Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/DGJqnazXWSFW6i6UsaR_7skI6m4.roa
File: DGJqnazXWSFW6i6UsaR_7skI6m4.roa (raw, json)
Hash identifier: JupBj9R4AnYpyvEBZBDnK/YxcaxpvUaSzpq7OT5SaFE=
Subject key identifier: 0C:62:6A:9D:AC:D7:59:21:56:EA:2E:94:B1:A4:7F:EE:C9:08:EA:6E
Certificate issuer: /CN=aa734ef5ae21c0e897fa186447184ec9ad4ae29d
Certificate serial: 018A4FF97A78400C9639CBE9D7BA8E0CE4E6
Authority key identifier: AA:73:4E:F5:AE:21:C0:E8:97:FA:18:64:47:18:4E:C9:AD:4A:E2:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qnNO9a4hwOiX-hhkRxhOya1K4p0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/DGJqnazXWSFW6i6UsaR_7skI6m4.roa
Signing time: Fri 01 Sep 2023 09:01:04 +0000
ROA not before: Fri 01 Sep 2023 09:01:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208853
IP address blocks: 151.216.44.0/24 maxlen: 24
2a0e:6ac0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4f:f9:7a:78:40:0c:96:39:cb:e9:d7:ba:8e:0c:e4:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa734ef5ae21c0e897fa186447184ec9ad4ae29d
Validity
Not Before: Sep 1 09:01:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c626a9dacd7592156ea2e94b1a47feec908ea6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:17:f5:5c:ed:78:4b:40:86:fb:5e:e4:92:33:
83:54:79:4d:17:33:63:25:2b:5c:79:ac:70:51:6e:
ed:5c:ac:36:18:5e:eb:6e:a3:db:a5:5b:15:de:8e:
84:95:6b:d6:f1:9b:f6:4f:b8:f2:e1:a9:f0:77:80:
22:2f:d8:5e:70:50:bd:4b:a4:c6:73:ff:0d:04:db:
fd:bb:6b:b3:5b:c4:5a:30:ac:1b:e9:db:60:02:ed:
97:f0:60:aa:7b:fe:38:9a:71:02:1c:d0:26:a2:9d:
6c:85:1c:e7:d3:b5:53:fb:ac:1f:fa:d5:3d:6f:0a:
c4:89:a1:5f:9b:33:99:f6:9e:7d:ae:0e:6d:cd:9c:
97:34:28:59:df:9d:ff:e8:7f:29:95:5b:73:ef:5d:
5f:61:53:2f:f1:36:33:10:77:bb:f5:d2:54:90:7f:
43:3c:82:4b:39:1a:ce:b0:05:7d:a3:51:61:ab:83:
49:1f:c9:ff:f5:83:92:58:d9:06:76:08:81:6a:bb:
0f:c4:52:45:63:d9:8a:8c:3b:29:6d:00:08:fd:66:
67:0a:66:b8:53:d6:ae:b4:80:01:cb:c3:1d:27:cb:
5f:d7:d3:66:50:cd:96:6e:ea:0e:5a:ad:a3:94:8f:
84:43:77:7d:82:05:fa:9b:a6:01:d1:9d:7c:b0:cf:
de:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:62:6A:9D:AC:D7:59:21:56:EA:2E:94:B1:A4:7F:EE:C9:08:EA:6E
X509v3 Authority Key Identifier:
keyid:AA:73:4E:F5:AE:21:C0:E8:97:FA:18:64:47:18:4E:C9:AD:4A:E2:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnNO9a4hwOiX-hhkRxhOya1K4p0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/DGJqnazXWSFW6i6UsaR_7skI6m4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/qnNO9a4hwOiX-hhkRxhOya1K4p0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.44.0/24
IPv6:
2a0e:6ac0:1::/48
