Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MXxpdBxXSpWwVGpEh5CAgLur01o.roa
File: MXxpdBxXSpWwVGpEh5CAgLur01o.roa (raw, json)
Hash identifier: eDOGaNZbYfyt6xQVM1WSW/ZMNgzvQelKzCMsOxD1ktg=
Subject key identifier: 31:7C:69:74:1C:57:4A:95:B0:54:6A:44:87:90:80:80:BB:AB:D3:5A
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 0193847B40F64A395EEAD7F1E293FF71E1E8
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MXxpdBxXSpWwVGpEh5CAgLur01o.roa
Signing time: Sun 01 Dec 2024 23:08:10 +0000
ROA not before: Sun 01 Dec 2024 23:08:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 91.197.71.0/24 maxlen: 24
94.131.218.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:84:7b:40:f6:4a:39:5e:ea:d7:f1:e2:93:ff:71:e1:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Dec 1 23:08:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=317c69741c574a95b0546a4487908080bbabd35a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:20:b2:dc:52:67:fa:d0:95:a3:21:ee:39:4b:
19:c4:00:64:cb:39:76:6b:b3:bf:48:d3:dc:8d:67:
e5:90:e8:7f:e0:5c:b8:2d:3d:e6:e6:55:37:51:26:
21:c5:3e:62:e2:3c:2b:71:db:5a:80:36:b0:9e:ba:
66:b4:82:83:0e:d4:0f:ae:e8:29:f5:6e:2b:f8:c3:
fc:ed:a4:37:37:6a:8e:a9:6e:2c:bc:51:a5:e0:20:
a6:a1:7a:af:4a:fb:3c:63:52:4b:47:8b:f7:1b:3b:
50:8c:00:d5:1b:56:d0:47:e0:47:e7:c7:3f:cc:35:
97:63:7c:21:c4:32:04:df:30:f4:d3:77:97:ce:a5:
2c:bf:33:92:00:e5:80:56:21:41:e2:a4:68:ae:9b:
61:8e:f4:31:ef:51:61:b2:aa:ac:91:64:58:81:c7:
16:de:f7:ba:cd:9a:64:33:c3:4e:c6:a1:08:65:69:
a7:ac:34:3a:75:3d:56:88:2d:64:53:09:59:29:6f:
d5:b0:eb:f0:28:76:83:e3:df:a3:30:b1:31:a3:8e:
87:8f:19:38:0b:94:6d:4b:bc:cf:37:a2:b6:91:55:
25:58:86:ca:73:6c:aa:12:78:78:2f:3d:77:d5:ef:
14:53:db:fc:1e:73:25:b8:a4:c7:f9:bf:93:cc:af:
af:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:7C:69:74:1C:57:4A:95:B0:54:6A:44:87:90:80:80:BB:AB:D3:5A
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MXxpdBxXSpWwVGpEh5CAgLur01o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.71.0/24
94.131.218.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:83:53:b9:08:5f:ce:46:5c:c6:d5:33:f3:44:18:40:42:bc:
7c:51:c6:a8:1b:28:2f:52:70:30:e4:a0:ac:2b:3c:f4:a1:f9:
c7:e0:04:73:fd:e6:84:4c:92:77:cd:87:ec:02:2b:5a:d9:bb:
ce:06:4f:f2:a3:a4:da:fb:f6:44:47:ae:63:9a:49:b2:0e:a1:
53:6a:bf:79:12:17:e8:24:7f:60:01:0f:82:ca:1c:1a:c2:24:
c9:3c:7d:7f:84:cb:3d:04:cc:a8:c3:15:3f:06:ed:b0:bd:76:
9c:6e:fa:72:45:51:a1:5d:54:a2:f7:59:fb:33:84:47:a3:50:
ab:6c:71:10:68:2d:6f:de:8b:18:da:fb:ea:79:5f:58:f6:17:
65:b1:ad:e0:59:62:f1:c9:35:1f:af:81:02:3c:58:0a:60:49:
5b:18:98:df:50:e3:9a:80:f9:64:6f:84:54:a6:57:9b:7a:63:
0d:15:45:fd:65:05:06:e0:c5:0e:54:da:13:96:54:a3:19:66:
fe:ba:8c:9b:5a:50:bb:3f:70:c4:ff:bb:d6:a0:80:20:d0:42:
3c:4d:2c:f7:08:81:26:9f:f3:95:64:94:ba:ff:11:59:f3:e9:
bf:a2:45:f2:6b:cb:10:c1:f8:8d:dc:57:e3:5d:86:6f:6b:b6:
44:ba:d0:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOEe0D2Sjle6tfx4pP/ceHoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQxMjAxMjMwODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdjNjk3NDFjNTc0YTk1YjA1NDZhNDQ4NzkwODA4MGJiYWJkMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCCy3FJn+tCVoyHuOUsZxABkyzl2
a7O/SNPcjWflkOh/4Fy4LT3m5lU3USYhxT5i4jwrcdtagDawnrpmtIKDDtQPrugp
9W4r+MP87aQ3N2qOqW4svFGl4CCmoXqvSvs8Y1JLR4v3GztQjADVG1bQR+BH58c/
zDWXY3whxDIE3zD003eXzqUsvzOSAOWAViFB4qRorpthjvQx71FhsqqskWRYgccW
3ve6zZpkM8NOxqEIZWmnrDQ6dT1WiC1kUwlZKW/VsOvwKHaD49+jMLExo46Hjxk4
C5RtS7zPN6K2kVUlWIbKc2yqEnh4Lz131e8UU9v8HnMluKTH+b+TzK+vIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDF8aXQcV0qVsFRqRIeQgIC7q9NaMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvTVh4cGRCeFhTcFd3VkdwRWg1Q0FnTHVyMDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8VHAwQA
XoPaMA0GCSqGSIb3DQEBCwUAA4IBAQBLg1O5CF/ORlzG1TPzRBhAQrx8UcaoGygv
UnAw5KCsKzz0ofnH4ARz/eaETJJ3zYfsAita2bvOBk/yo6Ta+/ZER65jmkmyDqFT
ar95EhfoJH9gAQ+CyhwawiTJPH1/hMs9BMyowxU/Bu2wvXacbvpyRVGhXVSi91n7
M4RHo1CrbHEQaC1v3osY2vvqeV9Y9hdlsa3gWWLxyTUfr4ECPFgKYElbGJjfUOOa
gPlkb4RUplebemMNFUX9ZQUG4MUOVNoTllSjGWb+uoybWlC7P3DE/7vWoIAg0EI8
TSz3CIEmn/OVZJS6/xFZ8+m/okXya8sQwfiN3FfjXYZva7ZEutCd
-----END CERTIFICATE-----
Generated at Mon May 12 04:16:28 2025 by rpki-client