Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/9y-CKfU-1nl4Hbm4BQOqD4j_9uk.roa
File: 9y-CKfU-1nl4Hbm4BQOqD4j_9uk.roa (raw, json)
Hash identifier: S7ol6jq82Pmnd8IKWAfEZu9hcPiUhSejQraaKN+kB9M=
Subject key identifier: F7:2F:82:29:F5:3E:D6:79:78:1D:B9:B8:05:03:AA:0F:88:FF:F6:E9
Certificate issuer: /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial: 018C25538CE17EC0F9D0252AE89F95928C49
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/9y-CKfU-1nl4Hbm4BQOqD4j_9uk.roa
Signing time: Fri 01 Dec 2023 12:21:21 +0000
ROA not before: Fri 01 Dec 2023 12:21:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60446
IP address blocks: 188.132.223.0/24 maxlen: 24
188.132.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:25:53:8c:e1:7e:c0:f9:d0:25:2a:e8:9f:95:92:8c:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Validity
Not Before: Dec 1 12:21:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f72f8229f53ed679781db9b80503aa0f88fff6e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:0b:95:58:65:0a:fa:d3:37:bc:4f:ed:60:75:
94:4d:ff:06:f2:aa:50:10:9e:98:3a:19:9a:85:d1:
66:d0:d8:18:5f:57:8d:73:c4:64:d4:d8:72:1f:82:
70:e1:f8:2b:a4:d9:6e:1b:06:52:8e:f4:09:1c:21:
e0:a8:f8:81:4f:f2:a6:1c:66:3f:9f:37:12:85:09:
fe:d5:a5:3b:e8:60:60:8e:4d:b9:55:34:af:2b:df:
88:96:18:3d:87:c8:40:7b:25:fd:16:d1:5e:b9:08:
fc:da:0f:db:32:e4:4f:cf:15:57:c7:c2:7c:b4:4b:
09:9d:8d:ad:a1:6d:38:24:d1:1a:e4:d4:90:ab:ef:
99:34:0e:af:a9:78:e9:66:d1:4d:07:bb:ec:d9:c3:
2f:9b:88:6b:ae:c5:b1:6e:bb:a2:01:1f:10:d3:da:
61:13:bb:d7:3d:6a:48:d6:2a:a1:a7:c0:54:a0:5b:
c8:b9:38:29:ca:42:1f:6e:a1:d3:48:38:45:21:df:
d3:3a:0a:89:6d:03:76:1d:61:0b:47:f8:7f:9a:f6:
89:18:5c:a5:3d:3d:70:34:fd:a2:76:c2:db:ce:40:
0d:2f:d9:c3:39:f9:a1:27:c3:38:49:fd:cb:54:6f:
0d:36:39:1e:44:49:d4:52:56:01:39:ba:8c:c3:ce:
11:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:2F:82:29:F5:3E:D6:79:78:1D:B9:B8:05:03:AA:0F:88:FF:F6:E9
X509v3 Authority Key Identifier:
keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/9y-CKfU-1nl4Hbm4BQOqD4j_9uk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.132.223.0-188.132.224.255
Signature Algorithm: sha256WithRSAEncryption
81:f7:c3:22:e5:03:94:23:3b:53:c0:a1:c7:16:38:f0:30:4d:
b6:8e:ef:bc:ce:44:4d:be:41:22:dd:9d:1f:c0:ea:84:68:94:
cd:e4:b3:2e:08:ff:b4:f5:8d:52:95:02:bf:82:d9:89:c7:69:
fc:9d:cd:8b:62:fb:65:d2:55:9d:c5:4b:44:68:f7:d0:fb:3c:
62:ab:d3:76:44:f8:03:0f:3c:b3:55:94:9d:c1:0a:8d:f6:d9:
21:0e:36:f8:d0:17:a5:84:ae:ad:35:72:a8:d6:d9:a4:f3:66:
7d:03:33:dc:9e:e8:d5:38:1d:ee:46:e1:36:8f:5e:1d:db:6a:
bf:a6:13:2c:d2:a7:b7:85:77:72:09:2b:ec:a0:f1:4c:07:f0:
9e:c3:a4:b8:f1:31:f6:69:5b:98:d0:ad:8a:d6:bf:df:94:5f:
00:02:3f:ed:99:65:cd:7d:db:50:14:73:d4:06:9e:9f:aa:52:
2f:8e:26:eb:31:ce:3d:08:9f:e3:53:ea:df:0c:05:d4:91:28:
57:29:e5:0e:7d:e9:e1:79:1f:cc:d0:f9:be:52:0d:b0:60:6b:
81:89:c0:8e:f5:a8:13:d8:e9:fd:80:1a:45:85:b7:6e:73:d3:
66:06:10:c4:fa:a8:fa:bd:6f:03:17:2a:ae:ab:af:66:63:e7:
d8:c9:cd:bd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYwlU4zhfsD50CUq6J+VkoxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMjAxMTIyMTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJmODIyOWY1M2VkNjc5NzgxZGI5YjgwNTAzYWEwZjg4ZmZmNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowuVWGUK+tM3vE/tYHWUTf8G8qpQ
EJ6YOhmahdFm0NgYX1eNc8Rk1NhyH4Jw4fgrpNluGwZSjvQJHCHgqPiBT/KmHGY/
nzcShQn+1aU76GBgjk25VTSvK9+Ilhg9h8hAeyX9FtFeuQj82g/bMuRPzxVXx8J8
tEsJnY2toW04JNEa5NSQq++ZNA6vqXjpZtFNB7vs2cMvm4hrrsWxbruiAR8Q09ph
E7vXPWpI1iqhp8BUoFvIuTgpykIfbqHTSDhFId/TOgqJbQN2HWELR/h/mvaJGFyl
PT1wNP2idsLbzkANL9nDOfmhJ8M4Sf3LVG8NNjkeREnUUlYBObqMw84R5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPcvgin1PtZ5eB25uAUDqg+I//bpMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvOXktQ0tmVS0xbmw0SGJtNEJRT3FENGpfOXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8hN8D
BAC8hOAwDQYJKoZIhvcNAQELBQADggEBAIH3wyLlA5QjO1PAoccWOPAwTbaO77zO
RE2+QSLdnR/A6oRolM3ksy4I/7T1jVKVAr+C2YnHafydzYti+2XSVZ3FS0Ro99D7
PGKr03ZE+AMPPLNVlJ3BCo322SEONvjQF6WErq01cqjW2aTzZn0DM9ye6NU4He5G
4TaPXh3bar+mEyzSp7eFd3IJK+yg8UwH8J7DpLjxMfZpW5jQrYrWv9+UXwACP+2Z
Zc1921AUc9QGnp+qUi+OJusxzj0In+NT6t8MBdSRKFcp5Q596eF5H8zQ+b5SDbBg
a4GJwI71qBPY6f2AGkWFt25z02YGEMT6qPq9bwMXKq6rr2Zj59jJzb0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:53 2024 by rpki-client on console-ams.rpki-client.org