Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uWpvUSDnryg_bjdQ0sahI5muKtM.roa
File: uWpvUSDnryg_bjdQ0sahI5muKtM.roa (raw, json)
Hash identifier: OWhPpL2m/a91ztB9dCqb0gM6gKgywK8Q2YBkvx36KRM=
Subject key identifier: B9:6A:6F:51:20:E7:AF:28:3F:6E:37:50:D2:C6:A1:23:99:AE:2A:D3
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 018A38BE71497DB28AA793EF9871ADEAD3FC
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uWpvUSDnryg_bjdQ0sahI5muKtM.roa
Signing time: Sun 27 Aug 2023 20:45:19 +0000
ROA not before: Sun 27 Aug 2023 20:45:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.186.196.0/22 maxlen: 24
91.186.216.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
178.253.22.0/23 maxlen: 24
83.147.244.0/22 maxlen: 24
83.147.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:38:be:71:49:7d:b2:8a:a7:93:ef:98:71:ad:ea:d3:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Aug 27 20:45:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b96a6f5120e7af283f6e3750d2c6a12399ae2ad3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:44:46:50:1e:cc:fb:c3:df:c5:c1:58:66:b2:
f7:75:7a:8c:7a:cb:2d:96:6a:63:f2:03:bd:aa:4e:
73:be:53:53:8a:2c:1a:24:4b:81:0c:da:bb:94:a0:
6b:9a:39:29:57:ca:80:66:a2:79:c7:76:da:70:59:
73:f2:d3:9f:b7:92:c8:5b:40:89:b3:89:ab:a8:3e:
d5:5f:2e:d7:5b:fc:26:4b:b8:d1:c4:af:94:0f:06:
7b:24:dc:b4:36:02:80:47:fa:f4:28:8e:9b:b6:b0:
60:6a:13:2f:47:d8:b7:36:12:e3:4e:68:e4:e7:c3:
aa:00:e7:5d:26:93:1a:38:7a:28:4d:04:11:aa:67:
89:37:e7:b5:68:1e:5c:19:7a:ae:3d:18:80:91:25:
73:80:ed:e9:ad:eb:0b:8d:d4:2a:d6:e0:85:1d:01:
ab:36:72:d4:54:f2:e7:b6:04:93:50:0c:80:42:34:
8c:cb:ec:ae:2f:f7:2e:9e:40:a0:35:07:bd:06:9a:
99:73:8e:ff:de:e3:bd:b7:3f:77:ed:34:0c:38:5f:
4e:42:7a:c6:fb:e5:ce:37:9e:5e:56:74:92:c5:b8:
7b:6b:55:47:c1:0d:ca:7c:70:98:d6:cc:be:79:12:
bb:e4:e2:11:36:c6:0e:b6:ba:bc:e7:42:74:f9:88:
11:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:6A:6F:51:20:E7:AF:28:3F:6E:37:50:D2:C6:A1:23:99:AE:2A:D3
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uWpvUSDnryg_bjdQ0sahI5muKtM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.244.0/22
83.147.252.0/22
91.186.196.0/22
91.186.216.0/22
94.241.168.0/21
178.253.22.0/23
Signature Algorithm: sha256WithRSAEncryption
00:7a:17:87:7a:a5:77:57:15:8c:35:fc:0c:5b:aa:ff:05:5c:
42:25:95:ca:47:4f:29:83:f8:a4:7f:34:fe:c5:69:c8:21:3d:
e8:b5:9a:e7:f4:3d:ea:2a:7f:ce:9a:be:32:74:e9:90:41:f6:
2f:49:2c:b9:84:0c:7d:d4:37:98:c1:1d:5a:28:d0:12:5d:63:
45:25:ff:10:4d:88:9b:ec:99:83:7b:24:2a:53:8a:40:71:e9:
be:ea:c9:aa:9c:21:6d:98:c6:0a:d8:30:d1:cb:8d:e6:b7:30:
23:a7:d8:ec:0c:11:5b:b1:fe:28:bf:1d:c8:0d:78:57:31:90:
31:cc:3f:a4:c4:bc:7b:49:b3:c3:26:1d:0b:fe:01:15:d4:2b:
f8:fe:9f:fb:3b:be:44:d1:6f:a2:eb:68:d8:16:71:a2:ae:04:
1c:ef:23:16:b3:40:9d:70:ef:78:56:9e:c2:13:68:ff:64:19:
a4:3e:c3:8b:7e:5a:f3:a6:b1:f9:52:8b:ee:10:1d:80:63:1c:
fa:5f:25:10:9c:13:b0:62:1e:09:e7:fe:44:ea:ee:12:1d:9a:
e3:5f:77:1a:51:b8:18:ed:1a:b7:42:6b:e1:7b:66:c0:af:d7:
70:5e:b4:05:6a:be:72:9d:fe:07:03:99:7e:65:9f:a2:43:b7:
21:47:93:f3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYo4vnFJfbKKp5PvmHGt6tP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMwODI3MjA0NTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZhNmY1MTIwZTdhZjI4M2Y2ZTM3NTBkMmM2YTEyMzk5YWUyYWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxURGUB7M+8PfxcFYZrL3dXqMesst
lmpj8gO9qk5zvlNTiiwaJEuBDNq7lKBrmjkpV8qAZqJ5x3bacFlz8tOft5LIW0CJ
s4mrqD7VXy7XW/wmS7jRxK+UDwZ7JNy0NgKAR/r0KI6btrBgahMvR9i3NhLjTmjk
58OqAOddJpMaOHooTQQRqmeJN+e1aB5cGXquPRiAkSVzgO3presLjdQq1uCFHQGr
NnLUVPLntgSTUAyAQjSMy+yuL/cunkCgNQe9BpqZc47/3uO9tz937TQMOF9OQnrG
++XON55eVnSSxbh7a1VHwQ3KfHCY1sy+eRK75OIRNsYOtrq850J0+YgR7wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLlqb1Eg568oP243UNLGoSOZrirTMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdVdwdlVTRG5yeWdfYmpkUTBzYWhJNW11S3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCU5P0AwQC
U5P8AwQCW7rEAwQCW7rYAwQDXvGoAwQBsv0WMA0GCSqGSIb3DQEBCwUAA4IBAQAA
eheHeqV3VxWMNfwMW6r/BVxCJZXKR08pg/ikfzT+xWnIIT3otZrn9D3qKn/Omr4y
dOmQQfYvSSy5hAx91DeYwR1aKNASXWNFJf8QTYib7JmDeyQqU4pAcem+6smqnCFt
mMYK2DDRy43mtzAjp9jsDBFbsf4ovx3IDXhXMZAxzD+kxLx7SbPDJh0L/gEV1Cv4
/p/7O75E0W+i62jYFnGirgQc7yMWs0CdcO94Vp7CE2j/ZBmkPsOLflrzprH5Uovu
EB2AYxz6XyUQnBOwYh4J5/5E6u4SHZrjX3caUbgY7Rq3Qmvhe2bAr9dwXrQFar5y
nf4HA5l+ZZ+iQ7chR5Pz
-----END CERTIFICATE-----
Generated at Mon May 12 19:20:52 2025 by rpki-client