Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/bmXc8KugN78RPntXaO6_qDlM-7A.roa
File: bmXc8KugN78RPntXaO6_qDlM-7A.roa (raw, json)
Hash identifier: Cb09dK81aAHuAOvEVtwvuVGBoof4v61f6BVZFmwFhBE=
Subject key identifier: 6E:65:DC:F0:AB:A0:37:BF:11:3E:7B:57:68:EE:BF:A8:39:4C:FB:B0
Certificate issuer: /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial: 0195B3BE3EFF47496531DEA8DD1E35129855
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/bmXc8KugN78RPntXaO6_qDlM-7A.roa
Signing time: Thu 20 Mar 2025 13:29:04 +0000
ROA not before: Thu 20 Mar 2025 13:29:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215540
IP address blocks: 91.219.23.0/24 maxlen: 24
178.22.31.0/24 maxlen: 24
193.228.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b3:be:3e:ff:47:49:65:31:de:a8:dd:1e:35:12:98:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
Validity
Not Before: Mar 20 13:29:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6e65dcf0aba037bf113e7b5768eebfa8394cfbb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:29:0e:4c:ee:ac:e4:99:95:9d:82:a7:90:50:
ce:40:b3:09:3a:fc:ec:8c:73:b6:a4:ba:9c:59:ba:
75:27:4a:b2:87:ec:68:82:f6:6e:98:c0:8d:2c:fc:
65:b9:17:6e:75:8a:4b:f2:9e:53:90:01:c8:3b:c4:
f6:41:22:ff:a5:32:25:e1:ec:08:0d:4f:33:40:09:
e2:5a:aa:8b:b0:7e:f2:5b:eb:20:a8:3a:e8:85:b4:
58:9d:78:fa:2c:fd:ca:8f:77:cc:d5:d5:87:5c:99:
d3:a3:64:12:59:4a:68:04:65:aa:2b:dd:6c:9a:a5:
cc:50:96:1d:ed:22:65:b9:f4:07:e7:ce:ec:c6:69:
02:32:cc:f6:44:79:26:3a:88:f5:99:6d:d7:67:1b:
df:54:18:11:4d:da:33:2b:f9:5b:c0:bc:62:d7:85:
55:70:12:15:08:a8:80:44:e0:51:59:13:a7:70:11:
7d:82:68:8d:12:23:bb:30:b2:a3:fd:21:17:a5:87:
64:25:80:24:76:5e:59:8d:03:c6:76:06:81:80:5c:
d6:8a:22:40:3b:89:58:82:39:16:fa:0a:8b:e8:c7:
d7:9e:e1:47:98:72:98:16:4c:2d:c0:47:5d:85:43:
cd:57:e2:62:ec:94:11:97:ef:28:3d:f2:79:a8:f0:
4a:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:65:DC:F0:AB:A0:37:BF:11:3E:7B:57:68:EE:BF:A8:39:4C:FB:B0
X509v3 Authority Key Identifier:
keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/bmXc8KugN78RPntXaO6_qDlM-7A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.219.23.0/24
178.22.31.0/24
193.228.128.0/24
Signature Algorithm: sha256WithRSAEncryption
12:57:bc:bd:1b:70:57:2b:73:62:90:9d:36:04:27:e0:75:5a:
9f:25:a3:c9:d7:d5:38:6d:98:3d:30:25:d9:d6:ba:fc:d5:f3:
1a:a1:2d:7b:ab:3f:db:23:dd:26:13:80:59:bd:12:ed:ed:8d:
2f:ee:b5:38:d6:14:be:2c:2c:eb:1b:c5:4e:84:9d:a5:ae:cd:
af:10:26:a1:84:58:ac:03:9b:73:aa:80:0a:13:b9:09:ae:d8:
97:0b:df:73:07:80:65:95:97:71:1d:a4:e2:4d:2d:25:cb:92:
9b:31:05:d5:88:ff:3f:22:5f:11:39:84:3a:57:68:10:df:8a:
2b:90:4d:09:f3:56:a3:8f:08:cd:77:77:69:93:8f:67:d3:35:
ab:64:25:bf:1b:1b:14:5c:f2:27:f7:92:87:cb:d6:5b:3c:f9:
79:d4:22:db:9d:71:2f:e5:da:d9:0c:19:f1:dc:f0:ab:e9:ab:
f2:ea:7e:b6:08:19:6f:c7:74:29:80:06:ad:28:4e:cf:5b:36:
78:6a:65:8e:71:54:88:c8:57:95:5a:a6:c2:c7:4a:df:c9:1a:
39:2d:69:15:c1:d4:7c:1f:5b:9c:1b:ac:c7:6a:ca:74:de:38:
df:2a:d5:36:4f:0e:0b:ad:62:8a:45:2c:c3:7c:3f:21:2a:3d:
f4:b8:3d:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWzvj7/R0llMd6o3R41EphVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjUwMzIwMTMyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTY1ZGNmMGFiYTAzN2JmMTEzZTdiNTc2OGVlYmZhODM5NGNmYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlikOTO6s5JmVnYKnkFDOQLMJOvzs
jHO2pLqcWbp1J0qyh+xogvZumMCNLPxluRdudYpL8p5TkAHIO8T2QSL/pTIl4ewI
DU8zQAniWqqLsH7yW+sgqDrohbRYnXj6LP3Kj3fM1dWHXJnTo2QSWUpoBGWqK91s
mqXMUJYd7SJlufQH587sxmkCMsz2RHkmOoj1mW3XZxvfVBgRTdozK/lbwLxi14VV
cBIVCKiAROBRWROncBF9gmiNEiO7MLKj/SEXpYdkJYAkdl5ZjQPGdgaBgFzWiiJA
O4lYgjkW+gqL6MfXnuFHmHKYFkwtwEddhUPNV+Ji7JQRl+8oPfJ5qPBKUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG5l3PCroDe/ET57V2juv6g5TPuwMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvYm1YYzhLdWdONzhSUG50WGFPNl9xRGxNLTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9sXAwQA
shYfAwQAweSAMA0GCSqGSIb3DQEBCwUAA4IBAQASV7y9G3BXK3NikJ02BCfgdVqf
JaPJ19U4bZg9MCXZ1rr81fMaoS17qz/bI90mE4BZvRLt7Y0v7rU41hS+LCzrG8VO
hJ2lrs2vECahhFisA5tzqoAKE7kJrtiXC99zB4BllZdxHaTiTS0ly5KbMQXViP8/
Il8ROYQ6V2gQ34orkE0J81ajjwjNd3dpk49n0zWrZCW/GxsUXPIn95KHy9ZbPPl5
1CLbnXEv5drZDBnx3PCr6avy6n62CBlvx3QpgAatKE7PWzZ4amWOcVSIyFeVWqbC
x0rfyRo5LWkVwdR8H1ucG6zHasp03jjfKtU2Tw4LrWKKRSzDfD8hKj30uD1x
-----END CERTIFICATE-----
Generated at Wed Apr 23 02:19:22 2025 by rpki-client