Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/azORDgGJ0C4j0nG07V0f6uEG_SA.roa
File: azORDgGJ0C4j0nG07V0f6uEG_SA.roa (raw, json)
Hash identifier: 69tn5psICp15X+CFJ1J5Uq7UkcdTimMnFSiZJ9+i1Y4=
Subject key identifier: 6B:33:91:0E:01:89:D0:2E:23:D2:71:B4:ED:5D:1F:EA:E1:06:FD:20
Certificate issuer: /CN=96b8121d556df453456553dcb45c4143f4cdd213
Certificate serial: 018824259435215F486D303F39F0464867AC
Authority key identifier: 96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/azORDgGJ0C4j0nG07V0f6uEG_SA.roa
Signing time: Tue 16 May 2023 10:40:22 +0000
ROA not before: Tue 16 May 2023 10:40:22 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57043
IP address blocks: 89.19.217.0/24 maxlen: 24
89.19.214.0/24 maxlen: 24
89.19.215.0/24 maxlen: 24
89.19.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:24:25:94:35:21:5f:48:6d:30:3f:39:f0:46:48:67:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96b8121d556df453456553dcb45c4143f4cdd213
Validity
Not Before: May 16 10:40:22 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6b33910e0189d02e23d271b4ed5d1feae106fd20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:fc:2d:9a:ab:d3:74:f5:5b:47:9a:78:2b:4f:
f2:52:ff:eb:4b:76:9f:4d:af:cb:01:f5:f9:3f:9c:
0c:e2:5a:8a:3f:40:dc:e3:f0:62:13:94:ea:58:86:
ec:83:ec:3e:2c:a2:5a:0a:17:4f:50:6f:3b:9f:2d:
5a:29:8b:91:7c:b2:8b:22:a8:5a:af:b4:cc:d5:b8:
a8:d2:83:5d:3e:83:31:76:87:d6:a6:4e:35:68:28:
f0:e6:ac:77:f3:30:06:06:29:35:41:b9:f1:a3:6d:
d1:11:32:4c:c7:e2:12:90:84:76:3a:e8:56:53:c8:
b9:79:b8:50:25:4c:2d:1b:a9:6e:16:d1:f8:89:be:
b2:d3:c4:9a:e8:ae:5a:a3:e0:a9:78:53:28:71:8f:
f5:74:4c:7a:c6:29:42:1e:b0:b2:26:53:6e:7a:3a:
82:a1:26:7b:d0:8e:df:3e:37:a5:3a:2e:75:53:d9:
0f:e4:21:cc:1a:5c:9c:82:c2:e3:09:4d:c5:4b:22:
8e:e1:b3:db:63:c9:46:d3:e0:44:dd:9c:53:ce:4d:
29:1d:52:63:b8:7c:23:c3:59:ce:5e:ec:7c:fe:3c:
a9:01:7f:87:f1:6f:b2:73:19:5d:99:5e:f9:a4:34:
54:07:bb:ce:c2:04:fe:94:54:9d:7e:8a:ee:79:6a:
b8:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:33:91:0E:01:89:D0:2E:23:D2:71:B4:ED:5D:1F:EA:E1:06:FD:20
X509v3 Authority Key Identifier:
keyid:96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/azORDgGJ0C4j0nG07V0f6uEG_SA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lrgSHVVt9FNFZVPctFxBQ_TN0hM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.214.0-89.19.217.255
Signature Algorithm: sha256WithRSAEncryption
28:12:7d:e6:e9:d4:05:42:7d:57:7e:b1:f1:07:d9:61:27:f0:
fb:05:96:4a:2d:54:6e:dc:71:08:82:69:a4:f3:bd:f2:9f:b8:
eb:e1:3c:f4:c4:c6:f4:9d:0c:32:67:31:01:b6:22:95:64:69:
59:79:42:ac:ee:60:27:ce:dc:24:e7:fd:25:e5:3b:e3:b7:69:
e1:6c:86:33:df:1f:a6:02:65:c5:f3:44:65:57:2b:89:d4:21:
dd:95:2c:2c:1d:27:1c:8d:9e:6b:f6:51:d3:4f:06:26:a3:75:
cb:31:b7:f7:1d:8d:eb:b0:9d:20:17:ae:2b:ee:42:22:bf:40:
b6:ba:4d:da:be:51:f7:99:7d:d6:cf:d2:76:15:fa:1a:ff:3f:
62:45:64:80:f0:3d:5b:be:22:9b:7b:6d:ab:a8:01:e6:db:56:
2b:ea:09:22:ae:af:87:2e:bc:25:c0:43:5f:9d:ca:ad:5c:3e:
ec:d9:d8:43:1c:97:19:5e:2d:c4:67:36:eb:3f:70:f5:e7:a9:
3e:8a:1f:ea:01:1d:c4:20:b8:b7:96:d8:0b:f0:d4:40:b0:3b:
f1:c0:0f:72:18:b6:f2:4c:92:50:5d:8e:18:5b:fc:c3:f0:f4:
98:93:d0:17:4f:8c:74:64:4e:4f:9e:a3:52:1f:68:ac:a5:8f:
d8:d2:2a:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYgkJZQ1IV9IbTA/OfBGSGesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjgxMjFkNTU2ZGY0NTM0NTY1NTNkY2I0NWM0MTQzZjRj
ZGQyMTMwHhcNMjMwNTE2MTA0MDIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMzOTEwZTAxODlkMDJlMjNkMjcxYjRlZDVkMWZlYWUxMDZmZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvwtmqvTdPVbR5p4K0/yUv/rS3af
Ta/LAfX5P5wM4lqKP0Dc4/BiE5TqWIbsg+w+LKJaChdPUG87ny1aKYuRfLKLIqha
r7TM1bio0oNdPoMxdofWpk41aCjw5qx38zAGBik1Qbnxo23RETJMx+ISkIR2OuhW
U8i5ebhQJUwtG6luFtH4ib6y08Sa6K5ao+CpeFMocY/1dEx6xilCHrCyJlNuejqC
oSZ70I7fPjelOi51U9kP5CHMGlycgsLjCU3FSyKO4bPbY8lG0+BE3ZxTzk0pHVJj
uHwjw1nOXux8/jypAX+H8W+ycxldmV75pDRUB7vOwgT+lFSdforueWq4LwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGszkQ4BidAuI9JxtO1dH+rhBv0gMB8GA1UdIwQY
MBaAFJa4Eh1VbfRTRWVT3LRcQUP0zdITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUt
ZDRmNTMxN2M1ODMwLzEvYXpPUkRnR0owQzRqMG5HMDdWMGY2dUVHX1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUtZDRmNTMxN2M1ODMw
LzEvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFZE9YD
BAFZE9gwDQYJKoZIhvcNAQELBQADggEBACgSfebp1AVCfVd+sfEH2WEn8PsFlkot
VG7ccQiCaaTzvfKfuOvhPPTExvSdDDJnMQG2IpVkaVl5QqzuYCfO3CTn/SXlO+O3
aeFshjPfH6YCZcXzRGVXK4nUId2VLCwdJxyNnmv2UdNPBiajdcsxt/cdjeuwnSAX
rivuQiK/QLa6Tdq+UfeZfdbP0nYV+hr/P2JFZIDwPVu+Ipt7bauoAebbVivqCSKu
r4cuvCXAQ1+dyq1cPuzZ2EMclxleLcRnNus/cPXnqT6KH+oBHcQguLeW2Avw1ECw
O/HAD3IYtvJMklBdjhhb/MPw9JiT0BdPjHRkTk+eo1IfaKylj9jSKpg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:54 2024 by rpki-client on console-ams.rpki-client.org