Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/BQ07DxIeO1knKW2AlGODhQBmrIo.roa
File: BQ07DxIeO1knKW2AlGODhQBmrIo.roa (raw, json)
Hash identifier: MYxY0aLpNNz/NY3L00IemebOtRJlr8WQZukXrBGdzmE=
Subject key identifier: 05:0D:3B:0F:12:1E:3B:59:27:29:6D:80:94:63:83:85:00:66:AC:8A
Certificate issuer: /CN=6137b5dbaaba28ae28c8e9a9780fb70c24fc9190
Certificate serial: 0138A4
Authority key identifier: 61:37:B5:DB:AA:BA:28:AE:28:C8:E9:A9:78:0F:B7:0C:24:FC:91:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YTe126q6KK4oyOmpeA-3DCT8kZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/BQ07DxIeO1knKW2AlGODhQBmrIo.roa
Signing time: Tue 28 Jun 2022 11:27:04 +0000
ROA not before: Tue 28 Jun 2022 11:27:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41161
IP address blocks: 95.215.112.0/21 maxlen: 21
195.114.6.0/23 maxlen: 23
91.219.232.0/22 maxlen: 22
91.221.52.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 80036 (0x138a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6137b5dbaaba28ae28c8e9a9780fb70c24fc9190
Validity
Not Before: Jun 28 11:27:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=050d3b0f121e3b5927296d80946383850066ac8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:42:d8:5c:be:1f:61:a7:da:26:9e:42:2d:ca:
99:e7:1b:6c:e6:a5:aa:48:cc:2b:48:ef:65:75:a7:
76:33:f5:e0:e3:ae:3c:68:41:f7:c8:81:90:06:c6:
16:b6:ed:54:86:a3:a0:97:77:a0:c5:09:dc:04:ba:
1e:39:b7:b6:2f:1c:dd:d6:a3:c4:f1:10:3e:64:24:
8e:ab:e1:40:cc:55:f0:4a:75:1b:95:da:26:5d:df:
7b:e6:05:ca:65:b6:e2:ce:46:8d:26:ef:64:c3:c1:
81:20:0f:f6:7c:af:4f:c5:42:62:13:d9:70:63:20:
c2:1b:bf:e0:4c:88:8d:23:62:20:96:0f:42:73:05:
69:8d:1b:e1:4a:4f:0c:67:9d:8c:a2:fc:43:87:3d:
87:d4:1d:02:3b:21:11:8c:7c:3b:4a:e2:96:fb:2e:
16:c0:6f:4b:f2:71:da:c9:ce:af:25:c3:de:6f:e7:
23:a6:c9:a0:03:44:e0:94:16:ff:96:ca:04:68:21:
93:da:d1:39:9a:39:5a:6c:19:89:06:9e:9a:b9:d2:
63:af:ea:cf:a8:72:63:7f:4a:42:15:5e:26:a9:e8:
8b:74:1c:4e:46:0f:08:47:01:e6:94:41:e8:61:fd:
07:84:71:c3:75:cd:54:d5:8c:a8:39:d9:e3:30:66:
41:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:0D:3B:0F:12:1E:3B:59:27:29:6D:80:94:63:83:85:00:66:AC:8A
X509v3 Authority Key Identifier:
keyid:61:37:B5:DB:AA:BA:28:AE:28:C8:E9:A9:78:0F:B7:0C:24:FC:91:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTe126q6KK4oyOmpeA-3DCT8kZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/BQ07DxIeO1knKW2AlGODhQBmrIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b0675b-e3bc-4dfc-bcca-23cd347d9719/1/YTe126q6KK4oyOmpeA-3DCT8kZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.219.232.0/22
91.221.52.0/23
95.215.112.0/21
195.114.6.0/23
