Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/u7kI6P_1PGs2C20kJY18HsHyffQ.roa
File: u7kI6P_1PGs2C20kJY18HsHyffQ.roa (raw, json)
Hash identifier: sfyqZsuGo/kdBxBJMCuKZxiEUNSQ3fnq/MKj0Gp50f4=
Subject key identifier: BB:B9:08:E8:FF:F5:3C:6B:36:0B:6D:24:25:8D:7C:1E:C1:F2:7D:F4
Certificate issuer: /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial: 01823A144CB114010A696F37D351FBDCF043
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/u7kI6P_1PGs2C20kJY18HsHyffQ.roa
Signing time: Tue 26 Jul 2022 10:36:24 +0000
ROA not before: Tue 26 Jul 2022 10:36:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41107
IP address blocks: 91.108.160.0/21 maxlen: 21
185.31.152.0/22 maxlen: 22
109.68.192.0/22 maxlen: 22
109.68.192.0/21 maxlen: 21
109.68.196.0/22 maxlen: 22
159.253.160.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:3a:14:4c:b1:14:01:0a:69:6f:37:d3:51:fb:dc:f0:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d894365b28a082834a751a97771b791124524dec
Validity
Not Before: Jul 26 10:36:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bbb908e8fff53c6b360b6d24258d7c1ec1f27df4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:9f:80:d1:25:20:3c:82:82:0d:06:67:ec:ec:
4a:86:56:c7:04:d0:79:dc:92:e6:94:77:46:11:29:
b6:d9:62:1e:5c:e0:50:d2:0f:f7:b7:8e:0f:5d:a3:
95:d6:50:d3:85:f5:ae:e3:65:16:ed:b0:5a:eb:1b:
29:1f:0e:67:1f:2c:51:04:51:42:88:f7:d3:21:5f:
23:c1:4f:b1:e8:ae:d5:d6:0c:48:06:db:43:64:1f:
9f:cf:91:4d:09:62:e4:db:2c:a8:b3:6a:c8:db:8a:
25:86:55:2c:da:96:e8:a7:d4:66:d1:63:d9:5a:bc:
68:3f:11:13:16:76:23:55:62:aa:7e:0e:1d:4c:a4:
1f:59:9f:a3:ce:c6:21:b1:6d:67:bf:88:63:9c:b2:
3a:92:48:fc:7d:9f:31:95:2c:19:ef:92:f9:d8:08:
14:a4:2c:ff:d9:23:85:e8:d1:cc:fd:74:92:53:85:
53:03:d6:70:64:c3:6d:42:be:ec:a6:99:06:19:03:
f0:9b:62:4c:e5:e3:7b:28:db:c1:60:d3:ef:49:79:
5e:06:78:65:17:3b:2c:10:f0:7e:7c:87:5f:e8:c3:
db:7d:f4:26:a4:2a:8b:9e:48:1f:0a:a5:14:f5:5d:
2c:92:4c:0e:54:47:39:27:80:72:ec:68:26:5f:b8:
cc:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:B9:08:E8:FF:F5:3C:6B:36:0B:6D:24:25:8D:7C:1E:C1:F2:7D:F4
X509v3 Authority Key Identifier:
keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/u7kI6P_1PGs2C20kJY18HsHyffQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.160.0/21
109.68.192.0/21
159.253.160.0/21
185.31.152.0/22
Signature Algorithm: sha256WithRSAEncryption
58:1a:a0:45:1a:92:50:98:d5:e1:b8:d0:df:61:dc:af:6f:73:
cc:06:eb:d8:8e:4a:2d:85:cd:15:76:14:44:b6:68:d7:a5:b8:
a6:37:3d:a8:2f:37:f3:e1:ae:de:42:c5:4f:57:11:50:2f:ef:
89:40:59:0d:ab:d5:bc:f1:01:50:00:63:e6:ca:79:46:fc:98:
61:a8:e8:5d:ad:af:cc:cc:ab:70:6a:d3:5c:47:17:2a:58:cb:
bd:26:c3:b1:3f:a3:83:ee:86:98:a5:ff:ab:4d:82:cd:18:16:
26:17:f8:ab:05:b3:52:12:ff:1b:0c:7a:e4:83:34:c5:50:f6:
0d:25:6e:ee:fc:7c:ff:fc:cb:34:a3:43:5b:5d:de:a2:0c:02:
7a:71:8e:8b:f4:72:f4:7d:cf:d1:02:ed:42:c1:0e:9c:e7:08:
26:16:da:24:ee:3f:5c:fc:d7:c2:2f:87:58:39:09:0f:4c:4a:
82:2f:7c:19:b2:b3:66:35:1b:ab:c0:00:57:f8:b3:23:89:21:
93:3f:68:c2:6e:88:a0:89:db:94:19:57:ff:4a:18:0e:15:c6:
b1:69:2e:64:3e:22:d3:40:af:52:71:9b:64:5a:6b:02:89:b9:
12:30:8f:f0:c9:ce:d5:6c:6b:f6:6f:ef:10:b1:66:50:1e:31:
63:f1:86:68
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYI6FEyxFAEKaW8301H73PBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjIwNzI2MTAzNjI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI5MDhlOGZmZjUzYzZiMzYwYjZkMjQyNThkN2MxZWMxZjI3ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ+A0SUgPIKCDQZn7OxKhlbHBNB5
3JLmlHdGESm22WIeXOBQ0g/3t44PXaOV1lDThfWu42UW7bBa6xspHw5nHyxRBFFC
iPfTIV8jwU+x6K7V1gxIBttDZB+fz5FNCWLk2yyos2rI24olhlUs2pbop9Rm0WPZ
WrxoPxETFnYjVWKqfg4dTKQfWZ+jzsYhsW1nv4hjnLI6kkj8fZ8xlSwZ75L52AgU
pCz/2SOF6NHM/XSSU4VTA9ZwZMNtQr7sppkGGQPwm2JM5eN7KNvBYNPvSXleBnhl
FzssEPB+fIdf6MPbffQmpCqLnkgfCqUU9V0skkwOVEc5J4By7GgmX7jMSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLu5COj/9TxrNgttJCWNfB7B8n30MB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvdTdrSTZQXzFQR3MyQzIwa0pZMThIc0h5ZmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDW2ygAwQD
bUTAAwQDn/2gAwQCuR+YMA0GCSqGSIb3DQEBCwUAA4IBAQBYGqBFGpJQmNXhuNDf
Ydyvb3PMBuvYjkothc0VdhREtmjXpbimNz2oLzfz4a7eQsVPVxFQL++JQFkNq9W8
8QFQAGPmynlG/JhhqOhdra/MzKtwatNcRxcqWMu9JsOxP6OD7oaYpf+rTYLNGBYm
F/irBbNSEv8bDHrkgzTFUPYNJW7u/Hz//Ms0o0NbXd6iDAJ6cY6L9HL0fc/RAu1C
wQ6c5wgmFtok7j9c/NfCL4dYOQkPTEqCL3wZsrNmNRurwABX+LMjiSGTP2jCboig
iduUGVf/ShgOFcaxaS5kPiLTQK9ScZtkWmsCibkSMI/wyc7VbGv2b+8QsWZQHjFj
8YZo
-----END CERTIFICATE-----
Generated at Sun Apr 6 23:37:54 2025 by rpki-client