Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9QYRKO3HkasifLUaBjZkczLNeDo.roa
File: 9QYRKO3HkasifLUaBjZkczLNeDo.roa (raw, json)
Hash identifier: Ny/06yCr3Q1rebz3AoUPpIpC/abwEwRoW/Sct1/1smk=
Subject key identifier: F5:06:11:28:ED:C7:91:AB:22:7C:B5:1A:06:36:64:73:32:CD:78:3A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01881F6BF9E7AD96350EF2A1F8D2306DD2C0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9QYRKO3HkasifLUaBjZkczLNeDo.roa
Signing time: Mon 15 May 2023 12:39:09 +0000
ROA not before: Mon 15 May 2023 12:39:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397423
IP address blocks: 94.103.127.0/24 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1f:6b:f9:e7:ad:96:35:0e:f2:a1:f8:d2:30:6d:d2:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 15 12:39:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f5061128edc791ab227cb51a0636647332cd783a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:6f:b0:d1:c0:61:1a:c3:f0:14:32:9b:36:c4:
02:22:ed:2d:7f:64:f5:21:8f:84:e3:5b:e2:d0:c2:
82:91:98:57:25:2e:9f:c8:71:cd:98:54:5d:9b:c6:
90:16:b3:d8:58:d8:68:55:c8:60:c1:fa:1d:75:5b:
d3:f1:fe:e4:17:59:74:19:99:73:e1:14:57:b4:31:
28:ac:df:78:2f:d5:9a:b1:7d:a1:39:db:e1:83:4c:
f2:20:ad:ab:73:39:28:0f:c9:ff:d2:22:1e:ca:29:
f6:cb:a4:31:db:0e:95:07:3a:22:8c:88:dd:3a:80:
8e:c6:8b:b2:23:a1:10:82:e0:cd:9e:91:0c:a6:a7:
3c:28:8f:58:10:63:19:68:d5:2a:bf:d1:a0:75:c4:
a4:de:51:c2:d6:66:34:6e:7e:b1:8a:60:c3:9a:af:
8b:c4:b0:e0:1d:f8:fa:02:9c:16:5d:76:7b:ee:41:
bf:54:b8:ea:92:b8:28:72:48:71:5a:d7:d6:eb:d9:
b9:ba:96:80:c0:89:89:ac:37:c6:b9:b4:9d:f7:07:
88:7f:a5:b8:65:a0:7a:9c:a3:99:6d:14:47:a9:60:
78:77:57:35:bc:d5:5b:df:bc:ae:af:fb:31:83:f1:
7e:36:3e:eb:c7:63:da:e6:02:d4:bd:d5:fb:c1:a2:
aa:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:06:11:28:ED:C7:91:AB:22:7C:B5:1A:06:36:64:73:32:CD:78:3A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9QYRKO3HkasifLUaBjZkczLNeDo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.103.127.0/24
109.206.238.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:4f:8e:b1:c0:59:55:86:ad:c7:18:0e:b2:d6:31:08:f7:90:
a5:64:73:b5:61:68:a0:43:68:aa:32:0f:ba:34:e9:df:bd:48:
4e:e3:c5:37:78:4b:f6:a6:d8:63:6e:3d:3f:5a:38:e5:60:d9:
91:da:5a:93:5d:26:4b:56:68:87:f2:1a:ab:bd:4e:91:5c:95:
4c:2a:0b:02:0d:93:d4:6f:a9:9e:a4:de:83:44:eb:4d:fa:91:
83:4e:63:9b:b9:6f:a0:4e:7a:2f:92:88:3d:0d:91:54:ae:35:
44:91:e0:23:aa:3d:ac:4e:ca:8d:ff:72:73:f0:76:52:9f:62:
fe:6d:dc:b0:2b:d6:ea:83:3d:b9:67:6a:0c:a8:41:90:8d:6c:
59:43:6e:95:e6:3c:bb:7e:4f:9e:4b:21:ad:20:57:7d:a1:e6:
6d:f3:91:1a:df:f8:38:64:01:7c:50:bc:38:75:94:ac:5b:f5:
e1:bc:6a:57:6c:a7:2b:d3:00:3d:b0:22:34:c0:1d:91:d5:a4:
22:4a:a3:80:31:a5:e4:05:59:f8:e5:8e:59:df:3e:4f:67:d2:
32:19:bf:30:b1:49:0c:90:45:32:b2:dc:3c:c6:8c:f1:5e:31:
4b:49:a3:c0:87:d2:05:3c:a5:c7:de:96:cb:0a:1f:a7:ae:a0:
42:de:39:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgfa/nnrZY1DvKh+NIwbdLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE1MTIzOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTA2MTEyOGVkYzc5MWFiMjI3Y2I1MWEwNjM2NjQ3MzMyY2Q3ODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW+w0cBhGsPwFDKbNsQCIu0tf2T1
IY+E41vi0MKCkZhXJS6fyHHNmFRdm8aQFrPYWNhoVchgwfoddVvT8f7kF1l0GZlz
4RRXtDEorN94L9WasX2hOdvhg0zyIK2rczkoD8n/0iIeyin2y6Qx2w6VBzoijIjd
OoCOxouyI6EQguDNnpEMpqc8KI9YEGMZaNUqv9GgdcSk3lHC1mY0bn6ximDDmq+L
xLDgHfj6ApwWXXZ77kG/VLjqkrgockhxWtfW69m5upaAwImJrDfGubSd9weIf6W4
ZaB6nKOZbRRHqWB4d1c1vNVb37yur/sxg/F+Nj7rx2Pa5gLUvdX7waKqZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPUGESjtx5GrIny1GgY2ZHMyzXg6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOVFZUktPM0hrYXNpZkxVYUJqWmtjekxOZURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXmd/AwQA
bc7uMA0GCSqGSIb3DQEBCwUAA4IBAQCbT46xwFlVhq3HGA6y1jEI95ClZHO1YWig
Q2iqMg+6NOnfvUhO48U3eEv2pthjbj0/WjjlYNmR2lqTXSZLVmiH8hqrvU6RXJVM
KgsCDZPUb6mepN6DROtN+pGDTmObuW+gTnovkog9DZFUrjVEkeAjqj2sTsqN/3Jz
8HZSn2L+bdywK9bqgz25Z2oMqEGQjWxZQ26V5jy7fk+eSyGtIFd9oeZt85Ea3/g4
ZAF8ULw4dZSsW/XhvGpXbKcr0wA9sCI0wB2R1aQiSqOAMaXkBVn45Y5Z3z5PZ9Iy
Gb8wsUkMkEUystw8xozxXjFLSaPAh9IFPKXH3pbLCh+nrqBC3jlj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:00 2024 by rpki-client on console-fra.rpki-client.org