Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/ro_6Gt93wbB0QjU8X0YkLvSt83o.roa
File: ro_6Gt93wbB0QjU8X0YkLvSt83o.roa (raw, json)
Hash identifier: SIADnB2RA3sseQfiGaOIOFfs1sY5reAjZBFOTfHbBiE=
Subject key identifier: AE:8F:FA:1A:DF:77:C1:B0:74:42:35:3C:5F:46:24:2E:F4:AD:F3:7A
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01856DAF686DF464DDBA564BA94DBDD176CE
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/ro_6Gt93wbB0QjU8X0YkLvSt83o.roa
Signing time: Sun 01 Jan 2023 14:14:50 +0000
ROA not before: Sun 01 Jan 2023 14:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211560
IP address blocks: 91.151.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:af:68:6d:f4:64:dd:ba:56:4b:a9:4d:bd:d1:76:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 1 14:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae8ffa1adf77c1b07442353c5f46242ef4adf37a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:61:08:9a:b5:94:eb:4b:37:9b:56:37:11:9f:
8a:3e:94:1e:84:ef:c2:9f:33:2f:4d:b3:9e:53:09:
e9:9b:fc:ac:bc:aa:cc:d1:75:f2:d5:c6:ee:ee:9f:
1c:f2:39:10:4c:e8:35:c5:d7:dd:a8:86:1a:d9:e4:
42:cb:9d:b2:fb:8d:a8:c7:49:b5:5e:c5:14:15:05:
82:a2:12:87:95:0b:76:e3:32:ea:ef:2c:6a:55:18:
b0:b9:31:b7:28:c2:e5:7c:3a:5e:46:c6:7e:51:94:
e4:08:74:01:66:50:e1:d6:f2:ba:a5:f3:d8:11:b7:
b7:4d:13:a0:e7:a1:43:a4:40:7f:b5:76:45:4a:b1:
55:6f:36:5f:ef:38:d9:a1:81:cf:94:46:94:d2:1e:
0a:21:96:6c:ab:bc:67:8e:b9:1a:0d:47:46:1c:a3:
39:d2:91:23:e8:19:3b:65:e1:fc:87:d9:6b:9c:82:
f8:8d:eb:d8:10:49:5d:22:89:4b:f1:f0:6c:22:93:
3c:cf:91:b7:93:62:7c:76:4a:d4:6f:a8:18:dc:14:
b4:00:68:0d:0e:2b:49:cd:29:bc:7b:b2:66:35:99:
79:53:d5:7b:f6:9b:4b:3b:2c:67:00:b8:78:61:1d:
75:ed:96:c9:a5:0c:be:93:a8:21:66:7f:dc:1f:7c:
27:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:8F:FA:1A:DF:77:C1:B0:74:42:35:3C:5F:46:24:2E:F4:AD:F3:7A
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/ro_6Gt93wbB0QjU8X0YkLvSt83o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.94.0/24
Signature Algorithm: sha256WithRSAEncryption
07:21:8a:72:24:be:d5:e3:8f:53:0b:8e:46:04:e4:c1:d5:f1:
63:31:cc:5d:18:0a:99:11:5c:29:44:17:c0:07:61:97:b1:6d:
eb:73:31:9f:d0:0f:11:33:db:aa:99:fa:d8:5c:e9:7a:a2:f9:
a1:97:ac:79:b2:23:fc:0c:8a:54:e4:39:45:d0:ef:37:c3:52:
2e:77:52:29:c7:42:63:1d:10:30:79:a5:d9:73:4e:4a:16:f2:
c9:e7:fd:f0:23:c4:31:44:dd:27:4d:ac:b2:d1:83:6e:d3:2e:
ad:11:94:c3:3c:b4:c8:3b:10:4d:a9:fb:f4:92:14:c6:f5:fb:
91:69:4f:92:9a:0f:8c:db:d5:1a:83:37:f7:85:c6:7c:ae:76:
8c:cc:a0:06:c9:c2:b3:c0:4b:8c:02:4f:66:d0:9a:59:9f:c1:
32:15:a6:01:7e:4a:52:9a:8b:e9:e9:fa:0b:27:f1:07:b3:77:
64:70:c5:ba:ba:72:95:ab:87:b8:33:a2:d2:b7:bf:e2:3c:8d:
06:36:f5:24:78:3e:4b:53:bd:6c:df:42:6b:dc:16:d9:dc:c9:
9b:94:fb:72:41:d8:b2:dd:e1:29:21:8b:c0:c1:9e:e4:67:51:
ac:3c:53:49:69:d0:4e:0a:36:d4:dd:d9:7e:73:c6:1c:ad:5c:
56:90:bc:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr2ht9GTdulZLqU290XbOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwMTAxMTQxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThmZmExYWRmNzdjMWIwNzQ0MjM1M2M1ZjQ2MjQyZWY0YWRmMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2EImrWU60s3m1Y3EZ+KPpQehO/C
nzMvTbOeUwnpm/ysvKrM0XXy1cbu7p8c8jkQTOg1xdfdqIYa2eRCy52y+42ox0m1
XsUUFQWCohKHlQt24zLq7yxqVRiwuTG3KMLlfDpeRsZ+UZTkCHQBZlDh1vK6pfPY
Ebe3TROg56FDpEB/tXZFSrFVbzZf7zjZoYHPlEaU0h4KIZZsq7xnjrkaDUdGHKM5
0pEj6Bk7ZeH8h9lrnIL4jevYEEldIolL8fBsIpM8z5G3k2J8dkrUb6gY3BS0AGgN
DitJzSm8e7JmNZl5U9V79ptLOyxnALh4YR117ZbJpQy+k6ghZn/cH3wnRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6P+hrfd8GwdEI1PF9GJC70rfN6MB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvcm9fNkd0OTN3YkIwUWpVOFgwWWtMdlN0ODNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5deMA0G
CSqGSIb3DQEBCwUAA4IBAQAHIYpyJL7V449TC45GBOTB1fFjMcxdGAqZEVwpRBfA
B2GXsW3rczGf0A8RM9uqmfrYXOl6ovmhl6x5siP8DIpU5DlF0O83w1Iud1Ipx0Jj
HRAweaXZc05KFvLJ5/3wI8QxRN0nTayy0YNu0y6tEZTDPLTIOxBNqfv0khTG9fuR
aU+Smg+M29Uagzf3hcZ8rnaMzKAGycKzwEuMAk9m0JpZn8EyFaYBfkpSmovp6foL
J/EHs3dkcMW6unKVq4e4M6LSt7/iPI0GNvUkeD5LU71s30Jr3BbZ3MmblPtyQdiy
3eEpIYvAwZ7kZ1GsPFNJadBOCjbU3dl+c8YcrVxWkLwO
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:15:54 2025 by rpki-client