Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/JEKz9Rs2h3UtAOisbKY_4vWd0NQ.roa
File: JEKz9Rs2h3UtAOisbKY_4vWd0NQ.roa (raw, json)
Hash identifier: ajL1U7JFkLrqUgDNQWvUrtmEZOqN9qdEpafo7lit+FM=
Subject key identifier: 24:42:B3:F5:1B:36:87:75:2D:00:E8:AC:6C:A6:3F:E2:F5:9D:D0:D4
Certificate issuer: /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial: 0186EA4CCEA672802106278B92674CC6D8F8
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/JEKz9Rs2h3UtAOisbKY_4vWd0NQ.roa
Signing time: Thu 16 Mar 2023 12:02:27 +0000
ROA not before: Thu 16 Mar 2023 12:02:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50247
IP address blocks: 91.224.143.0/24 maxlen: 24
91.224.142.0/23 maxlen: 23
91.224.142.0/24 maxlen: 24
45.131.33.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ea:4c:ce:a6:72:80:21:06:27:8b:92:67:4c:c6:d8:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Validity
Not Before: Mar 16 12:02:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2442b3f51b3687752d00e8ac6ca63fe2f59dd0d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b7:eb:59:e0:08:0d:05:83:f8:bb:8d:61:1e:
8a:7b:13:f1:b0:ce:ee:84:7b:1f:1c:41:96:be:b5:
44:cb:39:a9:9b:b5:18:27:2b:ab:b6:a6:f0:0d:53:
61:89:94:d1:b7:bd:3d:2c:4a:27:e3:cb:85:7a:d3:
7a:98:73:16:cc:d6:e4:3a:91:b2:c6:1e:8f:fb:cf:
95:1c:5e:2f:36:ee:52:bc:6b:82:23:4e:86:d6:84:
50:3d:03:22:3a:e9:4e:90:8b:03:15:69:a8:2c:ec:
dd:8c:c4:04:6b:c1:b7:43:09:f4:64:dd:ca:25:ce:
59:b2:21:e3:2c:91:02:1c:7b:15:cc:1f:18:8b:2a:
6d:1a:12:bc:fe:92:26:dc:60:de:f6:47:e7:86:de:
5e:90:24:35:c0:aa:0d:ca:1c:64:2f:b7:bb:79:a3:
4d:89:5c:37:f7:38:b9:92:59:9b:92:f3:54:d6:9f:
5e:e1:87:46:1a:a1:40:ac:77:00:8d:3c:e5:2f:81:
f2:bb:9b:22:bd:72:d7:b9:4e:21:12:42:17:a1:a3:
0f:18:ed:1d:2e:1f:5f:00:48:73:df:da:a8:5f:13:
cb:ae:2c:be:20:2e:a0:97:3d:5e:36:c1:46:ee:d5:
88:0e:0a:33:8e:57:d5:ab:1d:50:e6:c3:c5:d5:b1:
31:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:42:B3:F5:1B:36:87:75:2D:00:E8:AC:6C:A6:3F:E2:F5:9D:D0:D4
X509v3 Authority Key Identifier:
keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/JEKz9Rs2h3UtAOisbKY_4vWd0NQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.131.33.0/24
91.224.142.0/23
Signature Algorithm: sha256WithRSAEncryption
72:87:9c:41:cf:17:93:17:80:c5:0e:44:6e:e5:c9:61:43:55:
f8:a5:91:db:a2:bb:1e:f0:bf:c6:b8:94:ce:4f:85:39:9a:c9:
c2:02:01:f5:76:1c:8f:6d:8d:b6:ca:58:bd:a4:f7:b2:b4:23:
d0:a0:76:94:6f:91:5b:22:7a:24:ae:f9:66:3a:95:e2:74:c8:
e1:b4:c4:53:71:9e:ef:42:a9:31:7a:d6:a6:10:4e:76:d5:4c:
fc:41:c2:b5:b4:81:a8:89:dd:78:a2:55:d7:92:87:6a:2e:e6:
43:6c:16:cc:d5:7a:a8:bd:e0:4b:4b:e7:86:82:52:30:f7:9d:
e2:b9:55:98:84:c7:31:4b:93:6c:ac:76:7a:60:29:01:81:96:
3a:04:30:0e:85:a3:db:f0:24:44:79:cb:05:ba:84:83:19:99:
c7:b9:12:5f:b8:c7:a4:0e:85:15:58:49:63:ed:65:e9:55:26:
87:6d:32:0c:08:a5:cf:d8:6a:cb:6c:4a:fd:be:af:d6:83:83:
18:cc:ce:4e:6a:3e:46:9c:f6:7e:03:e3:24:a1:93:88:95:4f:
e6:1c:8a:ed:4e:24:42:be:1a:cd:c4:57:c8:86:27:a2:a8:9d:
5a:c3:39:d5:75:82:4a:c7:32:b4:a1:e8:25:7f:c2:d7:bc:58:
a5:bb:62:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYbqTM6mcoAhBieLkmdMxtj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjMwMzE2MTIwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQyYjNmNTFiMzY4Nzc1MmQwMGU4YWM2Y2E2M2ZlMmY1OWRkMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbfrWeAIDQWD+LuNYR6KexPxsM7u
hHsfHEGWvrVEyzmpm7UYJyurtqbwDVNhiZTRt709LEon48uFetN6mHMWzNbkOpGy
xh6P+8+VHF4vNu5SvGuCI06G1oRQPQMiOulOkIsDFWmoLOzdjMQEa8G3Qwn0ZN3K
Jc5ZsiHjLJECHHsVzB8YiyptGhK8/pIm3GDe9kfnht5ekCQ1wKoNyhxkL7e7eaNN
iVw39zi5klmbkvNU1p9e4YdGGqFArHcAjTzlL4Hyu5sivXLXuU4hEkIXoaMPGO0d
Lh9fAEhz39qoXxPLriy+IC6glz1eNsFG7tWIDgozjlfVqx1Q5sPF1bExpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCRCs/UbNod1LQDorGymP+L1ndDUMB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvSkVLejlSczJoM1V0QU9pc2JLWV80dldkME5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYMhAwQB
W+COMA0GCSqGSIb3DQEBCwUAA4IBAQByh5xBzxeTF4DFDkRu5clhQ1X4pZHborse
8L/GuJTOT4U5msnCAgH1dhyPbY22yli9pPeytCPQoHaUb5FbInokrvlmOpXidMjh
tMRTcZ7vQqkxetamEE521Uz8QcK1tIGoid14olXXkodqLuZDbBbM1XqoveBLS+eG
glIw953iuVWYhMcxS5NsrHZ6YCkBgZY6BDAOhaPb8CREecsFuoSDGZnHuRJfuMek
DoUVWElj7WXpVSaHbTIMCKXP2GrLbEr9vq/Wg4MYzM5Oaj5GnPZ+A+MkoZOIlU/m
HIrtTiRCvhrNxFfIhieiqJ1awznVdYJKxzK0oeglf8LXvFilu2LJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:59 2024 by rpki-client on console-ams.rpki-client.org