Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/azYa97dPxPCS1Sm2mDQutffWpX4.roa
File: azYa97dPxPCS1Sm2mDQutffWpX4.roa (raw, json)
Hash identifier: EpIHICjfi/1LFBnSuPoST2l64nHRRUeVf5i0i4kOdQs=
Subject key identifier: 6B:36:1A:F7:B7:4F:C4:F0:92:D5:29:B6:98:34:2E:B5:F7:D6:A5:7E
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 0194221FCC910ACC5E26E9621D2E99E6ACD4
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/azYa97dPxPCS1Sm2mDQutffWpX4.roa
Signing time: Wed 01 Jan 2025 13:48:16 +0000
ROA not before: Wed 01 Jan 2025 13:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48108
IP address blocks: 91.203.235.0/24 maxlen: 24
91.241.47.0/24 maxlen: 24
193.19.110.0/24 maxlen: 24
193.43.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:cc:91:0a:cc:5e:26:e9:62:1d:2e:99:e6:ac:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Jan 1 13:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6b361af7b74fc4f092d529b698342eb5f7d6a57e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:96:4c:24:35:19:0f:73:f4:b1:ea:d3:54:4a:
62:c2:5d:fe:14:20:42:de:4b:29:3c:05:0d:3f:89:
76:d7:7a:86:dc:6c:59:80:3c:b5:b3:3b:ec:34:b3:
bd:cd:23:86:9c:10:e1:03:21:c1:d5:69:9f:4a:c1:
af:60:14:98:24:4f:f0:d0:b3:af:d5:5e:e6:93:85:
48:4f:b9:a1:93:82:66:b8:b0:b1:22:36:49:25:63:
9a:53:0e:b4:0a:33:e4:64:e1:10:09:e0:6d:fd:1b:
5a:3c:fd:7c:33:9b:db:67:bd:09:f9:38:75:7b:ed:
cb:4a:b1:da:4c:75:e9:3f:97:af:37:3c:d0:42:60:
c6:74:c2:3a:40:40:33:15:97:ff:63:e4:d4:93:d6:
37:65:2f:e9:30:b3:84:c6:16:69:2c:bf:8d:f2:66:
a9:66:bd:06:41:bd:db:65:16:e9:22:ab:ff:87:c4:
33:b3:7e:8b:87:9d:ac:25:01:a3:e1:47:2d:34:39:
11:22:fb:7c:2d:ef:48:f3:16:73:4b:0b:84:51:a6:
6c:48:c2:c1:ac:26:ac:a9:6e:92:12:49:35:95:3f:
2b:85:72:9f:21:f7:fe:9a:20:c5:75:ca:06:03:57:
0c:ff:f0:da:5f:36:fe:58:54:f6:e5:ab:e9:cb:8e:
de:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:36:1A:F7:B7:4F:C4:F0:92:D5:29:B6:98:34:2E:B5:F7:D6:A5:7E
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/azYa97dPxPCS1Sm2mDQutffWpX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.203.235.0/24
91.241.47.0/24
193.19.110.0/24
193.43.248.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:f6:2e:39:ce:b5:00:79:bf:e9:57:c9:36:c0:b5:6f:48:b1:
e7:d0:29:94:cf:5e:30:1f:3f:95:09:76:8b:d1:31:37:f3:3b:
52:0a:de:68:4f:2f:3d:ce:9e:66:17:e8:d0:5c:d7:d9:ae:95:
e2:0b:d2:19:01:b0:c2:7e:5e:2d:a4:6f:ff:fd:66:ea:d8:a7:
50:98:91:49:e5:7d:8f:99:09:1e:79:87:df:0d:eb:d4:75:c9:
56:04:7d:ec:49:fc:83:0a:b7:a1:18:f9:4a:0f:80:00:24:fe:
1a:72:ba:0d:87:e9:73:d7:74:9a:b4:82:ee:72:d8:ae:c7:96:
3d:61:29:39:07:b4:82:15:87:e4:e3:72:bd:e1:09:97:bf:c1:
f0:ca:32:de:bb:56:54:20:78:9a:ba:23:f5:61:47:9c:17:85:
91:e5:94:bb:ab:ca:8c:e5:4d:21:b8:2d:fa:dc:3a:34:60:2f:
95:58:59:97:38:5b:54:50:87:8b:d2:ee:40:a8:34:9a:87:19:
ec:c2:c5:cc:15:c1:8b:47:0f:3a:e3:3a:d9:17:3b:a2:77:2b:
07:b4:4b:14:28:2d:99:4f:ef:d5:5f:c3:c1:ed:fa:eb:18:5a:
3a:98:03:de:5c:b3:fa:25:e5:4c:04:23:db:30:be:32:14:1c:
ec:18:72:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiH8yRCsxeJuliHS6Z5qzUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM2MWFmN2I3NGZjNGYwOTJkNTI5YjY5ODM0MmViNWY3ZDZhNTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35ZMJDUZD3P0serTVEpiwl3+FCBC
3kspPAUNP4l213qG3GxZgDy1szvsNLO9zSOGnBDhAyHB1WmfSsGvYBSYJE/w0LOv
1V7mk4VIT7mhk4JmuLCxIjZJJWOaUw60CjPkZOEQCeBt/RtaPP18M5vbZ70J+Th1
e+3LSrHaTHXpP5evNzzQQmDGdMI6QEAzFZf/Y+TUk9Y3ZS/pMLOExhZpLL+N8map
Zr0GQb3bZRbpIqv/h8Qzs36Lh52sJQGj4UctNDkRIvt8Le9I8xZzSwuEUaZsSMLB
rCasqW6SEkk1lT8rhXKfIff+miDFdcoGA1cM//DaXzb+WFT25avpy47edwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGs2Gve3T8TwktUptpg0LrX31qV+MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvYXpZYTk3ZFB4UENTMVNtMm1EUXV0ZmZXcFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW8vrAwQA
W/EvAwQAwRNuAwQAwSv4MA0GCSqGSIb3DQEBCwUAA4IBAQAt9i45zrUAeb/pV8k2
wLVvSLHn0CmUz14wHz+VCXaL0TE38ztSCt5oTy89zp5mF+jQXNfZrpXiC9IZAbDC
fl4tpG///Wbq2KdQmJFJ5X2PmQkeeYffDevUdclWBH3sSfyDCrehGPlKD4AAJP4a
croNh+lz13SatILuctiux5Y9YSk5B7SCFYfk43K94QmXv8HwyjLeu1ZUIHiauiP1
YUecF4WR5ZS7q8qM5U0huC363Do0YC+VWFmXOFtUUIeL0u5AqDSahxnswsXMFcGL
Rw864zrZFzuidysHtEsUKC2ZT+/VX8PB7frrGFo6mAPeXLP6JeVMBCPbML4yFBzs
GHK0
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:53:54 2025 by rpki-client