuqE7si9pgP2
elSEuArsKWVIftx7DWNXy4jESRYsbOM35mVD3HFG8ZMTgj3ky43uiW54/XLdtgbp
cF1xT9L76Z/uVVCzbrw5C4mcErxIG0RR9obp5IoZdMbA8lNYRSClIEA+4xOe2+TD
jswZXJueti0ua1bs9s+3aiwbZ1JjduDfbQyuYebwyZVqo0R+xr9XJ0Q6Z4NoQD26
7QjACvGklfg+xYT+s5V8WrkomW5yIEX0Im9+mYAEd+10/y6F3rtKzobdSTNpc4B7
xf/Ugm4fay8E2YldQDGT39gXwi6aHyLKYQTzoQ/sA1mPVpojYe7IXcC6pb0V1QPE
LAzpQZb6
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:51 2025 by rpki-client