Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OjP-gz7yhM5T2zWxw-7ypZQejkQ.roa
File: OjP-gz7yhM5T2zWxw-7ypZQejkQ.roa (raw, json)
Hash identifier: 4Z44MUjfeB6wN+iQ/XpWO/VyvlC/VEJR0ax1rFZKWSw=
Subject key identifier: 3A:33:FE:83:3E:F2:84:CE:53:DB:35:B1:C3:EE:F2:A5:94:1E:8E:44
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B58432682C67D005D363689388E49F
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OjP-gz7yhM5T2zWxw-7ypZQejkQ.roa
Signing time: Thu 02 Jan 2025 15:49:54 +0000
ROA not before: Thu 02 Jan 2025 15:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54641
IP address blocks: 91.186.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:84:32:68:2c:67:d0:05:d3:63:68:93:88:e4:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a33fe833ef284ce53db35b1c3eef2a5941e8e44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:63:a4:1b:f1:81:ab:0a:14:f7:8e:59:21:cc:
6c:61:1f:e1:77:66:1d:b0:b5:a7:0c:66:f2:53:00:
11:bc:b7:0c:e6:d9:90:5c:c7:75:41:19:6a:c4:1d:
67:a1:ad:d5:62:1d:db:f8:9e:72:99:e7:71:cb:8d:
fa:f0:bb:71:67:09:e1:e3:60:8f:b4:58:77:d2:1f:
f1:61:45:16:92:e9:35:3a:82:3c:ac:cb:c7:80:ed:
41:2d:9b:95:dc:e9:0a:1a:8b:c6:c4:af:55:aa:e9:
cc:85:f0:2a:03:fc:40:c7:8e:24:78:c6:50:b7:28:
e6:5d:54:b0:6b:ed:88:0b:47:91:86:46:ba:bb:cc:
78:6e:de:01:a3:43:37:04:a1:e3:37:db:62:88:ea:
35:e6:ca:33:f4:dc:0d:ff:6e:08:fe:c5:e9:10:7c:
9f:53:fd:93:79:2f:60:b9:b4:4a:23:02:41:7f:2b:
00:a6:fa:98:e7:04:bd:b5:fa:cc:f3:fa:42:af:fc:
a7:d0:a1:24:e9:32:ad:ea:06:de:7d:17:b4:d3:9a:
92:3e:1f:21:d0:35:4e:4d:30:95:2c:90:8f:2f:e4:
3f:53:bb:15:f9:7d:32:f6:2a:72:e6:b3:6b:1d:4e:
38:8b:b2:93:4c:8d:7e:76:6c:be:ee:49:27:25:6a:
c4:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:33:FE:83:3E:F2:84:CE:53:DB:35:B1:C3:EE:F2:A5:94:1E:8E:44
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/OjP-gz7yhM5T2zWxw-7ypZQejkQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.186.220.0/22
Signature Algorithm: sha256WithRSAEncryption
93:e6:29:01:1a:50:ab:0b:93:c4:64:68:4a:c7:24:93:4b:e2:
a6:ee:7a:e5:93:7d:58:62:d0:31:73:83:45:87:ee:c6:2d:0d:
c3:5f:96:2a:74:6b:da:b4:2d:62:1d:12:7f:5f:8b:df:ff:be:
d7:22:4b:9e:41:ab:cd:80:31:e7:2c:fc:f2:c2:e8:69:b7:c3:
de:04:ae:95:38:a9:0b:2c:5b:96:9f:d1:60:f4:ca:35:28:4e:
f4:45:d3:ed:36:15:11:2f:30:f1:f7:26:98:64:62:ff:d9:99:
09:04:89:14:36:1c:31:20:80:77:73:06:40:65:76:ad:f0:22:
24:4d:9b:da:45:f0:63:a8:7c:b3:69:cb:99:5f:2d:8d:3f:27:
c4:39:a8:b3:0f:5a:0d:1f:b6:12:40:6e:98:5f:90:c9:22:0d:
bb:25:15:7b:c8:33:76:a6:d3:ae:e4:9b:26:71:68:20:f6:3e:
e8:89:82:25:86:d8:65:ca:51:34:55:bd:95:f4:fc:30:27:0b:
42:c4:c3:42:dc:20:fa:25:56:eb:53:df:f4:74:67:0a:65:51:
bd:18:0c:10:e4:b8:5f:80:cc:9b:09:d9:c3:df:dd:a5:33:ac:
4a:3d:ab:ea:4c:d6:23:af:8d:39:cb:67:33:29:5c:8e:ca:fc:
7f:70:ed:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYQyaCxn0AXTY2iTiOSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTMzZmU4MzNlZjI4NGNlNTNkYjM1YjFjM2VlZjJhNTk0MWU4ZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2OkG/GBqwoU945ZIcxsYR/hd2Yd
sLWnDGbyUwARvLcM5tmQXMd1QRlqxB1noa3VYh3b+J5ymedxy4368LtxZwnh42CP
tFh30h/xYUUWkuk1OoI8rMvHgO1BLZuV3OkKGovGxK9VqunMhfAqA/xAx44keMZQ
tyjmXVSwa+2IC0eRhka6u8x4bt4Bo0M3BKHjN9tiiOo15soz9NwN/24I/sXpEHyf
U/2TeS9gubRKIwJBfysApvqY5wS9tfrM8/pCr/yn0KEk6TKt6gbefRe005qSPh8h
0DVOTTCVLJCPL+Q/U7sV+X0y9ipy5rNrHU44i7KTTI1+dmy+7kknJWrEKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoz/oM+8oTOU9s1scPu8qWUHo5EMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvT2pQLWd6N3loTTVUMnpXeHctN3lwWlFlamtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rcMA0G
CSqGSIb3DQEBCwUAA4IBAQCT5ikBGlCrC5PEZGhKxySTS+Km7nrlk31YYtAxc4NF
h+7GLQ3DX5YqdGvatC1iHRJ/X4vf/77XIkueQavNgDHnLPzywuhpt8PeBK6VOKkL
LFuWn9Fg9Mo1KE70RdPtNhURLzDx9yaYZGL/2ZkJBIkUNhwxIIB3cwZAZXat8CIk
TZvaRfBjqHyzacuZXy2NPyfEOaizD1oNH7YSQG6YX5DJIg27JRV7yDN2ptOu5Jsm
cWgg9j7oiYIlhthlylE0Vb2V9PwwJwtCxMNC3CD6JVbrU9/0dGcKZVG9GAwQ5Lhf
gMybCdnD392lM6xKPavqTNYjr405y2czKVyOyvx/cO00
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:50:58 2025 by rpki-client