Signature Algorithm: sha256WithRSAEncryption
98:a5:74:f6:b1:c4:a8:e6:99:e0:07:8c:e1:36:0f:50:d5:f2:
c0:18:ea:07:58:3e:6b:0f:f1:c8:0b:07:df:fb:14:ae:d6:13:
40:ab:01:94:b3:cd:9e:81:8d:74:73:1b:0e:ed:5f:57:4d:ac:
7d:e5:27:91:cb:3f:93:31:cb:42:f1:f3:88:aa:fd:54:68:a4:
4c:eb:91:ff:3c:46:fd:d0:d9:61:87:f2:ca:c0:64:69:5b:25:
5d:3b:87:a1:cd:e9:22:63:14:37:56:5e:7c:bc:44:9b:9a:c1:
be:b8:7a:ef:66:60:21:5c:b5:15:50:e4:5d:9b:85:d5:ea:b9:
ed:c1:be:b1:c6:c2:fc:42:3d:03:6c:d0:29:d8:e0:64:72:d2:
cb:77:e8:54:90:2f:97:9f:94:0f:37:1c:de:d2:1c:07:94:15:
62:5a:f0:7a:3b:02:0c:5d:b1:f0:a9:28:b7:b6:17:0e:44:5c:
ce:d2:c1:d7:1f:29:9c:f3:75:ce:f4:50:85:b2:f1:7b:f3:e2:
3b:b4:17:e2:a3:26:c2:f6:fd:2b:14:15:58:31:1e:fe:ff:92:
43:28:8b:6b:c5:10:58:ee:0b:8d:5a:a4:5a:0b:90:fd:dd:fa:
38:a5:b4:e4:4b:5f:ae:9b:bc:29:39:96:e5:63:7c:09:53:44:
43:f3:21:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDATikMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDYx
MzdiNWRiYWFiYTI4YWUyOGM4ZTlhOTc4MGZiNzBjMjRmYzkxOTAwHhcNMjIwNjI4
MTEyNzA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwNTBkM2IwZjEyMWUz
YjU5MjcyOTZkODA5NDYzODM4NTAwNjZhYzhhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAl0LYXL4fYafaJp5CLcqZ5xts5qWqSMwrSO9ldad2M/Xg4648
aEH3yIGQBsYWtu1UhqOgl3egxQncBLoeObe2Lxzd1qPE8RA+ZCSOq+FAzFXwSnUb
ldomXd975gXKZbbizkaNJu9kw8GBIA/2fK9PxUJiE9lwYyDCG7/gTIiNI2Iglg9C
cwVpjRvhSk8MZ52MovxDhz2H1B0COyERjHw7SuKW+y4WwG9L8nHayc6vJcPeb+cj
psmgA0TglBb/lsoEaCGT2tE5mjlabBmJBp6audJjr+rPqHJjf0pCFV4mqeiLdBxO
Rg8IRwHmlEHoYf0HhHHDdc1U1YyoOdnjMGZBVwIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFAUNOw8SHjtZJyltgJRjg4UAZqyKMB8GA1UdIwQYMBaAFGE3tduquiiuKMjp
qXgPtwwk/JGQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WVRlMTI2cTZLSzRveU9tcGVBLTNEQ1Q4a1pBLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81OC9iMDY3NWItZTNiYy00ZGZjLWJjY2EtMjNjZDM0N2Q5NzE5LzEv
QlEwN0R4SWVPMWtuS1cyQWxHT0RoUUJtcklvLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9i
MDY3NWItZTNiYy00ZGZjLWJjY2EtMjNjZDM0N2Q5NzE5LzEvWVRlMTI2cTZLSzRv
eU9tcGVBLTNEQ1Q4a1pBLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW9voAwQBW900AwQDX9dwAwQBw3IG
MA0GCSqGSIb3DQEBCwUAA4IBAQCYpXT2scSo5pngB4zhNg9Q1fLAGOoHWD5rD/HI
Cwff+xSu1hNAqwGUs82egY10cxsO7V9XTax95SeRyz+TMctC8fOIqv1UaKRM65H/
PEb90Nlhh/LKwGRpWyVdO4ehzekiYxQ3Vl58vESbmsG+uHrvZmAhXLUVUORdm4XV
6rntwb6xxsL8Qj0DbNAp2OBkctLLd+hUkC+Xn5QPNxze0hwHlBViWvB6OwIMXbHw
qSi3thcORFzO0sHXHymc83XO9FCFsvF78+I7tBfioybC9v0rFBVYMR7+/5JDKItr
xRBY7guNWqRaC5D93fo4pbTkS1+um7wpOZblY3wJU0RD8yEV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:42 2024 by rpki-client on console-fra.rpki-client.org