Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/dXOcQuB5Q8DBG4I_CpM2w6t2cJs.roa
File: dXOcQuB5Q8DBG4I_CpM2w6t2cJs.roa (raw, json)
Hash identifier: xtS/3HMNug/iuNUDkjP8LiJyLAoBcW3op3p7iz08p9k=
Subject key identifier: 75:73:9C:42:E0:79:43:C0:C1:1B:82:3F:0A:93:36:C3:AB:76:70:9B
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57CBACE2E13D66AF03E0DA0E041BD
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/dXOcQuB5Q8DBG4I_CpM2w6t2cJs.roa
Signing time: Thu 02 Jan 2025 15:49:52 +0000
ROA not before: Thu 02 Jan 2025 15:49:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8075
IP address blocks: 91.186.194.0/23 maxlen: 23
94.241.160.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7c:ba:ce:2e:13:d6:6a:f0:3e:0d:a0:e0:41:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=75739c42e07943c0c11b823f0a9336c3ab76709b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:7c:d5:4f:dd:2b:23:75:47:6f:66:46:67:b0:
ca:3f:16:89:0e:51:c3:fa:d4:04:b6:01:39:06:fb:
ac:53:b9:6c:d4:a3:54:14:cf:e9:4b:66:06:b8:7f:
c0:96:82:ec:b5:0d:6e:e9:30:be:74:c8:19:44:27:
ec:74:bd:28:40:c3:20:9c:f7:43:eb:27:30:2c:20:
8b:b3:6c:61:c1:2a:a4:46:39:fe:aa:e2:4c:a5:ca:
79:67:c2:a8:de:d8:7f:4f:db:a3:62:af:48:96:ca:
2a:be:fa:dc:89:4d:59:6d:bb:2d:58:e3:ef:36:20:
ea:52:69:52:df:55:24:c6:92:cd:13:38:77:4b:80:
af:dd:ab:27:70:ac:68:fa:b9:58:a6:4c:fd:a1:63:
e0:57:9a:40:16:63:d7:de:4e:4d:86:97:8a:2e:af:
af:9e:e8:c7:08:2d:1e:89:9b:e1:43:a9:ac:5a:57:
e0:c6:39:50:e6:c9:49:8e:c0:39:80:a5:72:a9:09:
8c:d4:c7:c6:fe:97:aa:11:d0:10:b3:88:34:1c:32:
a1:dc:46:6c:ca:61:05:03:59:e3:c5:4c:72:7a:66:
a0:74:b5:a3:0c:87:af:4f:71:3e:31:d3:bb:d9:24:
6d:bf:01:b1:b7:db:b4:9f:c8:34:a0:b5:3f:2e:d6:
75:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:73:9C:42:E0:79:43:C0:C1:1B:82:3F:0A:93:36:C3:AB:76:70:9B
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/dXOcQuB5Q8DBG4I_CpM2w6t2cJs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.186.194.0/23
94.241.160.0/23
Signature Algorithm: sha256WithRSAEncryption
94:10:53:31:2a:4d:9e:39:b4:fb:22:a7:be:89:d2:36:06:ff:
16:3e:d3:f7:4d:7c:ed:b0:56:e4:57:a6:b0:a8:9a:d2:3a:d3:
bd:69:33:a6:5b:b2:26:c9:fb:b4:48:95:10:b1:9b:a0:5b:cb:
b8:03:23:ec:0c:a1:d0:86:38:57:8e:6f:1f:b8:b1:35:bf:c4:
a4:7d:33:1a:8e:1f:5b:23:e8:44:b7:f3:19:a3:f3:2c:15:ea:
63:0d:54:35:b2:26:bc:e6:64:b4:d3:ac:a2:fa:ab:a6:10:43:
9b:e8:f8:96:3e:57:9d:07:7b:58:84:57:79:a0:c8:72:29:07:
a2:8e:cf:5e:10:33:75:75:3a:10:17:01:7e:47:c9:43:d9:0a:
89:86:6e:a3:0f:1e:21:23:7a:86:e6:49:bf:c5:62:4f:31:69:
55:ef:67:09:3d:72:b8:96:44:86:1a:c3:58:21:68:58:c7:34:
51:c3:2a:af:0c:45:36:2a:f5:ff:a1:43:5b:0a:76:ca:5d:82:
8d:a7:be:88:65:de:b8:18:67:6d:a8:27:75:1e:82:67:7f:86:
14:a7:f1:62:18:8e:5c:b9:1f:9f:43:a6:e6:76:73:72:97:54:
41:84:f7:c1:27:b3:9b:d5:ad:78:c3:d4:97:4b:5e:3e:4c:6c:
76:22:97:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntXy6zi4T1mrwPg2g4EG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTczOWM0MmUwNzk0M2MwYzExYjgyM2YwYTkzMzZjM2FiNzY3MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HzVT90rI3VHb2ZGZ7DKPxaJDlHD
+tQEtgE5BvusU7ls1KNUFM/pS2YGuH/AloLstQ1u6TC+dMgZRCfsdL0oQMMgnPdD
6ycwLCCLs2xhwSqkRjn+quJMpcp5Z8Ko3th/T9ujYq9IlsoqvvrciU1ZbbstWOPv
NiDqUmlS31UkxpLNEzh3S4Cv3asncKxo+rlYpkz9oWPgV5pAFmPX3k5NhpeKLq+v
nujHCC0eiZvhQ6msWlfgxjlQ5slJjsA5gKVyqQmM1MfG/peqEdAQs4g0HDKh3EZs
ymEFA1njxUxyemagdLWjDIevT3E+MdO72SRtvwGxt9u0n8g0oLU/LtZ1GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHVznELgeUPAwRuCPwqTNsOrdnCbMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZFhPY1F1QjVROERCRzRJX0NwTTJ3NnQyY0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW7rCAwQB
XvGgMA0GCSqGSIb3DQEBCwUAA4IBAQCUEFMxKk2eObT7Iqe+idI2Bv8WPtP3TXzt
sFbkV6awqJrSOtO9aTOmW7Imyfu0SJUQsZugW8u4AyPsDKHQhjhXjm8fuLE1v8Sk
fTMajh9bI+hEt/MZo/MsFepjDVQ1sia85mS006yi+qumEEOb6PiWPledB3tYhFd5
oMhyKQeijs9eEDN1dToQFwF+R8lD2QqJhm6jDx4hI3qG5km/xWJPMWlV72cJPXK4
lkSGGsNYIWhYxzRRwyqvDEU2KvX/oUNbCnbKXYKNp76IZd64GGdtqCd1HoJnf4YU
p/FiGI5cuR+fQ6bmdnNyl1RBhPfBJ7Ob1a14w9SXS14+TGx2IpfN
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:55:19 2025 by rpki-client