Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/OsCf2D80egRs_OErwsh4_BH4Z_s.roa
File: OsCf2D80egRs_OErwsh4_BH4Z_s.roa (raw, json)
Hash identifier: wJXtaehPKoWLxm6VkCY9GS4S1QRTLXUt98HTd4dnlEM=
Subject key identifier: 3A:C0:9F:D8:3F:34:7A:04:6C:FC:E1:2B:C2:C8:78:FC:11:F8:67:FB
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 01949936B39EC2E7AF3232383C1ADFEC80CE
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/OsCf2D80egRs_OErwsh4_BH4Z_s.roa
Signing time: Fri 24 Jan 2025 16:48:06 +0000
ROA not before: Fri 24 Jan 2025 16:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215678
IP address blocks: 91.195.124.0/24 maxlen: 24
91.237.181.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:99:36:b3:9e:c2:e7:af:32:32:38:3c:1a:df:ec:80:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Jan 24 16:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ac09fd83f347a046cfce12bc2c878fc11f867fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:58:ef:5c:0c:c4:f6:03:cb:d3:69:66:0b:61:
22:ea:f6:b7:22:c5:a0:a1:92:b4:ba:34:91:fd:c1:
b2:19:ad:e8:be:02:b7:30:58:65:7f:4e:4e:e0:b1:
d4:48:a1:07:ae:1c:2a:6a:2e:36:5f:de:36:0c:b2:
0d:f0:b7:ef:ba:9b:ab:0e:b1:56:a2:31:45:7a:64:
73:a7:21:36:bd:63:5b:77:df:54:57:1b:41:e2:47:
a8:c2:84:b1:6e:83:38:bf:1c:9a:10:dd:f7:56:fd:
00:30:35:b5:29:e8:18:7a:81:7d:81:16:e4:98:8b:
f7:63:35:7f:da:11:d5:d8:aa:16:77:0c:09:cd:dd:
91:4f:cd:89:6a:fd:64:60:f3:d3:93:46:36:e7:1a:
95:08:2a:e4:40:47:18:20:64:0a:81:c0:26:38:40:
bf:ca:15:83:7f:20:3f:b0:f5:95:2c:81:2d:63:9b:
d5:5f:85:db:cd:0a:97:04:e2:1c:f0:b9:29:0a:e6:
ca:c9:33:b1:a6:1e:9f:95:f9:49:4f:ac:e3:50:9a:
8f:d2:b0:c9:18:ec:82:a2:d8:db:5e:0c:ef:9e:1c:
17:77:1c:af:ed:2f:0e:41:81:1f:9b:71:f3:62:a4:
d7:95:67:2e:52:f2:61:d2:2f:81:b8:17:7d:d7:a1:
1f:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:C0:9F:D8:3F:34:7A:04:6C:FC:E1:2B:C2:C8:78:FC:11:F8:67:FB
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/OsCf2D80egRs_OErwsh4_BH4Z_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.124.0/24
91.237.181.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:f3:da:11:d1:4f:4a:da:84:18:3a:ef:cc:a1:f3:d1:76:ef:
9a:22:80:48:96:8b:37:c5:68:d3:1a:56:c0:38:d7:8e:df:28:
3b:6b:bd:8b:96:eb:41:91:19:1e:02:0f:7e:0f:b0:b1:f0:0d:
4f:3b:00:69:8b:b2:4b:39:d9:0a:22:db:96:88:59:57:7c:1f:
60:86:17:ec:bd:56:f0:27:00:56:11:d5:98:66:fd:1a:98:2b:
c9:4e:c4:2b:62:e1:4d:fc:fa:c0:dd:13:f9:de:6f:b7:e9:a7:
b1:4b:2f:31:7e:c2:9f:34:68:73:29:bf:fc:80:63:ba:9c:76:
03:bc:bc:00:a7:99:7a:6e:a8:b7:9b:7a:19:11:d2:8d:ac:4a:
d1:bf:57:ba:87:07:52:24:46:45:88:df:d5:68:61:95:ba:32:
a8:ad:2a:dd:53:4d:6b:82:8e:4c:3c:91:7f:a2:3e:f6:0c:46:
3e:a0:13:5b:3c:00:ed:1a:8e:6d:07:62:53:eb:a0:f2:7b:c7:
bf:f2:f9:aa:86:5e:15:67:73:a7:a7:17:79:ad:55:d1:97:8f:
3f:f1:af:5a:0e:8e:c5:b2:76:28:d1:0a:f2:c3:c6:a2:fa:91:
fe:0e:86:84:12:c6:e8:a6:bc:e9:ae:a8:01:79:65:63:62:af:
b0:f6:8e:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSZNrOewuevMjI4PBrf7IDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTI0MTY0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWMwOWZkODNmMzQ3YTA0NmNmY2UxMmJjMmM4NzhmYzExZjg2N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVjvXAzE9gPL02lmC2Ei6va3IsWg
oZK0ujSR/cGyGa3ovgK3MFhlf05O4LHUSKEHrhwqai42X942DLIN8LfvupurDrFW
ojFFemRzpyE2vWNbd99UVxtB4keowoSxboM4vxyaEN33Vv0AMDW1KegYeoF9gRbk
mIv3YzV/2hHV2KoWdwwJzd2RT82Jav1kYPPTk0Y25xqVCCrkQEcYIGQKgcAmOEC/
yhWDfyA/sPWVLIEtY5vVX4XbzQqXBOIc8LkpCubKyTOxph6flflJT6zjUJqP0rDJ
GOyCotjbXgzvnhwXdxyv7S8OQYEfm3HzYqTXlWcuUvJh0i+BuBd916Ef+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDrAn9g/NHoEbPzhK8LIePwR+Gf7MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvT3NDZjJEODBlZ1JzX09FcndzaDRfQkg0Wl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8N8AwQA
W+21MA0GCSqGSIb3DQEBCwUAA4IBAQBO89oR0U9K2oQYOu/MofPRdu+aIoBIlos3
xWjTGlbAONeO3yg7a72LlutBkRkeAg9+D7Cx8A1POwBpi7JLOdkKItuWiFlXfB9g
hhfsvVbwJwBWEdWYZv0amCvJTsQrYuFN/PrA3RP53m+36aexSy8xfsKfNGhzKb/8
gGO6nHYDvLwAp5l6bqi3m3oZEdKNrErRv1e6hwdSJEZFiN/VaGGVujKorSrdU01r
go5MPJF/oj72DEY+oBNbPADtGo5tB2JT66Dye8e/8vmqhl4VZ3Onpxd5rVXRl48/
8a9aDo7FsnYo0Qryw8ai+pH+DoaEEsboprzprqgBeWVjYq+w9o56
-----END CERTIFICATE-----
Generated at Sat Apr 12 15:36:42 2025 by rpki-client