Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/seTZdDQwkcNJB--sWEEpH1aAtz4.roa
File: seTZdDQwkcNJB--sWEEpH1aAtz4.roa (raw, json)
Hash identifier: hbUZSlI+lBasAOOz3jP4KqydtKSu/KMpbjFcRQWX7r0=
Subject key identifier: B1:E4:D9:74:34:30:91:C3:49:07:EF:AC:58:41:29:1F:56:80:B7:3E
Certificate issuer: /CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
Certificate serial: 018C64011F78CAC9F769B2FA673C8CD830B7
Authority key identifier: 04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/seTZdDQwkcNJB--sWEEpH1aAtz4.roa
Signing time: Wed 13 Dec 2023 16:27:24 +0000
ROA not before: Wed 13 Dec 2023 16:27:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59450
IP address blocks: 91.197.32.0/22 maxlen: 22
193.108.80.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:64:01:1f:78:ca:c9:f7:69:b2:fa:67:3c:8c:d8:30:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
Validity
Not Before: Dec 13 16:27:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1e4d974343091c34907efac5841291f5680b73e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:a0:60:b2:fb:17:7a:6f:ff:cf:59:1f:40:ff:
e9:d5:d5:c1:94:79:7f:5e:c9:32:fe:43:a0:c7:9c:
c3:5a:ea:8f:13:f6:47:20:20:66:fb:eb:ac:b9:79:
69:62:a5:9d:0b:6e:26:5e:cd:ec:c8:18:25:7b:6c:
d6:5b:1a:14:ab:e1:ac:10:46:11:a9:d1:b4:4d:5c:
d2:e1:58:59:79:e8:cb:91:dd:78:61:66:9f:7a:ad:
67:1d:78:86:1e:43:79:60:52:f8:8d:9e:b1:00:63:
e6:6e:46:6b:e5:75:cb:e9:35:c4:4b:2c:cf:2c:15:
bd:07:b1:10:48:78:1d:46:65:17:ba:36:6b:09:8c:
33:88:2e:05:9d:f0:86:7a:7c:65:11:d9:aa:4a:37:
85:5d:3b:12:01:07:d8:8c:56:e2:a3:60:a7:fe:1b:
24:f8:ff:cb:50:38:e6:9d:98:15:a2:43:7e:58:07:
98:f7:c6:13:82:23:17:3e:e0:72:79:78:a3:65:24:
0c:57:b4:ec:37:d1:1c:e1:89:57:2d:84:91:01:23:
57:11:34:c8:3e:4c:41:bc:0f:73:4d:d1:ee:db:02:
01:da:75:00:c6:c1:b2:4c:9e:21:c9:42:58:97:2b:
47:1c:0f:79:a6:87:ea:d3:fd:01:d6:2f:fb:28:13:
2b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:E4:D9:74:34:30:91:C3:49:07:EF:AC:58:41:29:1F:56:80:B7:3E
X509v3 Authority Key Identifier:
keyid:04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/seTZdDQwkcNJB--sWEEpH1aAtz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/BNm8gopWawavTXZd-12lvB12xyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.32.0/22
193.108.80.0/21
Signature Algorithm: sha256WithRSAEncryption
90:33:68:fd:04:61:97:ae:24:ef:18:33:d9:d1:93:4b:1c:fd:
89:76:77:4d:9a:6b:5a:d3:38:cd:2d:8b:ec:05:8f:0e:af:60:
b4:e3:d2:8e:2e:ba:91:89:d7:77:ff:c8:4d:de:b0:c6:65:b3:
7e:69:75:75:c0:4c:e1:4c:1b:1f:20:5a:f5:12:4a:90:31:cf:
5b:a0:94:71:4b:8f:f5:c2:37:3f:40:ca:55:fe:57:cd:1d:38:
af:84:1e:c2:be:c5:6a:ac:1c:9a:55:3d:bf:25:c2:a6:a3:c1:
9c:cf:33:12:65:f7:9b:b7:6a:36:1c:bf:59:d9:26:ea:7c:21:
42:13:2e:3a:82:9c:71:d5:4f:6f:ea:cf:d9:57:b3:c5:6a:9f:
be:62:91:9a:96:6f:b6:3c:78:48:03:61:c4:03:ae:d2:ac:4f:
b4:c9:a9:43:b5:cb:a3:2e:b6:81:b5:b3:a2:83:f0:ec:9d:20:
80:37:60:06:39:92:c5:dc:aa:04:55:f7:56:95:6c:b9:29:86:
b5:1c:eb:a0:b0:29:c2:c3:94:20:fe:10:54:07:79:bc:71:7c:
18:c1:6e:1c:28:82:ef:ef:d5:12:78:be:1a:df:59:f0:eb:6d:
8b:c9:45:2b:df:0f:c5:98:38:cd:32:49:9c:df:a9:5f:1e:31:
7b:cd:46:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYxkAR94ysn3abL6ZzyM2DC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZDliYzgyOGE1NjZiMDZhZjRkNzY1ZGZiNWRhNWJjMWQ3
NmM3MjUwHhcNMjMxMjEzMTYyNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU0ZDk3NDM0MzA5MWMzNDkwN2VmYWM1ODQxMjkxZjU2ODBiNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqBgsvsXem//z1kfQP/p1dXBlHl/
Xsky/kOgx5zDWuqPE/ZHICBm++usuXlpYqWdC24mXs3syBgle2zWWxoUq+GsEEYR
qdG0TVzS4VhZeejLkd14YWafeq1nHXiGHkN5YFL4jZ6xAGPmbkZr5XXL6TXESyzP
LBW9B7EQSHgdRmUXujZrCYwziC4FnfCGenxlEdmqSjeFXTsSAQfYjFbio2Cn/hsk
+P/LUDjmnZgVokN+WAeY98YTgiMXPuByeXijZSQMV7TsN9Ec4YlXLYSRASNXETTI
PkxBvA9zTdHu2wIB2nUAxsGyTJ4hyUJYlytHHA95pofq0/0B1i/7KBMrdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHk2XQ0MJHDSQfvrFhBKR9WgLc+MB8GA1UdIwQY
MBaAFATZvIKKVmsGr012XftdpbwddsclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQt
OTgyYzQyOWQ0MTU2LzEvc2VUWmREUXdrY05KQi0tc1dFRXBIMWFBdHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQtOTgyYzQyOWQ0MTU2
LzEvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8UgAwQD
wWxQMA0GCSqGSIb3DQEBCwUAA4IBAQCQM2j9BGGXriTvGDPZ0ZNLHP2JdndNmmta
0zjNLYvsBY8Or2C049KOLrqRidd3/8hN3rDGZbN+aXV1wEzhTBsfIFr1EkqQMc9b
oJRxS4/1wjc/QMpV/lfNHTivhB7CvsVqrByaVT2/JcKmo8GczzMSZfebt2o2HL9Z
2SbqfCFCEy46gpxx1U9v6s/ZV7PFap++YpGalm+2PHhIA2HEA67SrE+0yalDtcuj
LraBtbOig/DsnSCAN2AGOZLF3KoEVfdWlWy5KYa1HOugsCnCw5Qg/hBUB3m8cXwY
wW4cKILv79USeL4a31nw622LyUUr3w/FmDjNMkmc36lfHjF7zUY0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:43 2024 by rpki-client on console-fra.rpki-client.org