Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/57fb14-d705-4055-8045-bca234829f48/1/OvUmAHoQVhbQpkYK5g4NSRuUT5Q.roa
File: OvUmAHoQVhbQpkYK5g4NSRuUT5Q.roa (raw, json)
Hash identifier: MuObP+4vY52titIiT6UO/P/pwOVMN6v6Io8eH1Ixf7w=
Subject key identifier: 3A:F5:26:00:7A:10:56:16:D0:A6:46:0A:E6:0E:0D:49:1B:94:4F:94
Certificate issuer: /CN=85916be7e63cfd8c8b77c0588d12694f16b14cda
Certificate serial: 0195A3BDF3E3EE706FC8F1FE0828FDC2E62D
Authority key identifier: 85:91:6B:E7:E6:3C:FD:8C:8B:77:C0:58:8D:12:69:4F:16:B1:4C:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hZFr5-Y8_YyLd8BYjRJpTxaxTNo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/57fb14-d705-4055-8045-bca234829f48/1/OvUmAHoQVhbQpkYK5g4NSRuUT5Q.roa
Signing time: Mon 17 Mar 2025 10:54:49 +0000
ROA not before: Mon 17 Mar 2025 10:54:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208981
IP address blocks: 91.213.144.0/24 maxlen: 24
91.232.93.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a3:bd:f3:e3:ee:70:6f:c8:f1:fe:08:28:fd:c2:e6:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85916be7e63cfd8c8b77c0588d12694f16b14cda
Validity
Not Before: Mar 17 10:54:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3af526007a105616d0a6460ae60e0d491b944f94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:6a:11:93:fa:e6:f5:7f:83:ff:7c:13:56:d3:
28:fa:60:6a:33:5e:75:1b:c2:d7:e4:de:ad:69:57:
6d:b6:4c:fe:5d:7d:f6:bf:57:11:d6:f0:3f:9d:21:
bb:60:be:b8:3e:f7:00:dd:16:f3:e3:37:2f:56:6d:
17:81:9b:c7:59:86:45:8f:97:e0:c6:4b:96:30:04:
ba:85:d5:17:70:3c:f4:c1:4d:19:7b:f4:b5:bd:f9:
52:ae:81:8b:9e:a9:f8:b5:c5:cf:ea:ee:e2:29:cc:
bd:37:53:c4:4e:eb:b8:67:d7:2a:46:50:87:14:e0:
69:ab:a6:47:66:42:1f:b9:2a:5e:7e:04:99:da:f7:
78:b4:aa:e9:5c:54:19:31:29:e8:c9:56:53:7a:00:
61:e3:67:4b:04:22:f0:33:5a:96:3f:68:80:fe:ac:
23:21:d6:bf:05:38:ef:c7:62:95:8e:3e:9a:bd:cd:
f3:f8:59:6e:55:08:5f:03:f3:57:1f:c2:9b:69:72:
69:9f:fc:09:46:46:17:d4:6b:b9:98:3c:5c:fc:ab:
64:06:8e:54:38:68:b7:c4:19:a3:cd:83:c9:0d:29:
1a:1e:dd:39:4d:00:54:98:95:ef:20:cc:f6:5c:24:
74:de:87:de:32:e2:a1:a4:af:39:ec:77:1a:ad:c2:
45:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:F5:26:00:7A:10:56:16:D0:A6:46:0A:E6:0E:0D:49:1B:94:4F:94
X509v3 Authority Key Identifier:
keyid:85:91:6B:E7:E6:3C:FD:8C:8B:77:C0:58:8D:12:69:4F:16:B1:4C:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hZFr5-Y8_YyLd8BYjRJpTxaxTNo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/57fb14-d705-4055-8045-bca234829f48/1/OvUmAHoQVhbQpkYK5g4NSRuUT5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/57fb14-d705-4055-8045-bca234829f48/1/hZFr5-Y8_YyLd8BYjRJpTxaxTNo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.213.144.0/24
