Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sB9OI0ohS3t-77xuXf8yTaH_vwQ.roa
File: sB9OI0ohS3t-77xuXf8yTaH_vwQ.roa (raw, json)
Hash identifier: e6oz7AmYzdf1rZusmPZx7bBXMxzavT2kgVqIcrHyqz4=
Subject key identifier: B0:1F:4E:23:4A:21:4B:7B:7E:EF:BC:6E:5D:FF:32:4D:A1:FF:BF:04
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 0182A58DE21B40EFD5DA40CBDC1E58D63AC1
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sB9OI0ohS3t-77xuXf8yTaH_vwQ.roa
Signing time: Tue 16 Aug 2022 07:28:35 +0000
ROA not before: Tue 16 Aug 2022 07:28:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 206995
IP address blocks: 91.151.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:a5:8d:e2:1b:40:ef:d5:da:40:cb:dc:1e:58:d6:3a:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 16 07:28:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b01f4e234a214b7b7eefbc6e5dff324da1ffbf04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:96:eb:55:06:07:4f:30:45:86:27:56:6c:4e:
40:05:e0:3d:63:3e:09:1e:5c:2e:f8:48:b9:30:a2:
0b:56:89:84:e0:72:a4:d0:7a:3e:7f:09:8c:cc:f2:
78:64:87:d1:28:70:2c:92:9c:ff:b9:7c:0c:9b:5f:
fd:9e:fb:6d:6f:f5:53:b7:2d:65:75:41:a6:f2:38:
69:2b:8a:52:58:d2:d7:29:94:f5:04:24:42:fe:b6:
f6:7f:40:75:8f:60:86:45:66:8e:b7:e7:92:1b:72:
0b:73:b6:9b:06:8c:36:aa:78:d8:08:5e:c0:ba:f5:
ef:23:0c:f7:f9:78:8d:76:92:1d:3e:80:39:7e:0f:
e7:e4:2c:e2:20:5a:41:63:eb:da:94:36:7e:72:d3:
78:73:c9:c7:ea:b3:9d:6c:13:6a:f8:fb:94:56:d9:
07:b1:53:f3:df:41:d3:a0:12:3d:86:cb:e2:2f:2d:
6f:71:f5:b7:93:8f:a7:fb:72:cb:a8:d6:46:de:89:
d2:c9:5c:05:13:f6:e6:84:77:d8:52:fa:9a:53:db:
21:50:58:f0:53:03:ba:23:14:27:1f:ff:72:e8:a4:
a3:3e:2a:da:1b:e8:86:c7:9e:7a:1f:8c:92:e9:2e:
ae:de:9b:95:ce:bd:81:c8:a6:d0:9f:04:99:92:16:
0e:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:1F:4E:23:4A:21:4B:7B:7E:EF:BC:6E:5D:FF:32:4D:A1:FF:BF:04
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sB9OI0ohS3t-77xuXf8yTaH_vwQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.95.0/24
Signature Algorithm: sha256WithRSAEncryption
03:7e:76:db:ae:3b:62:4f:85:89:c5:8f:a7:93:d2:4d:2d:6d:
6b:09:fa:2c:35:d4:02:8b:be:55:aa:fc:42:33:26:d1:7a:1a:
86:a4:31:47:b9:27:62:37:1f:4b:77:d7:0a:c5:2e:0d:8e:a7:
1e:50:d2:f5:b4:f0:47:bc:b4:94:92:47:aa:51:4d:ca:91:e2:
06:3f:88:61:5d:a8:be:2f:36:79:87:50:ee:b3:32:07:dc:27:
94:5f:0b:e0:bf:d7:18:b7:39:b2:48:d8:18:ac:f6:e2:e0:92:
0d:2b:c5:9e:74:76:57:fe:e4:8f:09:24:b1:51:7c:10:4f:ae:
39:ef:be:45:2f:00:91:39:b4:59:ad:c3:f1:a0:bf:8a:1e:da:
44:d3:db:97:63:b9:88:ea:cd:98:f3:74:a3:4e:c1:60:a9:5b:
0d:53:58:9c:49:1d:3b:ed:66:b2:9e:f8:9f:26:5d:63:2c:59:
6f:4d:75:8a:26:3b:92:79:da:78:d3:41:2d:36:18:58:91:cf:
ed:29:75:c3:f7:a3:ca:1d:8f:56:4a:8c:7a:f1:e0:34:9e:d6:
cc:20:d2:95:97:a3:54:ba:9b:d7:e7:b7:88:28:fa:bb:1b:dd:
d6:bc:57:fc:12:83:ee:1b:d1:4f:cf:d4:0e:05:a8:ae:58:b8:
7f:0d:4d:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYKljeIbQO/V2kDL3B5Y1jrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjIwODE2MDcyODM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDFmNGUyMzRhMjE0YjdiN2VlZmJjNmU1ZGZmMzI0ZGExZmZiZjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJbrVQYHTzBFhidWbE5ABeA9Yz4J
Hlwu+Ei5MKILVomE4HKk0Ho+fwmMzPJ4ZIfRKHAskpz/uXwMm1/9nvttb/VTty1l
dUGm8jhpK4pSWNLXKZT1BCRC/rb2f0B1j2CGRWaOt+eSG3ILc7abBow2qnjYCF7A
uvXvIwz3+XiNdpIdPoA5fg/n5CziIFpBY+valDZ+ctN4c8nH6rOdbBNq+PuUVtkH
sVPz30HToBI9hsviLy1vcfW3k4+n+3LLqNZG3onSyVwFE/bmhHfYUvqaU9shUFjw
UwO6IxQnH/9y6KSjPiraG+iGx556H4yS6S6u3puVzr2ByKbQnwSZkhYOhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAfTiNKIUt7fu+8bl3/Mk2h/78EMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvc0I5T0kwb2hTM3QtNzd4dVhmOHlUYUhfdndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5dfMA0G
CSqGSIb3DQEBCwUAA4IBAQADfnbbrjtiT4WJxY+nk9JNLW1rCfosNdQCi75VqvxC
MybRehqGpDFHuSdiNx9Ld9cKxS4NjqceUNL1tPBHvLSUkkeqUU3KkeIGP4hhXai+
LzZ5h1DuszIH3CeUXwvgv9cYtzmySNgYrPbi4JINK8WedHZX/uSPCSSxUXwQT645
775FLwCRObRZrcPxoL+KHtpE09uXY7mI6s2Y83SjTsFgqVsNU1icSR077Waynvif
Jl1jLFlvTXWKJjuSedp400EtNhhYkc/tKXXD96PKHY9WSox68eA0ntbMINKVl6NU
upvX57eIKPq7G93WvFf8EoPuG9FPz9QOBaiuWLh/DU0l
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:11 2025 by rpki-client