Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/469974-1184-4824-9181-f4a275d6b584/1/orYhiWKvpVUghVFTAf-Es8EOiAc.roa
File: orYhiWKvpVUghVFTAf-Es8EOiAc.roa (raw, json)
Hash identifier: Bwmu9fW9FAkvTE1oSKnUBOQE3ZZwNAghPDBBpjsJHDI=
Subject key identifier: A2:B6:21:89:62:AF:A5:55:20:85:51:53:01:FF:84:B3:C1:0E:88:07
Certificate issuer: /CN=a74de092dc2e4d72aa7e6a960d21ad4e79758b3c
Certificate serial: 0BAEB42C
Authority key identifier: A7:4D:E0:92:DC:2E:4D:72:AA:7E:6A:96:0D:21:AD:4E:79:75:8B:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p03gktwuTXKqfmqWDSGtTnl1izw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/469974-1184-4824-9181-f4a275d6b584/1/orYhiWKvpVUghVFTAf-Es8EOiAc.roa
Signing time: Sat 01 Jan 2022 10:03:04 +0000
ROA not before: Sat 01 Jan 2022 10:03:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12521
IP address blocks: 91.195.72.0/23 maxlen: 24
91.195.102.0/23 maxlen: 24
212.85.32.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 195998764 (0xbaeb42c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a74de092dc2e4d72aa7e6a960d21ad4e79758b3c
Validity
Not Before: Jan 1 10:03:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a2b6218962afa5552085515301ff84b3c10e8807
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:ee:ed:35:24:1d:2b:36:0c:c4:b2:3a:2b:c4:
80:46:48:0d:ca:ee:07:dd:6c:20:94:bc:30:3e:80:
0d:81:52:56:e1:19:d0:12:4b:56:dd:06:b1:0e:e8:
85:0c:90:01:e9:a0:19:9b:e3:b9:f3:64:f2:dd:7d:
be:63:88:3c:64:52:c4:a9:42:db:32:70:d8:72:03:
d1:09:d6:4d:f0:39:48:13:0e:05:c9:10:77:21:c0:
1a:ea:93:0b:d1:32:46:a5:31:82:4f:9e:d1:ac:56:
78:4e:a5:20:2c:1d:26:2d:83:ad:81:b9:60:ce:bb:
79:cc:e0:c3:7c:81:96:f3:f9:b2:28:b2:17:a2:4e:
c7:8d:7c:de:cb:15:fc:e7:04:44:44:40:84:39:89:
52:2e:09:20:87:fc:08:4c:12:a2:b2:0a:7c:0c:35:
22:02:98:b9:6f:64:78:c7:6b:b5:b9:94:ea:19:9f:
d6:57:03:24:a0:9e:27:2f:8a:d5:c6:6b:65:30:9e:
f2:51:83:69:12:1c:33:2e:28:10:88:0c:9a:84:98:
98:00:b2:dd:ad:02:6d:b5:7e:04:8d:8b:47:99:34:
c0:83:4f:4e:66:8f:b6:5d:5e:b2:0b:51:69:16:05:
c0:d6:9c:4d:8c:7a:a6:a8:c1:6d:03:2b:64:c2:9c:
ac:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:B6:21:89:62:AF:A5:55:20:85:51:53:01:FF:84:B3:C1:0E:88:07
X509v3 Authority Key Identifier:
keyid:A7:4D:E0:92:DC:2E:4D:72:AA:7E:6A:96:0D:21:AD:4E:79:75:8B:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p03gktwuTXKqfmqWDSGtTnl1izw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/469974-1184-4824-9181-f4a275d6b584/1/orYhiWKvpVUghVFTAf-Es8EOiAc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/469974-1184-4824-9181-f4a275d6b584/1/p03gktwuTXKqfmqWDSGtTnl1izw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.72.0/23