91.232.93.0/24
Signature Algorithm: sha256WithRSAEncryption
25:78:a5:97:dc:11:ed:39:20:f6:62:3c:4d:56:a2:02:c7:01:
83:5b:53:0a:4d:1c:25:b4:02:d8:58:32:f3:0d:f8:2f:94:0c:
e6:ec:53:41:6f:7d:db:d0:3f:eb:3d:ef:c7:60:26:cf:24:e5:
ec:f2:60:2c:a0:9c:e7:3f:4a:d8:06:33:e2:0b:23:65:28:18:
43:a5:16:a6:88:52:ba:2f:62:81:52:a0:1c:89:ee:d5:01:b5:
1b:76:c3:0e:33:9f:73:22:fc:a8:21:b9:4e:26:87:6c:4f:7c:
cb:d6:7d:a7:9a:07:bf:fb:07:bb:ee:38:8a:1e:22:50:2e:c5:
a4:91:20:bd:ab:7b:48:db:23:77:dc:50:6f:72:b7:dc:e9:fb:
97:be:cb:e3:d1:d1:5a:e3:b6:87:2a:23:6c:51:b9:5f:95:ed:
f5:2f:83:5d:08:f3:bf:1c:85:2d:55:92:9c:71:3f:55:35:7c:
83:3c:f3:59:2b:34:0e:30:43:01:fa:b7:54:75:15:c9:ff:61:
8b:d0:96:26:20:90:16:62:7d:9e:cd:fc:bc:46:78:a9:65:23:
87:e5:16:ab:5d:50:70:cb:d8:a5:fd:ff:8d:4d:3f:42:36:c8:
f9:51:ce:b6:7f:78:af:0d:5b:e3:53:56:0b:5e:4d:88:8f:41:
a8:ca:79:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWjvfPj7nBvyPH+CCj9wuYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1OTE2YmU3ZTYzY2ZkOGM4Yjc3YzA1ODhkMTI2OTRmMTZi
MTRjZGEwHhcNMjUwMzE3MTA1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWY1MjYwMDdhMTA1NjE2ZDBhNjQ2MGFlNjBlMGQ0OTFiOTQ0Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmoRk/rm9X+D/3wTVtMo+mBqM151
G8LX5N6taVdttkz+XX32v1cR1vA/nSG7YL64PvcA3Rbz4zcvVm0XgZvHWYZFj5fg
xkuWMAS6hdUXcDz0wU0Ze/S1vflSroGLnqn4tcXP6u7iKcy9N1PETuu4Z9cqRlCH
FOBpq6ZHZkIfuSpefgSZ2vd4tKrpXFQZMSnoyVZTegBh42dLBCLwM1qWP2iA/qwj
Ida/BTjvx2KVjj6avc3z+FluVQhfA/NXH8KbaXJpn/wJRkYX1Gu5mDxc/KtkBo5U
OGi3xBmjzYPJDSkaHt05TQBUmJXvIMz2XCR03ofeMuKhpK857HcarcJFTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDr1JgB6EFYW0KZGCuYODUkblE+UMB8GA1UdIwQY
MBaAFIWRa+fmPP2Mi3fAWI0SaU8WsUzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFpGcjUtWThfWXlMZDhCWWpSSnBUeGF4VE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS81N2ZiMTQtZDcwNS00MDU1LTgwNDUt
YmNhMjM0ODI5ZjQ4LzEvT3ZVbUFIb1FWaGJRcGtZSzVnNE5TUnVVVDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS81N2ZiMTQtZDcwNS00MDU1LTgwNDUtYmNhMjM0ODI5ZjQ4
LzEvaFpGcjUtWThfWXlMZDhCWWpSSnBUeGF4VE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9WQAwQA
W+hdMA0GCSqGSIb3DQEBCwUAA4IBAQAleKWX3BHtOSD2YjxNVqICxwGDW1MKTRwl
tALYWDLzDfgvlAzm7FNBb33b0D/rPe/HYCbPJOXs8mAsoJznP0rYBjPiCyNlKBhD
pRamiFK6L2KBUqAcie7VAbUbdsMOM59zIvyoIblOJodsT3zL1n2nmge/+we77jiK
HiJQLsWkkSC9q3tI2yN33FBvcrfc6fuXvsvj0dFa47aHKiNsUblfle31L4NdCPO/
HIUtVZKccT9VNXyDPPNZKzQOMEMB+rdUdRXJ/2GL0JYmIJAWYn2ezfy8RnipZSOH
5RarXVBwy9il/f+NTT9CNsj5Uc62f3ivDVvjU1YLXk2Ij0GoynlR
-----END CERTIFICATE-----
Generated at Sun Apr 27 16:33:15 2025 by rpki-client