Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6P5I9CV-0iz8xhApZun6CRSs1uY.roa
File: 6P5I9CV-0iz8xhApZun6CRSs1uY.roa (raw, json)
Hash identifier: ZHHwtDc6PAiVKEcfGxvt/D46o+3UnI+1ijbF/hsuoqM=
Subject key identifier: E8:FE:48:F4:25:7E:D2:2C:FC:C6:10:29:66:E9:FA:09:14:AC:D6:E6
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 0194D7B1E1C4D59538DA0904F1BFCCC82778
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6P5I9CV-0iz8xhApZun6CRSs1uY.roa
Signing time: Wed 05 Feb 2025 19:59:06 +0000
ROA not before: Wed 05 Feb 2025 19:59:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48108
IP address blocks: 91.203.235.0/24 maxlen: 24
193.43.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d7:b1:e1:c4:d5:95:38:da:09:04:f1:bf:cc:c8:27:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Feb 5 19:59:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e8fe48f4257ed22cfcc6102966e9fa0914acd6e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:8b:59:5e:ec:41:bc:da:0f:c0:34:1f:15:f1:
87:36:47:09:82:db:43:00:4b:7e:10:14:57:03:64:
62:00:2b:a1:eb:ed:8f:a7:6f:59:88:24:0c:d9:1c:
f8:5b:86:ea:56:86:f1:f2:3a:79:70:9e:c8:92:9b:
e6:4c:a5:d0:e0:f5:79:38:93:63:c1:8b:66:fe:d6:
25:e6:32:b4:c4:f3:a0:b0:ad:00:1f:78:6d:9c:54:
7a:99:7a:67:ae:44:1e:bb:17:4c:0b:f4:7c:79:ee:
4f:f2:fe:29:fb:88:fc:cc:5a:8a:65:1b:e8:85:14:
d3:5d:85:59:a4:cc:a0:f3:5b:c2:dc:76:6c:e9:4d:
87:49:34:62:f3:81:5f:62:17:d3:f5:8a:41:64:88:
1b:cd:0a:4d:85:70:01:3d:01:80:f3:9b:d5:34:d6:
e3:7a:ea:b2:61:f7:4b:cf:75:b5:fd:ae:f3:63:4b:
a5:2e:84:89:56:41:2e:44:04:6b:d7:13:2e:34:ac:
5f:cc:3c:f4:fe:25:7d:b6:71:01:46:e8:b1:d8:6a:
d6:3a:4e:45:09:a9:ec:ae:2e:d1:1f:82:d2:55:60:
fb:c1:a7:2c:7c:b9:39:a2:35:02:ca:0d:af:6a:77:
fe:cd:8a:3d:4d:df:8f:f2:6f:e4:2b:ee:31:9a:c9:
e3:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:FE:48:F4:25:7E:D2:2C:FC:C6:10:29:66:E9:FA:09:14:AC:D6:E6
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6P5I9CV-0iz8xhApZun6CRSs1uY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.203.235.0/24
193.43.248.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:4c:3e:37:a4:5c:7d:02:8e:04:a5:f5:66:21:44:72:03:90:
32:e1:32:44:9b:2b:56:53:f8:fd:60:00:0b:15:c0:df:9f:d6:
1b:4f:b3:9e:b7:9b:50:4e:c5:18:c3:39:b5:d9:8f:d4:b2:75:
62:47:64:97:d8:ad:93:d8:f1:6f:e9:7c:de:b7:e3:be:d2:8a:
cc:6c:86:dc:b9:5f:3e:03:49:97:fd:ee:aa:4b:8e:81:72:d1:
8e:23:05:5e:15:5c:34:7b:94:34:77:ce:3b:df:c1:0a:37:9c:
ba:13:15:a4:3a:62:5b:1d:d4:74:a5:4f:7c:a2:9b:ee:b5:37:
c0:0d:c2:57:29:94:eb:1f:b2:0b:f6:94:8f:e1:77:44:b2:21:
58:74:a9:d3:d6:a5:25:b4:ac:a4:8e:e6:83:4f:19:dd:b3:cf:
08:62:3c:89:43:35:56:4e:f5:3a:21:f5:ad:10:0a:3f:d8:4a:
38:65:af:8d:cf:27:90:1c:92:50:ac:3b:8c:f3:6c:ad:f7:1f:
e6:66:81:20:19:1f:57:b4:04:61:16:16:2d:fb:6f:de:40:78:
a0:e7:92:c6:f4:e8:4d:e3:e4:16:53:86:92:ab:45:1a:c8:f9:
64:86:e8:21:4c:b1:c7:ef:b0:15:28:7e:b9:3d:e9:62:f9:d3:
74:8e:67:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTXseHE1ZU42gkE8b/MyCd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMjA1MTk1OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGZlNDhmNDI1N2VkMjJjZmNjNjEwMjk2NmU5ZmEwOTE0YWNkNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1otZXuxBvNoPwDQfFfGHNkcJgttD
AEt+EBRXA2RiACuh6+2Pp29ZiCQM2Rz4W4bqVobx8jp5cJ7IkpvmTKXQ4PV5OJNj
wYtm/tYl5jK0xPOgsK0AH3htnFR6mXpnrkQeuxdMC/R8ee5P8v4p+4j8zFqKZRvo
hRTTXYVZpMyg81vC3HZs6U2HSTRi84FfYhfT9YpBZIgbzQpNhXABPQGA85vVNNbj
euqyYfdLz3W1/a7zY0ulLoSJVkEuRARr1xMuNKxfzDz0/iV9tnEBRuix2GrWOk5F
Cansri7RH4LSVWD7wacsfLk5ojUCyg2vanf+zYo9Td+P8m/kK+4xmsnjowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOj+SPQlftIs/MYQKWbp+gkUrNbmMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvNlA1STlDVi0waXo4eGhBcFp1bjZDUlNzMXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8vrAwQA
wSv4MA0GCSqGSIb3DQEBCwUAA4IBAQAtTD43pFx9Ao4EpfVmIURyA5Ay4TJEmytW
U/j9YAALFcDfn9YbT7Oet5tQTsUYwzm12Y/UsnViR2SX2K2T2PFv6Xzet+O+0orM
bIbcuV8+A0mX/e6qS46BctGOIwVeFVw0e5Q0d84738EKN5y6ExWkOmJbHdR0pU98
opvutTfADcJXKZTrH7IL9pSP4XdEsiFYdKnT1qUltKykjuaDTxnds88IYjyJQzVW
TvU6IfWtEAo/2Eo4Za+NzyeQHJJQrDuM82yt9x/mZoEgGR9XtARhFhYt+2/eQHig
55LG9OhN4+QWU4aSq0UayPlkhughTLHH77AVKH65Peli+dN0jmeL
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:09:46 2025 by rpki-client