Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/hMQwGzrQAtvbuWLmoSiS5Hr9kQo.roa
File: hMQwGzrQAtvbuWLmoSiS5Hr9kQo.roa (raw, json)
Hash identifier: W3DNxaYXnc68cKnQgiyAH6X/IotJdC0uXyNSZ00dWkM=
Subject key identifier: 84:C4:30:1B:3A:D0:02:DB:DB:B9:62:E6:A1:28:92:E4:7A:FD:91:0A
Certificate issuer: /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial: 01856CE6268B558916018D89A54F918462EE
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/hMQwGzrQAtvbuWLmoSiS5Hr9kQo.roa
Signing time: Sun 01 Jan 2023 10:35:00 +0000
ROA not before: Sun 01 Jan 2023 10:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50247
IP address blocks: 91.224.143.0/24 maxlen: 24
91.224.142.0/23 maxlen: 23
91.224.142.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:e6:26:8b:55:89:16:01:8d:89:a5:4f:91:84:62:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Validity
Not Before: Jan 1 10:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84c4301b3ad002dbdbb962e6a12892e47afd910a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:1d:2e:4b:f2:24:7e:c1:ff:17:03:d2:08:b2:
90:0b:d6:08:bf:0d:7b:6e:6e:f3:9b:eb:36:35:1f:
5c:19:43:f0:69:1a:f4:96:f0:8e:9a:87:03:6b:91:
bf:1b:f6:7d:46:79:2a:44:12:70:2e:bf:20:55:02:
11:bc:85:3e:a7:5c:d5:f6:20:7a:0b:4b:7a:2f:97:
8f:92:2b:58:68:7e:fd:32:b6:42:1b:ba:c0:b0:47:
65:af:92:b3:a4:68:e6:d2:eb:13:a7:5e:d9:13:9a:
18:f0:83:c3:b9:fa:a5:84:5b:d6:a0:fc:73:bf:e9:
b1:b3:4a:28:3c:44:89:4a:36:18:f1:86:2c:4d:4b:
e8:86:5a:54:85:51:50:55:df:f9:03:c0:1f:c6:3c:
87:3e:ae:a0:89:24:0e:22:12:d0:0d:47:ac:0d:75:
bd:ba:66:87:48:f2:18:b2:96:7e:6b:e2:a2:c6:b7:
73:21:6b:16:e7:91:40:e5:ae:a3:34:a8:1f:93:18:
18:54:14:38:1e:21:ad:a5:a9:f2:80:3e:c3:7f:92:
23:97:e7:72:ce:8b:58:1c:2d:35:2b:30:f7:b8:0b:
a8:44:3e:12:72:6c:78:84:28:af:3a:1e:6f:a8:9a:
36:57:91:fe:19:02:35:89:85:2c:bf:13:e2:c1:1d:
b5:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:C4:30:1B:3A:D0:02:DB:DB:B9:62:E6:A1:28:92:E4:7A:FD:91:0A
X509v3 Authority Key Identifier:
keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/hMQwGzrQAtvbuWLmoSiS5Hr9kQo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.224.142.0/23
Signature Algorithm: sha256WithRSAEncryption
16:18:77:7a:c8:76:bf:6a:9f:ab:0c:95:76:7d:f3:aa:c0:f3:
54:30:7c:c4:47:35:90:36:86:ad:c0:03:a0:5c:cd:e3:2d:f9:
2a:a5:c8:8b:9e:fa:c7:ec:97:ba:69:ea:a3:c1:00:10:c2:fa:
b5:6b:ab:2a:aa:46:19:85:94:9d:b8:0b:41:75:5a:ac:a5:16:
8b:65:a7:2f:16:66:10:46:be:c6:ac:3b:d1:f1:5f:9a:1b:43:
50:ad:eb:6f:00:78:46:e5:67:7f:aa:fb:1b:ed:a8:d5:72:b5:
eb:c5:6a:a7:73:ad:a3:38:9a:b1:d5:60:a1:72:bf:29:18:a7:
3a:0c:27:c0:39:eb:71:b6:a6:2f:d0:63:dc:c3:9e:22:0f:ad:
d8:c1:79:a5:bd:5d:62:1a:07:be:59:bc:c8:02:ca:e8:f6:3a:
f0:ec:de:89:b7:33:a0:4a:9c:b0:99:89:0d:fd:8a:90:d7:10:
84:ab:aa:8e:a2:81:b4:a7:0c:27:d5:1a:cf:00:35:57:9b:2e:
97:cf:ce:96:9b:a5:8e:01:87:49:22:dd:c3:8d:a6:9a:76:8c:
42:f6:cd:48:a4:18:3c:a5:14:7f:f3:47:a5:52:79:08:03:db:
6f:2f:ff:59:fe:06:3c:bc:af:c4:07:20:64:e1:f1:f7:d7:2f:
cf:10:ba:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs5iaLVYkWAY2JpU+RhGLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjMwMTAxMTAzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM0MzAxYjNhZDAwMmRiZGJiOTYyZTZhMTI4OTJlNDdhZmQ5MTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmx0uS/IkfsH/FwPSCLKQC9YIvw17
bm7zm+s2NR9cGUPwaRr0lvCOmocDa5G/G/Z9RnkqRBJwLr8gVQIRvIU+p1zV9iB6
C0t6L5ePkitYaH79MrZCG7rAsEdlr5KzpGjm0usTp17ZE5oY8IPDufqlhFvWoPxz
v+mxs0ooPESJSjYY8YYsTUvohlpUhVFQVd/5A8AfxjyHPq6giSQOIhLQDUesDXW9
umaHSPIYspZ+a+KixrdzIWsW55FA5a6jNKgfkxgYVBQ4HiGtpanygD7Df5Ijl+dy
zotYHC01KzD3uAuoRD4Scmx4hCivOh5vqJo2V5H+GQI1iYUsvxPiwR21mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITEMBs60ALb27li5qEokuR6/ZEKMB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvaE1Rd0d6clFBdHZidVdMbW9TaVM1SHI5a1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+COMA0G
CSqGSIb3DQEBCwUAA4IBAQAWGHd6yHa/ap+rDJV2ffOqwPNUMHzERzWQNoatwAOg
XM3jLfkqpciLnvrH7Je6aeqjwQAQwvq1a6sqqkYZhZSduAtBdVqspRaLZacvFmYQ
Rr7GrDvR8V+aG0NQretvAHhG5Wd/qvsb7ajVcrXrxWqnc62jOJqx1WChcr8pGKc6
DCfAOetxtqYv0GPcw54iD63YwXmlvV1iGge+WbzIAsro9jrw7N6JtzOgSpywmYkN
/YqQ1xCEq6qOooG0pwwn1RrPADVXmy6Xz86Wm6WOAYdJIt3DjaaadoxC9s1IpBg8
pRR/80elUnkIA9tvL/9Z/gY8vK/EByBk4fH31y/PELpE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:59 2024 by rpki-client on console-ams.rpki-client.org