Signature Algorithm: sha256WithRSAEncryption
4b:de:a2:d6:2a:34:37:6b:9f:0a:f8:64:55:c4:fd:6f:45:cc:
5c:0f:e8:01:78:cc:d3:6b:4d:c5:1a:69:0c:1d:5e:2a:51:ff:
2c:3a:7c:ee:53:50:ad:af:b8:27:7d:71:42:71:bb:c8:41:64:
20:5a:89:48:b9:5d:c0:1a:9d:9a:ef:ce:58:ed:a5:58:60:e3:
9a:c8:e6:99:4f:7f:9b:ec:3d:d1:fb:3c:ab:da:1c:ac:c1:b0:
ed:a6:84:7a:f9:d4:20:6a:af:15:dc:41:73:14:52:5e:44:46:
7f:d0:b5:10:31:7c:79:9e:bb:c6:51:0a:d6:70:0c:31:ad:81:
c8:58:c4:84:51:38:5a:ec:6f:76:0c:92:c3:d3:77:53:9e:98:
b4:da:1c:0f:43:f1:c5:30:5e:67:e6:87:6d:29:4d:10:44:31:
ba:3d:9a:94:bb:26:f9:73:60:9f:55:79:69:dd:ea:3a:73:c2:
ad:27:a2:a1:eb:94:30:38:57:ee:10:65:f4:5a:47:c5:80:b9:
2c:bb:b7:6f:93:f0:04:96:30:a5:2c:ae:1b:97:cd:a8:4b:fa:
f1:43:48:12:d0:d3:c9:56:90:e1:ba:a4:da:ab:fc:f2:59:9a:
6e:dd:7c:16:d6:7b:04:f4:c2:10:a5:25:9b:85:1d:b6:38:22:
9a:7b:e5:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYpP+Xp4QAyWOcvp17qODOTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNzM0ZWY1YWUyMWMwZTg5N2ZhMTg2NDQ3MTg0ZWM5YWQ0
YWUyOWQwHhcNMjMwOTAxMDkwMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzYyNmE5ZGFjZDc1OTIxNTZlYTJlOTRiMWE0N2ZlZWM5MDhlYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRf1XO14S0CG+17kkjODVHlNFzNj
JStceaxwUW7tXKw2GF7rbqPbpVsV3o6ElWvW8Zv2T7jy4anwd4AiL9hecFC9S6TG
c/8NBNv9u2uzW8RaMKwb6dtgAu2X8GCqe/44mnECHNAmop1shRzn07VT+6wf+tU9
bwrEiaFfmzOZ9p59rg5tzZyXNChZ353/6H8plVtz711fYVMv8TYzEHe79dJUkH9D
PIJLORrOsAV9o1Fhq4NJH8n/9YOSWNkGdgiBarsPxFJFY9mKjDspbQAI/WZnCma4
U9autIABy8MdJ8tf19NmUM2WbuoOWq2jlI+EQ3d9ggX6m6YB0Z18sM/eZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAxiap2s11khVuoulLGkf+7JCOpuMB8GA1UdIwQY
MBaAFKpzTvWuIcDol/oYZEcYTsmtSuKdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW5OTzlhNGh3T2lYLWhoa1J4aE95YTFLNHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS83NDgxMTEtMGUxMC00NzkyLTliMWIt
ZGE3ODBjZmI5OWE0LzEvREdKcW5helhXU0ZXNmk2VXNhUl83c2tJNm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS83NDgxMTEtMGUxMC00NzkyLTliMWItZGE3ODBjZmI5OWE0
LzEvcW5OTzlhNGh3T2lYLWhoa1J4aE95YTFLNHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl9gsMA8E
AgACMAkDBwAqDmrAAAEwDQYJKoZIhvcNAQELBQADggEBAEveotYqNDdrnwr4ZFXE
/W9FzFwP6AF4zNNrTcUaaQwdXipR/yw6fO5TUK2vuCd9cUJxu8hBZCBaiUi5XcAa
nZrvzljtpVhg45rI5plPf5vsPdH7PKvaHKzBsO2mhHr51CBqrxXcQXMUUl5ERn/Q
tRAxfHmeu8ZRCtZwDDGtgchYxIRROFrsb3YMksPTd1OemLTaHA9D8cUwXmfmh20p
TRBEMbo9mpS7JvlzYJ9VeWnd6jpzwq0noqHrlDA4V+4QZfRaR8WAuSy7t2+T8ASW
MKUsrhuXzahL+vFDSBLQ08lWkOG6pNqr/PJZmm7dfBbWewT0whClJZuFHbY4Ipp7
5QY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:03 2024 by rpki-client on console-fra.rpki-client.org