91.195.102.0/23
212.85.32.0/19
Signature Algorithm: sha256WithRSAEncryption
a3:60:ed:17:70:73:42:99:2a:4d:e1:99:3c:a9:69:89:ff:09:
9d:a8:e3:1f:8a:44:00:0c:c3:a6:6b:28:d4:c0:c9:fd:77:ff:
84:f7:da:f0:5d:1d:33:08:81:77:d7:78:a8:dd:f1:92:4e:1e:
27:b9:43:20:26:18:3a:1d:28:f2:f1:fa:ef:8b:2e:1a:01:b5:
7a:2c:eb:24:77:51:87:57:fe:4b:e2:79:19:3a:6b:6e:ad:3a:
7c:e8:7f:8e:08:01:d6:b9:85:8f:5c:24:b3:2c:fd:e9:05:80:
24:19:27:fd:b0:00:74:13:76:b0:00:29:cc:ed:1d:c7:5b:6b:
47:c2:f0:dc:4b:6b:4c:43:1d:b2:3e:ed:20:c3:b1:21:f1:de:
c1:49:f0:bc:1c:2c:2e:54:98:de:7c:2d:5e:79:8b:e2:dc:fa:
98:8e:f5:97:6a:2f:0d:fe:02:c1:30:b2:47:87:b5:d8:89:37:
e5:74:62:22:98:06:72:46:ee:15:ad:8e:b7:5c:15:90:26:c9:
4a:d3:41:61:9a:3c:36:b9:5a:35:f7:25:1c:15:9f:68:be:ac:
46:dd:77:f2:89:57:18:c1:d3:ba:0c:b8:bb:35:55:54:6a:3b:
c5:eb:d2:83:59:d0:c1:b4:74:35:7f:d9:3e:ce:5d:51:43:4b:
23:6a:c9:d2
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEC660LDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NzRkZTA5MmRjMmU0ZDcyYWE3ZTZhOTYwZDIxYWQ0ZTc5NzU4YjNjMB4XDTIyMDEw
MTEwMDMwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTJiNjIxODk2MmFm
YTU1NTIwODU1MTUzMDFmZjg0YjNjMTBlODgwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAILu7TUkHSs2DMSyOivEgEZIDcruB91sIJS8MD6ADYFSVuEZ
0BJLVt0GsQ7ohQyQAemgGZvjufNk8t19vmOIPGRSxKlC2zJw2HID0QnWTfA5SBMO
BckQdyHAGuqTC9EyRqUxgk+e0axWeE6lICwdJi2DrYG5YM67eczgw3yBlvP5siiy
F6JOx4183ssV/OcERERAhDmJUi4JIIf8CEwSorIKfAw1IgKYuW9keMdrtbmU6hmf
1lcDJKCeJy+K1cZrZTCe8lGDaRIcMy4oEIgMmoSYmACy3a0CbbV+BI2LR5k0wINP
TmaPtl1esgtRaRYFwNacTYx6pqjBbQMrZMKcrKUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSitiGJYq+lVSCFUVMB/4SzwQ6IBzAfBgNVHSMEGDAWgBSnTeCS3C5Ncqp+
apYNIa1OeXWLPDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3AwM2drdHd1VFhLcWZtcVdEU0d0VG5sMWl6dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzIvNDY5OTc0LTExODQtNDgyNC05MTgxLWY0YTI3NWQ2YjU4NC8x
L29yWWhpV0t2cFZVZ2hWRlRBZi1FczhFT2lBYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzIv
NDY5OTc0LTExODQtNDgyNC05MTgxLWY0YTI3NWQ2YjU4NC8xL3AwM2drdHd1VFhL
cWZtcVdEU0d0VG5sMWl6dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAVvDSAMEAVvDZgMEBdRVIDANBgkq
hkiG9w0BAQsFAAOCAQEAo2DtF3BzQpkqTeGZPKlpif8JnajjH4pEAAzDpmso1MDJ
/Xf/hPfa8F0dMwiBd9d4qN3xkk4eJ7lDICYYOh0o8vH674suGgG1eizrJHdRh1f+
S+J5GTprbq06fOh/jggB1rmFj1wksyz96QWAJBkn/bAAdBN2sAApzO0dx1trR8Lw
3EtrTEMdsj7tIMOxIfHewUnwvBwsLlSY3nwtXnmL4tz6mI71l2ovDf4CwTCyR4e1
2Ik35XRiIpgGckbuFa2Ot1wVkCbJStNBYZo8NrlaNfclHBWfaL6sRt138olXGMHT
ugy4uzVVVGo7xevSg1nQwbR0NX/ZPs5dUUNLI2rJ0g==
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:29:42 2025 by rpki-client