Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/IUpHs1VcQBWcy8Vq4V1wGXF3dhM.roa
File: IUpHs1VcQBWcy8Vq4V1wGXF3dhM.roa (raw, json)
Hash identifier: 6sws3Ksy749wNni6GT7D8SsRzmmusCfqyQ61TAhffW8=
Subject key identifier: 21:4A:47:B3:55:5C:40:15:9C:CB:C5:6A:E1:5D:70:19:71:77:76:13
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 01874BEE324D83EE9BFCE62BF1C7C3499A2D
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/IUpHs1VcQBWcy8Vq4V1wGXF3dhM.roa
Signing time: Tue 04 Apr 2023 11:01:54 +0000
ROA not before: Tue 04 Apr 2023 11:01:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.0.0/16 maxlen: 16
91.84.0.0/15 maxlen: 15
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4b:ee:32:4d:83:ee:9b:fc:e6:2b:f1:c7:c3:49:9a:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Apr 4 11:01:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=214a47b3555c40159ccbc56ae15d701971777613
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:da:82:49:4a:86:e8:4e:a3:0a:08:a4:9d:30:
74:33:3f:d7:22:67:1c:37:42:87:10:14:21:2b:86:
c5:6f:4c:13:d8:3b:81:aa:50:08:e0:0c:b0:2d:5b:
92:b3:43:6f:8e:3d:10:dd:f6:18:f4:76:e4:d7:8c:
83:93:fa:ad:13:20:0d:a2:b3:50:ad:81:0f:ef:b2:
81:9e:2d:25:6e:9a:e6:42:12:73:25:c3:40:7b:e0:
7c:7d:43:27:dd:02:bb:b0:6b:b2:33:9f:9b:d2:a9:
f6:86:34:b6:07:16:29:d3:9c:67:3e:08:94:06:be:
6e:fe:c2:86:74:37:dd:4f:d7:8d:47:b6:be:97:66:
5d:d2:29:bb:52:f5:c4:0f:67:14:5e:0f:2a:36:26:
9c:b1:13:a5:09:4c:c6:4c:ed:b4:66:0c:79:f8:56:
53:00:e3:04:38:69:d7:df:f9:fc:0a:41:d8:49:e7:
0c:91:7b:33:f9:ca:6f:63:66:c2:a9:c8:c3:9e:c8:
71:5b:88:44:6d:5f:7d:aa:4b:a9:5a:eb:48:50:15:
27:54:43:72:ec:b9:ed:8b:05:2f:46:f3:39:fd:ee:
7a:a7:94:31:25:d3:41:b8:11:05:04:4b:d9:01:ab:
b5:b0:d6:92:a6:82:95:ef:67:7f:c3:37:ec:7c:50:
89:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:4A:47:B3:55:5C:40:15:9C:CB:C5:6A:E1:5D:70:19:71:77:76:13
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/IUpHs1VcQBWcy8Vq4V1wGXF3dhM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/15
Signature Algorithm: sha256WithRSAEncryption
1d:a0:bc:6f:5d:db:4f:4e:9d:55:b5:57:14:4a:7a:1e:ea:15:
ba:ec:a8:2c:5d:1e:d6:0e:22:a5:bc:14:9a:83:1c:29:94:86:
f9:26:2b:22:8e:cb:6b:78:a7:74:f2:54:5c:23:3c:73:be:bb:
2e:36:b9:eb:4d:a5:e9:21:67:5b:de:6b:01:82:9a:e0:d6:5e:
4f:7b:08:ef:c3:35:76:36:c8:48:7e:fe:c0:9b:a9:e8:d1:2f:
e2:6d:a8:b5:65:5e:aa:f9:fe:54:ab:af:d7:11:b3:d0:c8:19:
22:4f:80:2d:2b:77:7d:62:99:eb:e8:49:a7:b1:88:cf:6f:64:
9a:33:67:56:dd:57:9d:9e:d6:44:d0:46:fe:b9:2f:c6:00:21:
34:f4:e7:29:b7:b0:18:50:cf:e1:00:6f:9a:6e:18:17:3d:ea:
bc:2c:23:a3:1b:89:76:75:40:4e:42:0c:75:ad:38:b2:ce:38:
e8:37:6c:89:50:fd:d6:cd:bf:4a:56:a2:56:b3:b6:fb:92:ee:
61:3a:e3:81:aa:9b:70:15:87:20:a2:a5:cf:d7:5a:70:9d:69:
d9:c3:f0:d4:73:11:95:cd:2c:7f:34:38:29:2d:c9:92:b9:ef:
10:1a:c8:b3:e0:b2:53:7e:60:43:9e:23:08:1d:bc:b0:ef:8b:
7a:fc:1e:25
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYdL7jJNg+6b/OYr8cfDSZotMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMwNDA0MTEwMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTRhNDdiMzU1NWM0MDE1OWNjYmM1NmFlMTVkNzAxOTcxNzc3NjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNqCSUqG6E6jCgiknTB0Mz/XImcc
N0KHEBQhK4bFb0wT2DuBqlAI4AywLVuSs0Nvjj0Q3fYY9Hbk14yDk/qtEyANorNQ
rYEP77KBni0lbprmQhJzJcNAe+B8fUMn3QK7sGuyM5+b0qn2hjS2BxYp05xnPgiU
Br5u/sKGdDfdT9eNR7a+l2Zd0im7UvXED2cUXg8qNiacsROlCUzGTO20Zgx5+FZT
AOMEOGnX3/n8CkHYSecMkXsz+cpvY2bCqcjDnshxW4hEbV99qkupWutIUBUnVENy
7LntiwUvRvM5/e56p5QxJdNBuBEFBEvZAau1sNaSpoKV72d/wzfsfFCJDwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCFKR7NVXEAVnMvFauFdcBlxd3YTMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvSVVwSHMxVmNRQldjeThWcTRWMXdHWEYzZGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBW1QwDQYJ
KoZIhvcNAQELBQADggEBAB2gvG9d209OnVW1VxRKeh7qFbrsqCxdHtYOIqW8FJqD
HCmUhvkmKyKOy2t4p3TyVFwjPHO+uy42uetNpekhZ1veawGCmuDWXk97CO/DNXY2
yEh+/sCbqejRL+JtqLVlXqr5/lSrr9cRs9DIGSJPgC0rd31imevoSaexiM9vZJoz
Z1bdV52e1kTQRv65L8YAITT05ym3sBhQz+EAb5puGBc96rwsI6MbiXZ1QE5CDHWt
OLLOOOg3bIlQ/dbNv0pWolaztvuS7mE644Gqm3AVhyCipc/XWnCdadnD8NRzEZXN
LH80OCktyZK57xAayLPgslN+YEOeIwgdvLDvi3r8HiU=
-----END CERTIFICATE-----
Generated at Tue Apr 29 05:52:09 2025 by rpki-client