Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/fe3dbe-9708-4242-9277-96b50bcc7a08/1/UhUBNIQGp1hqnl-NqwrXL5wbpGI.roa
File: UhUBNIQGp1hqnl-NqwrXL5wbpGI.roa (raw, json)
Hash identifier: QlK6YK7nZ8I2ecDnX/0Lyy2s39Yyni1a14JUdou3BrY=
Subject key identifier: 52:15:01:34:84:06:A7:58:6A:9E:5F:8D:AB:0A:D7:2F:9C:1B:A4:62
Certificate issuer: /CN=d8eeb20a880cdb494e9e62d43b2ef28c90cb9eef
Certificate serial: 018F2DB70EB31EA9A849B231E8A3D33D3A6A
Authority key identifier: D8:EE:B2:0A:88:0C:DB:49:4E:9E:62:D4:3B:2E:F2:8C:90:CB:9E:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2O6yCogM20lOnmLUOy7yjJDLnu8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/fe3dbe-9708-4242-9277-96b50bcc7a08/1/UhUBNIQGp1hqnl-NqwrXL5wbpGI.roa
Signing time: Tue 30 Apr 2024 06:35:22 +0000
ROA not before: Tue 30 Apr 2024 06:35:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215137
IP address blocks: 91.217.219.0/24 maxlen: 24
2a12:62c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:2d:b7:0e:b3:1e:a9:a8:49:b2:31:e8:a3:d3:3d:3a:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8eeb20a880cdb494e9e62d43b2ef28c90cb9eef
Validity
Not Before: Apr 30 06:35:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=521501348406a7586a9e5f8dab0ad72f9c1ba462
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cc:63:56:29:08:79:cd:22:7e:9a:1e:d8:f8:
b1:fb:51:2a:fd:68:90:ef:7b:73:53:be:f0:dd:9c:
d8:8c:7d:d3:85:55:a9:ba:a2:8b:2e:fe:2a:d8:d4:
6e:12:e9:ce:4d:21:ff:61:80:92:71:2f:58:53:4b:
1d:d1:8d:8a:da:6d:22:23:80:db:f1:d5:79:bb:e2:
4b:63:cc:48:ec:d2:b9:47:b5:48:f5:38:4f:01:f7:
95:4d:a2:fe:9a:96:be:f7:e3:0f:20:d6:23:fd:5a:
9d:f7:38:80:f9:a1:8b:66:81:21:bb:12:33:4a:33:
b0:ec:ed:f3:bf:27:d8:0a:a9:2e:48:fc:37:70:20:
bd:0e:1e:60:a4:93:c6:5d:8a:7c:73:3c:fc:07:4a:
7d:28:22:b7:d8:8a:56:12:9f:da:ed:04:21:85:db:
ba:3c:7c:ff:3e:e0:8c:b4:80:f0:28:c4:47:30:b2:
c8:46:64:9d:af:19:55:2c:5f:b1:b7:46:e0:90:2d:
24:c0:cc:01:4e:99:33:a7:5c:8f:94:a7:f2:05:f9:
af:31:3f:6f:51:d5:f1:b2:2d:ae:19:3e:3d:ac:bc:
87:08:25:f1:ac:38:90:69:90:ae:39:01:d9:6e:5b:
1a:c2:ca:86:44:06:1a:71:fa:dc:b5:b1:93:83:e8:
ea:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:15:01:34:84:06:A7:58:6A:9E:5F:8D:AB:0A:D7:2F:9C:1B:A4:62
X509v3 Authority Key Identifier:
keyid:D8:EE:B2:0A:88:0C:DB:49:4E:9E:62:D4:3B:2E:F2:8C:90:CB:9E:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2O6yCogM20lOnmLUOy7yjJDLnu8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fe3dbe-9708-4242-9277-96b50bcc7a08/1/UhUBNIQGp1hqnl-NqwrXL5wbpGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fe3dbe-9708-4242-9277-96b50bcc7a08/1/2O6yCogM20lOnmLUOy7yjJDLnu8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.217.219.0/24
