Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GBADiyeI8DOzEJpw5xLr0j9lmWk.roa
File: GBADiyeI8DOzEJpw5xLr0j9lmWk.roa (raw, json)
Hash identifier: STNj4og6y4/cRaBrDa3RscfdFFhjQQ9IcXeV9Vx5VWs=
Subject key identifier: 18:10:03:8B:27:88:F0:33:B3:10:9A:70:E7:12:EB:D2:3F:65:99:69
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 0193CF5F80E17A255143AAC3C1FC31697012
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GBADiyeI8DOzEJpw5xLr0j9lmWk.roa
Signing time: Mon 16 Dec 2024 12:09:22 +0000
ROA not before: Mon 16 Dec 2024 12:09:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210644
IP address blocks: 91.186.216.0/24 maxlen: 24
91.186.217.0/24 maxlen: 24
91.186.218.0/24 maxlen: 24
91.186.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:cf:5f:80:e1:7a:25:51:43:aa:c3:c1:fc:31:69:70:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Dec 16 12:09:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1810038b2788f033b3109a70e712ebd23f659969
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:f7:99:3d:8a:5e:ac:d3:b2:86:aa:f3:a7:b0:
72:7f:87:9d:1d:3d:f7:0d:d0:72:22:a9:7d:4f:5d:
c5:78:69:09:ca:92:b7:40:17:7f:4b:63:4e:d5:93:
f0:ae:08:5e:da:b4:40:18:16:84:26:67:e0:5b:04:
5c:e0:13:2e:33:e1:62:8e:35:9f:f6:c3:56:0d:b6:
bf:20:35:38:65:b3:fc:85:68:3b:5b:ea:36:08:39:
af:4c:4d:7a:36:44:2e:be:de:6a:44:01:27:15:e9:
52:75:ee:f5:16:bf:00:a7:6b:3f:69:4e:ba:b7:ea:
9b:40:41:90:fc:b9:82:4b:f5:c0:9d:a4:19:03:b1:
cb:0b:00:4c:90:b1:48:1a:19:33:9b:4b:5f:d2:8c:
7e:9d:b1:01:4f:b8:0d:d5:72:72:14:9a:f1:7e:9f:
0f:32:75:da:6c:cc:8a:a6:60:03:61:a8:d9:e8:ee:
01:1a:79:0d:fe:e6:dd:5d:0c:f1:45:c5:1b:53:8d:
14:1e:e0:34:16:24:61:ae:ab:64:2f:35:bc:f1:20:
a1:ad:0d:0e:b4:86:c8:82:60:43:bd:a0:e6:c1:03:
f0:b4:d2:39:5d:75:ca:f7:bc:c4:40:54:28:b6:79:
ce:02:53:a4:20:9d:87:e9:7e:db:ee:7c:12:99:12:
ff:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:10:03:8B:27:88:F0:33:B3:10:9A:70:E7:12:EB:D2:3F:65:99:69
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/GBADiyeI8DOzEJpw5xLr0j9lmWk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.186.216.0/22
Signature Algorithm: sha256WithRSAEncryption
1a:04:8b:cd:64:2d:44:4f:96:77:05:9c:ff:f6:2e:25:01:d5:
35:87:74:4f:4d:2b:06:0a:41:3c:b6:13:a2:ba:ac:20:7c:e7:
81:9d:ac:ba:d8:ee:4a:e4:91:f8:7a:37:81:b6:8f:7d:0f:d1:
f4:38:92:b3:17:7a:96:16:28:ac:63:7a:30:93:76:7a:7d:cf:
42:a7:e1:17:80:d7:3d:c8:cd:3c:89:81:d1:8a:71:40:68:dd:
3d:84:12:0e:be:0c:ca:2c:83:f8:3d:d3:4c:27:71:cd:71:02:
ce:69:d0:94:0b:3e:92:67:30:6c:a4:e5:32:44:c6:87:69:be:
3b:60:55:27:26:90:2e:50:c0:57:b6:05:23:99:e3:cc:f8:b8:
d7:27:a6:55:b8:c2:01:47:33:88:cf:a4:e3:7a:7d:b1:ae:56:
da:6d:d3:d7:9c:6f:7c:c3:d3:04:1b:e0:f3:fe:9d:38:56:c2:
52:d1:94:b1:00:43:09:c5:86:8c:64:91:38:3b:1a:53:9b:4a:
1b:3b:86:04:32:23:4b:4f:87:8a:f9:c7:78:95:a3:19:e7:60:
3d:bb:c1:b6:1b:b7:5f:e9:76:31:53:6d:58:fd:46:21:cd:d4:
53:a9:1a:a7:d3:17:f8:f9:5b:ac:91:6f:e2:ee:bb:90:10:92:
de:89:67:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZPPX4DheiVRQ6rDwfwxaXASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMjE2MTIwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODEwMDM4YjI3ODhmMDMzYjMxMDlhNzBlNzEyZWJkMjNmNjU5OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/eZPYperNOyhqrzp7Byf4edHT33
DdByIql9T13FeGkJypK3QBd/S2NO1ZPwrghe2rRAGBaEJmfgWwRc4BMuM+FijjWf
9sNWDba/IDU4ZbP8hWg7W+o2CDmvTE16NkQuvt5qRAEnFelSde71Fr8Ap2s/aU66
t+qbQEGQ/LmCS/XAnaQZA7HLCwBMkLFIGhkzm0tf0ox+nbEBT7gN1XJyFJrxfp8P
MnXabMyKpmADYajZ6O4BGnkN/ubdXQzxRcUbU40UHuA0FiRhrqtkLzW88SChrQ0O
tIbIgmBDvaDmwQPwtNI5XXXK97zEQFQotnnOAlOkIJ2H6X7b7nwSmRL/6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgQA4sniPAzsxCacOcS69I/ZZlpMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvR0JBRGl5ZUk4RE96RUpwdzV4THIwajlsbVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rYMA0G
CSqGSIb3DQEBCwUAA4IBAQAaBIvNZC1ET5Z3BZz/9i4lAdU1h3RPTSsGCkE8thOi
uqwgfOeBnay62O5K5JH4ejeBto99D9H0OJKzF3qWFiisY3owk3Z6fc9Cp+EXgNc9
yM08iYHRinFAaN09hBIOvgzKLIP4PdNMJ3HNcQLOadCUCz6SZzBspOUyRMaHab47
YFUnJpAuUMBXtgUjmePM+LjXJ6ZVuMIBRzOIz6Tjen2xrlbabdPXnG98w9MEG+Dz
/p04VsJS0ZSxAEMJxYaMZJE4OxpTm0obO4YEMiNLT4eK+cd4laMZ52A9u8G2G7df
6XYxU21Y/UYhzdRTqRqn0xf4+VuskW/i7ruQEJLeiWc+
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:48:04 2025 by rpki-client