Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/x4Wgkq2Dv-rK-P0koV0OtDWrP3g.roa
File: x4Wgkq2Dv-rK-P0koV0OtDWrP3g.roa (raw, json)
Hash identifier: 1I+ZhP4MjSnwL6Ch0Tag9Ojt9lrKhzcKflbju/BS9hA=
Subject key identifier: C7:85:A0:92:AD:83:BF:EA:CA:F8:FD:24:A1:5D:0E:B4:35:AB:3F:78
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B5817CAAFB035ADE5E45FCF96040B2
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/x4Wgkq2Dv-rK-P0koV0OtDWrP3g.roa
Signing time: Thu 02 Jan 2025 15:49:54 +0000
ROA not before: Thu 02 Jan 2025 15:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34636
IP address blocks: 91.186.193.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:81:7c:aa:fb:03:5a:de:5e:45:fc:f9:60:40:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c785a092ad83bfeacaf8fd24a15d0eb435ab3f78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:48:e5:d5:da:a2:c5:4d:cd:b3:d4:d0:d5:a2:
dd:2a:2a:a3:c0:c3:90:86:c3:74:6d:07:78:f8:56:
af:ef:89:b4:52:11:09:3d:90:9b:f6:dd:44:a1:14:
f2:eb:fc:f6:e7:51:88:d5:a8:ac:d1:38:32:36:19:
27:8c:92:a8:76:f5:83:71:5a:dc:c5:b5:a9:f9:99:
51:d9:9b:24:08:c1:22:67:bd:50:61:8a:74:c5:24:
fa:a2:08:0d:c9:dc:84:cb:eb:17:97:b4:95:63:41:
c2:43:3e:bc:3c:c3:c2:bd:ad:fd:84:e9:2d:c0:20:
d0:d1:24:3e:98:6e:d3:7c:5c:34:49:91:8e:80:1e:
05:73:89:41:56:53:14:aa:16:a0:f8:d2:5a:25:98:
62:07:bd:24:10:30:fc:8b:cd:37:7c:b1:7d:c0:c1:
a7:a8:4f:4a:fd:1b:f8:98:82:55:69:65:5b:68:52:
4b:60:86:ef:c3:c1:99:fe:1e:25:f7:cd:c3:8c:e2:
55:07:84:da:ff:dd:21:cc:90:0b:c1:28:1e:c1:30:
2a:b1:71:47:4e:1e:5c:b0:50:09:4f:df:66:55:d0:
a0:d4:6c:87:e9:c9:1c:f6:05:ec:c4:09:a4:18:dc:
76:90:07:d1:c4:37:a8:b6:01:4a:01:52:bc:b2:a9:
f1:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:85:A0:92:AD:83:BF:EA:CA:F8:FD:24:A1:5D:0E:B4:35:AB:3F:78
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/x4Wgkq2Dv-rK-P0koV0OtDWrP3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.186.193.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:bf:1c:2d:c1:9d:12:b6:25:97:6d:ba:7b:f1:cf:2d:23:35:
ca:95:b9:21:39:39:3d:cc:0d:51:ab:a4:ff:c6:b7:f7:87:0c:
83:05:59:59:89:44:50:9d:e7:52:00:76:98:c6:f0:79:b2:b6:
c1:d5:62:1f:27:77:25:b1:bd:2d:fe:4f:f4:64:53:73:bf:af:
04:b2:57:33:1c:e9:60:50:a9:f4:cf:22:c9:3a:ee:86:d6:4c:
53:49:1a:4d:be:ce:42:a1:d1:2f:ef:6b:e6:22:0f:f2:1d:b4:
e6:cb:97:49:a8:b9:76:b8:b9:9a:59:70:9b:ca:c3:45:f2:6d:
42:bb:69:d2:77:19:71:cc:f2:10:60:3e:9d:b3:4d:26:47:25:
eb:e1:38:97:81:1a:09:c1:60:02:7a:f6:c1:73:e5:30:77:b3:
e7:8b:91:61:0a:e3:8e:dd:f1:f0:f9:09:45:dd:2c:f0:cc:e0:
8e:a2:ca:b8:1b:de:6e:80:8c:c7:49:1d:87:41:b0:79:8e:1a:
28:60:f7:9e:ea:87:01:b2:9c:84:b0:b3:13:f9:f6:8e:da:eb:
7d:f3:e9:75:09:ec:c6:34:b8:40:f9:d3:42:6e:6e:fb:01:1b:
f9:d1:2d:e3:7e:db:d8:41:0c:bf:41:81:0d:3e:26:67:70:a1:
72:91:6e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYF8qvsDWt5eRfz5YECyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzg1YTA5MmFkODNiZmVhY2FmOGZkMjRhMTVkMGViNDM1YWIzZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0jl1dqixU3Ns9TQ1aLdKiqjwMOQ
hsN0bQd4+Fav74m0UhEJPZCb9t1EoRTy6/z251GI1ais0TgyNhknjJKodvWDcVrc
xbWp+ZlR2ZskCMEiZ71QYYp0xST6oggNydyEy+sXl7SVY0HCQz68PMPCva39hOkt
wCDQ0SQ+mG7TfFw0SZGOgB4Fc4lBVlMUqhag+NJaJZhiB70kEDD8i803fLF9wMGn
qE9K/Rv4mIJVaWVbaFJLYIbvw8GZ/h4l983DjOJVB4Ta/90hzJALwSgewTAqsXFH
Th5csFAJT99mVdCg1GyH6ckc9gXsxAmkGNx2kAfRxDeotgFKAVK8sqnxtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeFoJKtg7/qyvj9JKFdDrQ1qz94MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEveDRXZ2txMkR2LXJLLVAwa29WME90RFdyUDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7rBMA0G
CSqGSIb3DQEBCwUAA4IBAQBsvxwtwZ0StiWXbbp78c8tIzXKlbkhOTk9zA1Rq6T/
xrf3hwyDBVlZiURQnedSAHaYxvB5srbB1WIfJ3clsb0t/k/0ZFNzv68EslczHOlg
UKn0zyLJOu6G1kxTSRpNvs5CodEv72vmIg/yHbTmy5dJqLl2uLmaWXCbysNF8m1C
u2nSdxlxzPIQYD6ds00mRyXr4TiXgRoJwWACevbBc+Uwd7Pni5FhCuOO3fHw+QlF
3SzwzOCOosq4G95ugIzHSR2HQbB5jhooYPee6ocBspyEsLMT+faO2ut98+l1CezG
NLhA+dNCbm77ARv50S3jftvYQQy/QYENPiZncKFykW6Q
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:58:19 2025 by rpki-client