Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/d_6axqizfqndbOrzqVxor-Ne5zY.roa
File: d_6axqizfqndbOrzqVxor-Ne5zY.roa (raw, json)
Hash identifier: uhnDtJE//xQvSoJkL5vVmcYosM+yBj65SH6fZULsyeA=
Subject key identifier: 77:FE:9A:C6:A8:B3:7E:A9:DD:6C:EA:F3:A9:5C:68:AF:E3:5E:E7:36
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B587BC32CBC8E41EE9ACEE2AACED1B
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/d_6axqizfqndbOrzqVxor-Ne5zY.roa
Signing time: Thu 02 Jan 2025 15:49:55 +0000
ROA not before: Thu 02 Jan 2025 15:49:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61317
IP address blocks: 91.186.214.0/23 maxlen: 24
178.253.31.0/24 maxlen: 24
178.253.52.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:87:bc:32:cb:c8:e4:1e:e9:ac:ee:2a:ac:ed:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77fe9ac6a8b37ea9dd6ceaf3a95c68afe35ee736
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:20:5e:18:4e:72:0f:e5:71:50:9b:9a:1d:9a:
85:63:9a:6b:81:96:20:82:49:93:29:e1:c1:47:01:
a3:46:b8:4c:23:04:c0:69:2b:ea:e3:63:81:f8:f2:
f0:76:c3:64:7c:7a:06:c8:f4:89:ec:19:16:3a:e7:
82:e3:9e:21:aa:ce:f8:17:f2:71:7a:27:c7:a9:2c:
6f:58:8d:df:3d:fd:40:d7:b5:42:cb:8a:0d:ab:20:
7f:e4:48:40:ab:d0:16:b3:33:64:f0:92:ec:85:f9:
af:40:7a:8f:d1:2f:27:68:0a:5d:7b:56:3f:23:47:
55:f5:2a:06:2f:ac:d0:2f:15:ff:19:59:94:7c:23:
12:3a:3b:76:21:e4:b4:dc:24:ca:e5:41:b9:2b:04:
e1:16:b1:90:4e:39:5e:f7:ad:23:61:c8:46:0d:88:
3a:ef:06:25:0d:08:7f:ef:b6:c6:01:45:35:d8:bb:
23:05:84:e9:d6:9b:c6:c7:07:df:b3:92:67:12:66:
4f:98:fb:0b:35:a7:cb:21:e3:5c:66:fb:bf:29:7d:
bd:bb:27:b5:4a:b6:73:7a:3a:c7:98:b5:d0:9a:ae:
a8:3f:58:df:ea:7d:6d:d7:c0:cb:51:9b:38:dc:74:
a2:90:64:6d:59:29:0b:e8:9e:e2:e9:78:1a:8b:00:
c7:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:FE:9A:C6:A8:B3:7E:A9:DD:6C:EA:F3:A9:5C:68:AF:E3:5E:E7:36
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/d_6axqizfqndbOrzqVxor-Ne5zY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.186.214.0/23
178.253.31.0/24
178.253.52.0/23
Signature Algorithm: sha256WithRSAEncryption
21:d7:e1:be:28:73:d5:f5:6f:88:5b:8e:07:b5:9f:44:53:06:
00:bb:16:59:3a:c3:d9:b5:fe:a7:39:2b:9b:81:6b:c6:2b:b4:
82:50:f7:34:b3:c3:ba:6c:d8:c9:e3:0f:b9:1a:f6:92:ba:1f:
b3:ec:95:7a:42:84:6a:ba:72:5c:42:30:27:3e:38:7e:81:64:
98:4b:a2:54:9e:23:c3:28:a9:b8:7a:23:30:60:71:95:02:9b:
bb:eb:c9:2a:18:53:f4:ca:28:fa:db:d9:79:4e:b9:54:3d:44:
7e:a6:64:8e:8f:44:ee:73:35:6d:bd:7f:c1:cc:93:9a:da:5a:
65:0d:30:ac:62:01:57:75:01:52:f7:4d:50:48:56:a1:83:f0:
91:9d:0b:2f:09:66:4c:59:42:8f:87:f6:8a:bf:b4:b4:86:d1:
b6:cd:da:a8:b0:9e:81:0e:fc:65:dd:10:38:77:60:02:94:3d:
24:9e:a6:a1:cb:07:ac:9d:8a:df:35:e7:9a:ee:ad:a8:e3:b9:
74:c4:e7:6c:ea:46:de:5e:a3:e7:a7:d7:dc:0c:bb:af:76:92:
d5:27:e9:0e:da:08:a3:07:0f:e2:cd:e9:bb:9d:d9:cb:bc:89:
0b:9e:3f:dd:0d:30:8f:5e:8e:33:7d:3c:03:d7:a3:a6:bc:a7:
79:b5:c6:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntYe8MsvI5B7prO4qrO0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2ZlOWFjNmE4YjM3ZWE5ZGQ2Y2VhZjNhOTVjNjhhZmUzNWVlNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCBeGE5yD+VxUJuaHZqFY5prgZYg
gkmTKeHBRwGjRrhMIwTAaSvq42OB+PLwdsNkfHoGyPSJ7BkWOueC454hqs74F/Jx
eifHqSxvWI3fPf1A17VCy4oNqyB/5EhAq9AWszNk8JLshfmvQHqP0S8naApde1Y/
I0dV9SoGL6zQLxX/GVmUfCMSOjt2IeS03CTK5UG5KwThFrGQTjle960jYchGDYg6
7wYlDQh/77bGAUU12LsjBYTp1pvGxwffs5JnEmZPmPsLNafLIeNcZvu/KX29uye1
SrZzejrHmLXQmq6oP1jf6n1t18DLUZs43HSikGRtWSkL6J7i6XgaiwDHDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHf+msaos36p3Wzq86lcaK/jXuc2MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZF82YXhxaXpmcW5kYk9yenFWeG9yLU5lNXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW7rWAwQA
sv0fAwQBsv00MA0GCSqGSIb3DQEBCwUAA4IBAQAh1+G+KHPV9W+IW44HtZ9EUwYA
uxZZOsPZtf6nOSubgWvGK7SCUPc0s8O6bNjJ4w+5GvaSuh+z7JV6QoRqunJcQjAn
Pjh+gWSYS6JUniPDKKm4eiMwYHGVApu768kqGFP0yij629l5TrlUPUR+pmSOj0Tu
czVtvX/BzJOa2lplDTCsYgFXdQFS901QSFahg/CRnQsvCWZMWUKPh/aKv7S0htG2
zdqosJ6BDvxl3RA4d2AClD0knqahywesnYrfNeea7q2o47l0xOds6kbeXqPnp9fc
DLuvdpLVJ+kO2gijBw/izem7ndnLvIkLnj/dDTCPXo4zfTwD16OmvKd5tcb4
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:57:59 2025 by rpki-client