Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/9FyXtfc2c-AvnWT_nFl3VERYDF8.roa
File: 9FyXtfc2c-AvnWT_nFl3VERYDF8.roa (raw, json)
Hash identifier: KPO9IAvtK1GYK0wJNzTyWq1gDxljJ7sMWYGdNzTpi3E=
Subject key identifier: F4:5C:97:B5:F7:36:73:E0:2F:9D:64:FF:9C:59:77:54:44:58:0C:5F
Certificate issuer: /CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
Certificate serial: 0189D440E7E107FFF8E09ADCAFF3A17678B7
Authority key identifier: 83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/9FyXtfc2c-AvnWT_nFl3VERYDF8.roa
Signing time: Tue 08 Aug 2023 08:26:10 +0000
ROA not before: Tue 08 Aug 2023 08:26:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203061
IP address blocks: 195.225.81.0/24 maxlen: 32
31.223.187.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d4:40:e7:e1:07:ff:f8:e0:9a:dc:af:f3:a1:76:78:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
Validity
Not Before: Aug 8 08:26:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f45c97b5f73673e02f9d64ff9c59775444580c5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:54:b4:10:ab:8d:16:e0:65:ed:9b:2f:6c:29:
bd:e9:e4:81:f6:65:c7:ab:5e:dc:f0:a7:33:63:da:
fd:13:c9:7a:59:18:27:38:1b:0f:05:9f:9c:e1:6c:
8e:9d:df:1d:19:e3:88:36:a2:4c:62:bc:30:35:f6:
07:3b:4d:67:92:48:e0:e1:84:8e:58:59:54:f0:9a:
09:36:8d:66:92:12:ad:ae:7d:7a:d2:52:bb:91:ce:
dd:95:98:36:c6:db:0e:ed:2e:58:83:0a:65:50:98:
6f:b1:8d:0a:ca:bf:f1:a7:b9:64:80:40:5d:8c:98:
e0:55:64:16:1d:d4:fd:26:8b:ab:b0:30:4a:3d:5c:
fe:e0:08:c0:78:de:88:24:b4:06:19:0f:5e:32:09:
25:80:24:75:85:6e:20:5f:3d:fa:04:31:da:cb:5c:
be:76:8c:8e:ea:b4:a4:65:9b:55:40:31:58:81:20:
d9:7f:39:a1:17:e3:c0:ff:cb:eb:fb:36:9f:30:89:
be:7d:f8:a5:de:a1:e9:26:53:e9:ef:85:9b:dc:1d:
ea:db:5b:5d:2f:1b:61:1d:38:d7:2c:ad:31:36:8c:
a6:59:20:bf:3c:ad:2c:93:ab:6c:46:c2:b6:57:6b:
36:92:0b:2e:f3:57:75:04:34:ea:6d:bf:b7:e7:ca:
32:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:5C:97:B5:F7:36:73:E0:2F:9D:64:FF:9C:59:77:54:44:58:0C:5F
X509v3 Authority Key Identifier:
keyid:83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/9FyXtfc2c-AvnWT_nFl3VERYDF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/g5ka_NRV6xsXT8-J-OEOr39ws1U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.223.187.0/24
195.225.81.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:c0:3b:bc:96:81:d7:eb:5b:48:28:2b:ab:97:be:43:70:92:
1f:33:c5:a8:ea:f5:04:c8:71:69:b9:09:da:2e:bd:09:29:b7:
b0:7a:ba:2c:8f:0c:d8:12:19:38:08:9d:70:54:0e:05:bc:07:
b7:3f:1a:c1:da:c6:ba:db:d4:72:d2:aa:83:f6:91:f6:5c:98:
de:63:ff:2a:0b:fb:28:92:a0:0d:2c:eb:95:14:24:3d:d5:ca:
8d:1f:bd:b8:d0:e1:f5:22:bf:94:ce:52:0d:25:1f:40:19:fc:
dd:f4:b3:6a:c8:90:7c:bb:e7:b7:a5:1f:ce:d9:48:8f:55:f8:
9b:f7:61:cf:b0:46:3b:7c:22:e6:07:a4:4d:42:f0:20:06:e9:
be:bb:c2:f6:ca:d8:17:80:69:95:4e:30:38:8e:6d:ba:5d:b6:
6d:35:77:30:fc:54:59:8d:5f:30:9e:d0:df:b4:8e:9f:b1:40:
14:f7:ab:26:1e:f7:d3:19:0d:b1:1e:b4:27:b7:e9:cc:9e:95:
86:8f:66:18:eb:0c:62:b9:ce:18:8f:86:9b:20:5f:55:96:68:
56:99:0b:6f:00:ab:81:70:13:ab:3b:10:0d:68:39:2c:6b:b7:
ce:40:c5:71:98:7e:a9:80:6e:80:f0:68:4b:77:25:91:12:fa:
43:b7:b3:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYnUQOfhB//44Jrcr/Ohdni3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOTkxYWZjZDQ1NWViMWIxNzRmY2Y4OWY4ZTEwZWFmN2Y3
MGIzNTUwHhcNMjMwODA4MDgyNjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDVjOTdiNWY3MzY3M2UwMmY5ZDY0ZmY5YzU5Nzc1NDQ0NTgwYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFS0EKuNFuBl7ZsvbCm96eSB9mXH
q17c8KczY9r9E8l6WRgnOBsPBZ+c4WyOnd8dGeOINqJMYrwwNfYHO01nkkjg4YSO
WFlU8JoJNo1mkhKtrn160lK7kc7dlZg2xtsO7S5YgwplUJhvsY0Kyr/xp7lkgEBd
jJjgVWQWHdT9JoursDBKPVz+4AjAeN6IJLQGGQ9eMgklgCR1hW4gXz36BDHay1y+
doyO6rSkZZtVQDFYgSDZfzmhF+PA/8vr+zafMIm+ffil3qHpJlPp74Wb3B3q21td
LxthHTjXLK0xNoymWSC/PK0sk6tsRsK2V2s2kgsu81d1BDTqbb+358oyzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPRcl7X3NnPgL51k/5xZd1REWAxfMB8GA1UdIwQY
MBaAFIOZGvzUVesbF0/PifjhDq9/cLNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmIt
ZTE1NDM3MzgwMDk5LzEvOUZ5WHRmYzJjLUF2bldUX25GbDNWRVJZREY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmItZTE1NDM3MzgwMDk5
LzEvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9+7AwQA
w+FRMA0GCSqGSIb3DQEBCwUAA4IBAQAKwDu8loHX61tIKCurl75DcJIfM8Wo6vUE
yHFpuQnaLr0JKbewerosjwzYEhk4CJ1wVA4FvAe3PxrB2sa629Ry0qqD9pH2XJje
Y/8qC/sokqANLOuVFCQ91cqNH7240OH1Ir+UzlINJR9AGfzd9LNqyJB8u+e3pR/O
2UiPVfib92HPsEY7fCLmB6RNQvAgBum+u8L2ytgXgGmVTjA4jm26XbZtNXcw/FRZ
jV8wntDftI6fsUAU96smHvfTGQ2xHrQnt+nMnpWGj2YY6wxiuc4Yj4abIF9VlmhW
mQtvAKuBcBOrOxANaDksa7fOQMVxmH6pgG6A8GhLdyWREvpDt7M4
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:53 2024 by rpki-client on console-ams.rpki-client.org