Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/pryGwqI3Z6vnkuVdHV6sseaBVOM.roa
File: pryGwqI3Z6vnkuVdHV6sseaBVOM.roa (raw, json)
Hash identifier: 4dWUr/B4E736DPlEEDrP6I+DkJ5Fr8SqPpRLteuI4h0=
Subject key identifier: A6:BC:86:C2:A2:37:67:AB:E7:92:E5:5D:1D:5E:AC:B1:E6:81:54:E3
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 019422FC2A4D2F54EED996EC3DFDFCCD7638
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/pryGwqI3Z6vnkuVdHV6sseaBVOM.roa
Signing time: Wed 01 Jan 2025 17:48:58 +0000
ROA not before: Wed 01 Jan 2025 17:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60594
IP address blocks: 192.162.198.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:2a:4d:2f:54:ee:d9:96:ec:3d:fd:fc:cd:76:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Jan 1 17:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6bc86c2a23767abe792e55d1d5eacb1e68154e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:61:35:4a:f6:0c:1c:4d:f7:dc:06:9e:21:23:
6d:86:36:41:8a:aa:32:11:7f:3d:aa:2a:f0:8a:ca:
75:30:ef:c2:51:c9:ab:c3:70:3b:dd:03:78:a7:a0:
be:c6:08:f0:85:6e:23:3c:22:39:30:1b:0b:ee:8f:
19:e8:fd:d0:f1:1f:fb:e1:85:d2:8e:89:1e:7a:18:
9d:e5:70:87:55:b9:7e:dd:2a:d1:b6:3a:84:b3:2f:
86:b8:b2:78:ba:d1:11:81:ba:f6:b7:d5:54:e3:38:
c4:ff:2b:9e:28:88:23:de:88:65:90:6e:2d:ad:d9:
c6:ba:a4:82:33:fd:d4:bb:5e:83:4f:42:19:be:ab:
e5:b9:c4:b9:52:c1:ff:e6:5f:0c:b5:e2:ae:8b:18:
5f:91:7d:dc:55:24:fb:4b:7a:61:fb:64:16:97:06:
ee:8a:5f:96:55:90:eb:59:83:b5:50:72:48:97:cb:
50:c1:48:4a:0c:9e:46:d8:c5:95:1e:92:c9:65:d9:
3e:05:e7:81:9d:5f:71:53:6c:8b:3e:98:61:53:ee:
fa:5c:3f:9e:39:e3:21:d8:2f:4a:0f:4c:5e:aa:23:
99:38:c2:79:fb:7b:fa:e4:81:ab:3d:49:08:91:e6:
4d:08:63:c4:ed:ac:4e:99:2d:7e:de:62:7c:40:d6:
2d:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:BC:86:C2:A2:37:67:AB:E7:92:E5:5D:1D:5E:AC:B1:E6:81:54:E3
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/pryGwqI3Z6vnkuVdHV6sseaBVOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.162.198.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:e6:e6:5a:f0:72:73:2c:34:04:c8:08:c3:50:e3:3d:7c:f0:
fc:53:46:72:4a:78:7f:99:5b:d1:6c:b7:ac:f2:96:55:40:0f:
5a:33:43:cb:85:ed:3b:3f:41:56:24:f6:c4:ef:5a:93:1e:b2:
1a:0f:13:e1:ed:37:94:2d:9b:e6:fd:56:15:66:8c:ce:2f:42:
41:fd:f9:e0:b1:7f:57:63:37:a6:c5:52:02:6b:0c:02:7f:d3:
ee:af:87:5c:b3:65:d3:d0:61:94:81:4e:a8:cc:9d:4d:43:03:
b9:95:21:25:0e:bb:2b:17:59:2b:e5:64:16:33:fb:73:90:05:
e5:fe:c6:ed:1c:30:99:cb:2a:99:c3:0e:1f:8f:0b:ac:48:3e:
71:a5:79:af:e7:e2:c0:9a:a2:7f:ae:fd:8a:9e:f3:4d:98:e7:
a1:71:66:3a:5c:2d:c1:2d:db:3e:bb:38:38:d2:b9:64:f7:8f:
1e:66:4a:04:80:4b:cf:b3:b7:44:c0:06:ee:0d:8c:a5:b7:0a:
fa:23:51:8e:cd:e9:d7:96:7c:af:61:72:ad:3e:d2:ee:4d:1d:
9d:c4:92:9c:73:27:52:8c:39:62:e9:34:09:b8:2b:68:4c:9a:
75:c0:e9:9c:cb:a5:ea:15:e4:b8:41:39:61:d3:4b:70:a6:cc:
32:31:a0:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CpNL1Tu2ZbsPf38zXY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjUwMTAxMTc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmJjODZjMmEyMzc2N2FiZTc5MmU1NWQxZDVlYWNiMWU2ODE1NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmE1SvYMHE333AaeISNthjZBiqoy
EX89qirwisp1MO/CUcmrw3A73QN4p6C+xgjwhW4jPCI5MBsL7o8Z6P3Q8R/74YXS
jokeehid5XCHVbl+3SrRtjqEsy+GuLJ4utERgbr2t9VU4zjE/yueKIgj3ohlkG4t
rdnGuqSCM/3Uu16DT0IZvqvlucS5UsH/5l8MteKuixhfkX3cVST7S3ph+2QWlwbu
il+WVZDrWYO1UHJIl8tQwUhKDJ5G2MWVHpLJZdk+BeeBnV9xU2yLPphhU+76XD+e
OeMh2C9KD0xeqiOZOMJ5+3v65IGrPUkIkeZNCGPE7axOmS1+3mJ8QNYtWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKa8hsKiN2er55LlXR1erLHmgVTjMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvcHJ5R3dxSTNaNnZua3VWZEhWNnNzZWFCVk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLGMA0G
CSqGSIb3DQEBCwUAA4IBAQBL5uZa8HJzLDQEyAjDUOM9fPD8U0ZySnh/mVvRbLes
8pZVQA9aM0PLhe07P0FWJPbE71qTHrIaDxPh7TeULZvm/VYVZozOL0JB/fngsX9X
YzemxVICawwCf9Pur4dcs2XT0GGUgU6ozJ1NQwO5lSElDrsrF1kr5WQWM/tzkAXl
/sbtHDCZyyqZww4fjwusSD5xpXmv5+LAmqJ/rv2KnvNNmOehcWY6XC3BLds+uzg4
0rlk948eZkoEgEvPs7dEwAbuDYyltwr6I1GOzenXlnyvYXKtPtLuTR2dxJKccydS
jDli6TQJuCtoTJp1wOmcy6XqFeS4QTlh00twpswyMaDZ
-----END CERTIFICATE-----
Generated at Tue Apr 22 22:35:54 2025 by rpki-client