IPv6:
2a12:62c0::/29
Signature Algorithm: sha256WithRSAEncryption
7f:4d:44:fc:80:5d:c8:60:af:8d:ac:6c:59:74:f1:67:1c:dc:
03:c1:b0:fa:52:21:3f:b6:58:60:87:cb:6b:c2:58:84:75:aa:
70:a1:05:6a:5f:14:4e:56:b0:af:44:68:57:61:aa:78:1e:d9:
c4:8b:62:bc:c2:32:73:c7:f7:48:73:2a:4c:0a:f7:c0:2d:f9:
f0:cc:88:83:9c:46:82:ea:a8:cb:a9:8f:9a:bf:9a:b5:7b:49:
7b:ff:ea:1b:35:98:31:1e:6f:ad:b0:a4:68:3e:3f:99:a3:c7:
25:e2:16:f5:c0:c8:a6:76:d9:f4:06:b3:55:04:95:c6:d3:ed:
3b:a7:bc:9c:53:f0:b5:3c:32:25:b0:ef:37:19:72:cd:f6:ec:
64:60:e5:6b:5f:6a:55:d7:fd:d1:ed:b8:07:96:a7:a6:b5:60:
03:79:9c:e9:09:f1:71:4e:fc:43:c7:d9:64:3c:8b:05:31:45:
06:fc:55:d1:5a:99:81:3c:54:09:61:40:eb:53:dd:28:29:43:
01:56:57:1e:f8:bf:bd:b9:2d:2b:46:cd:a5:aa:d3:b0:d8:47:
e7:3f:e8:0f:b7:0b:53:50:dd:dc:1e:5c:b1:aa:f2:33:d1:00:
ec:b2:29:e7:ef:1b:b0:b7:da:40:ba:2b:6c:d8:3a:0a:2c:cd:
4e:5f:cd:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8ttw6zHqmoSbIx6KPTPTpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZWViMjBhODgwY2RiNDk0ZTllNjJkNDNiMmVmMjhjOTBj
YjllZWYwHhcNMjQwNDMwMDYzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjE1MDEzNDg0MDZhNzU4NmE5ZTVmOGRhYjBhZDcyZjljMWJhNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8xjVikIec0ifpoe2Pix+1Eq/WiQ
73tzU77w3ZzYjH3ThVWpuqKLLv4q2NRuEunOTSH/YYCScS9YU0sd0Y2K2m0iI4Db
8dV5u+JLY8xI7NK5R7VI9ThPAfeVTaL+mpa+9+MPINYj/Vqd9ziA+aGLZoEhuxIz
SjOw7O3zvyfYCqkuSPw3cCC9Dh5gpJPGXYp8czz8B0p9KCK32IpWEp/a7QQhhdu6
PHz/PuCMtIDwKMRHMLLIRmSdrxlVLF+xt0bgkC0kwMwBTpkzp1yPlKfyBfmvMT9v
UdXxsi2uGT49rLyHCCXxrDiQaZCuOQHZblsawsqGRAYacfrctbGTg+jqjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFIVATSEBqdYap5fjasK1y+cG6RiMB8GA1UdIwQY
MBaAFNjusgqIDNtJTp5i1Dsu8oyQy57vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk82eUNvZ00yMGxPbm1MVU95N3lqSkRMbnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mZTNkYmUtOTcwOC00MjQyLTkyNzct
OTZiNTBiY2M3YTA4LzEvVWhVQk5JUUdwMWhxbmwtTnF3clhMNXdicEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mZTNkYmUtOTcwOC00MjQyLTkyNzctOTZiNTBiY2M3YTA4
LzEvMk82eUNvZ00yMGxPbm1MVU95N3lqSkRMbnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9nbMA0E
AgACMAcDBQMqEmLAMA0GCSqGSIb3DQEBCwUAA4IBAQB/TUT8gF3IYK+NrGxZdPFn
HNwDwbD6UiE/tlhgh8trwliEdapwoQVqXxROVrCvRGhXYap4HtnEi2K8wjJzx/dI
cypMCvfALfnwzIiDnEaC6qjLqY+av5q1e0l7/+obNZgxHm+tsKRoPj+Zo8cl4hb1
wMimdtn0BrNVBJXG0+07p7ycU/C1PDIlsO83GXLN9uxkYOVrX2pV1/3R7bgHlqem
tWADeZzpCfFxTvxDx9lkPIsFMUUG/FXRWpmBPFQJYUDrU90oKUMBVlce+L+9uS0r
Rs2lqtOw2EfnP+gPtwtTUN3cHlyxqvIz0QDssinn7xuwt9pAuits2DoKLM1OX80v
-----END CERTIFICATE-----
Generated at Mon Apr 28 12:27:52 2025 by rpki-client