Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/uf4cvOMBVSoQguvnjqI2IrCiu5M.roa
File: uf4cvOMBVSoQguvnjqI2IrCiu5M.roa (raw, json)
Hash identifier: bj8POyXF34BwTh29UVP3wotKveFljeSa+PrHZINTMOE=
Subject key identifier: B9:FE:1C:BC:E3:01:55:2A:10:82:EB:E7:8E:A2:36:22:B0:A2:BB:93
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 01938913B3A000B685DAA4B96FFC446C892A
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/uf4cvOMBVSoQguvnjqI2IrCiu5M.roa
Signing time: Mon 02 Dec 2024 20:33:09 +0000
ROA not before: Mon 02 Dec 2024 20:33:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 194.242.26.0/24 maxlen: 24
194.242.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:89:13:b3:a0:00:b6:85:da:a4:b9:6f:fc:44:6c:89:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Dec 2 20:33:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b9fe1cbce301552a1082ebe78ea23622b0a2bb93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:77:91:f0:b3:9a:0e:16:33:77:7f:96:ab:9b:
ad:62:56:8a:e5:3e:9d:10:ff:01:3f:25:b0:9d:80:
6a:04:94:fc:83:80:e5:c1:86:54:96:9c:8b:d1:f3:
b6:3f:c6:69:b6:e4:df:b8:99:70:74:a9:c2:19:8b:
7c:da:fb:65:2c:4e:bc:72:a3:f9:61:78:39:93:aa:
77:0b:28:56:a9:2e:10:3f:c9:26:cc:26:bd:87:9c:
b0:3c:21:3d:a3:7b:05:16:e5:3f:12:7c:40:01:2c:
d3:99:48:77:54:85:fb:b6:20:c6:d7:ea:09:3c:4a:
94:65:0e:b0:8c:c1:dd:96:3b:b4:a2:9c:d1:7c:b2:
60:46:b8:c1:c5:cf:db:ae:83:39:2b:0f:05:65:3a:
80:af:99:75:ab:d0:bd:87:fb:73:9a:53:16:f0:d8:
be:b8:0a:5b:cb:c7:32:bf:52:71:3d:9b:a5:2f:be:
c1:91:de:6c:39:28:3a:47:ea:55:ca:aa:6e:9b:94:
d3:d9:e6:0a:77:5e:7b:8b:e6:fd:5c:9f:81:a4:86:
2d:dd:da:c9:48:24:0c:d9:f3:c2:d3:e4:d4:d3:b6:
2e:98:73:18:52:6c:0b:42:58:44:f0:7d:c9:12:4e:
d6:3d:13:c8:42:8f:43:84:8a:ab:71:33:d5:f9:7f:
b7:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:FE:1C:BC:E3:01:55:2A:10:82:EB:E7:8E:A2:36:22:B0:A2:BB:93
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/uf4cvOMBVSoQguvnjqI2IrCiu5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.242.26.0/23
Signature Algorithm: sha256WithRSAEncryption
1b:a6:fa:49:5e:98:ad:45:63:5a:b0:ab:4b:5c:57:8b:8f:89:
d3:1c:11:52:59:e1:9d:da:80:1b:47:4d:ff:7e:0e:46:f5:5a:
41:39:34:7b:62:6d:b7:64:88:c2:4e:db:41:9f:46:5e:7d:50:
35:61:62:c5:1e:c3:09:a2:ae:40:9c:64:0e:d1:2c:f7:f8:f2:
c4:53:33:08:3d:0e:1a:13:67:23:e2:9b:a5:5d:56:e6:f1:c9:
71:b9:af:74:42:a9:e1:99:54:58:8e:58:90:11:7e:d8:e5:d1:
7c:80:2d:ee:5c:ba:77:f2:69:bb:97:b4:d5:34:60:81:3c:c7:
fc:eb:98:21:73:f5:94:66:77:05:c7:90:7c:91:1e:cd:cb:91:
45:db:7b:8c:32:06:fb:9c:f1:ea:db:f3:40:ff:b0:f5:5a:d3:
cb:cc:50:79:4d:c9:11:c4:98:a0:df:6a:d1:56:10:2b:17:5a:
ea:a0:60:0a:6d:7f:8d:bd:97:03:24:d9:9c:52:17:45:59:ea:
48:90:7b:09:0f:d5:fe:a0:36:69:c5:b3:e3:ad:14:b1:76:7f:
94:d9:52:cf:dc:cb:a3:a0:27:37:d3:f9:1f:66:4a:d3:e2:fe:
ec:3a:a2:6e:9e:71:52:11:34:e0:f7:63:bf:c3:75:ac:5e:09:
16:70:25:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOJE7OgALaF2qS5b/xEbIkqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQxMjAyMjAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZlMWNiY2UzMDE1NTJhMTA4MmViZTc4ZWEyMzYyMmIwYTJiYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3eR8LOaDhYzd3+Wq5utYlaK5T6d
EP8BPyWwnYBqBJT8g4DlwYZUlpyL0fO2P8ZptuTfuJlwdKnCGYt82vtlLE68cqP5
YXg5k6p3CyhWqS4QP8kmzCa9h5ywPCE9o3sFFuU/EnxAASzTmUh3VIX7tiDG1+oJ
PEqUZQ6wjMHdlju0opzRfLJgRrjBxc/broM5Kw8FZTqAr5l1q9C9h/tzmlMW8Ni+
uApby8cyv1JxPZulL77Bkd5sOSg6R+pVyqpum5TT2eYKd157i+b9XJ+BpIYt3drJ
SCQM2fPC0+TU07YumHMYUmwLQlhE8H3JEk7WPRPIQo9DhIqrcTPV+X+3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn+HLzjAVUqEILr546iNiKworuTMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvdWY0Y3ZPTUJWU29RZ3V2bmpxSTJJckNpdTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIaMA0G
CSqGSIb3DQEBCwUAA4IBAQAbpvpJXpitRWNasKtLXFeLj4nTHBFSWeGd2oAbR03/
fg5G9VpBOTR7Ym23ZIjCTttBn0ZefVA1YWLFHsMJoq5AnGQO0Sz3+PLEUzMIPQ4a
E2cj4pulXVbm8clxua90QqnhmVRYjliQEX7Y5dF8gC3uXLp38mm7l7TVNGCBPMf8
65ghc/WUZncFx5B8kR7Ny5FF23uMMgb7nPHq2/NA/7D1WtPLzFB5TckRxJig32rR
VhArF1rqoGAKbX+NvZcDJNmcUhdFWepIkHsJD9X+oDZpxbPjrRSxdn+U2VLP3Muj
oCc30/kfZkrT4v7sOqJunnFSETTg92O/w3WsXgkWcCVL
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:21:37 2025 by rpki-client