Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/dkzvJGbm07HUQaEJbDeHEkNbCx4.roa
File: dkzvJGbm07HUQaEJbDeHEkNbCx4.roa (raw, json)
Hash identifier: VpyEstanLcDOz8bS9Zqmw52gPweXnFnJsSgNS73hNQ0=
Subject key identifier: 76:4C:EF:24:66:E6:D3:B1:D4:41:A1:09:6C:37:87:12:43:5B:0B:1E
Certificate issuer: /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial: 38ED8D45
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/dkzvJGbm07HUQaEJbDeHEkNbCx4.roa
Signing time: Fri 08 Apr 2022 12:48:06 +0000
ROA not before: Fri 08 Apr 2022 12:48:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 87.251.3.0/24 maxlen: 24
87.251.6.0/24 maxlen: 24
87.251.24.0/24 maxlen: 24
87.251.30.0/24 maxlen: 24
87.251.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 955092293 (0x38ed8d45)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Validity
Not Before: Apr 8 12:48:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=764cef2466e6d3b1d441a1096c378712435b0b1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:42:dd:84:6c:b2:13:b9:c7:28:12:83:d9:a9:
f4:6e:65:42:2f:16:fb:30:7f:15:22:74:a6:62:1c:
69:a0:be:91:2e:81:6f:ed:03:49:0f:87:e6:f1:0b:
5f:c3:3b:ff:1a:80:98:9c:be:1b:c0:4b:59:79:a3:
c2:00:d7:14:e0:95:3b:b1:dc:3a:99:65:36:2a:96:
5b:90:d4:48:2e:d1:f9:b2:64:a9:c8:ef:e1:dc:e6:
dc:06:a7:b7:0c:80:84:b9:ae:dc:0d:89:45:73:ee:
85:10:f6:7c:5d:a1:9e:7a:68:70:8d:32:10:0c:63:
d1:68:c4:a7:c6:01:a5:c9:25:49:6f:d7:e9:7d:c2:
dc:40:33:5b:89:bd:c2:1f:5b:61:7b:23:30:36:58:
e9:9c:ce:d6:c9:34:91:59:c2:e7:1d:9d:02:d2:c3:
87:cd:83:62:99:e6:99:d0:a5:c5:d3:38:38:f0:21:
55:b9:c7:f5:59:e0:1e:0e:1e:bf:f6:0d:61:d3:01:
08:ba:3d:2b:8f:f4:a7:03:1d:c6:dd:e0:42:55:2c:
6d:3d:90:44:ec:6e:a8:9d:ca:ee:b4:f3:1f:c1:55:
83:ae:70:c9:63:9e:c4:de:0b:69:4c:d7:ae:6a:9b:
00:01:91:87:71:70:44:8a:ee:27:f6:df:53:61:5f:
ec:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:4C:EF:24:66:E6:D3:B1:D4:41:A1:09:6C:37:87:12:43:5B:0B:1E
X509v3 Authority Key Identifier:
keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/dkzvJGbm07HUQaEJbDeHEkNbCx4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.251.3.0/24
87.251.6.0/24
87.251.24.0/24
87.251.30.0/23
Signature Algorithm: sha256WithRSAEncryption
83:9c:84:d2:d1:30:de:70:21:d7:a2:85:46:de:6b:22:c6:3e:
48:d8:10:88:70:5b:9a:1a:0e:dc:c4:06:a9:b3:d8:75:2c:c9:
ea:6b:af:cd:86:03:c2:3c:75:fa:7a:78:78:17:69:ff:89:f3:
04:3d:22:0e:59:d7:92:75:36:d9:84:e8:b2:b4:97:d8:72:8b:
fc:78:fd:73:04:80:d2:3c:b0:f6:6c:b8:aa:fc:6f:b1:68:15:
81:ee:3c:06:19:7d:6e:0b:66:9e:ed:fd:b2:26:23:77:f6:3f:
86:3a:71:f3:69:28:2c:b5:ca:e9:13:96:51:00:eb:27:ab:64:
c2:04:92:48:73:da:5c:d7:77:53:f8:02:96:53:9e:77:34:92:
4a:16:4c:97:35:53:e6:a9:3c:ca:29:28:2b:7b:aa:4a:8c:50:
51:44:94:54:a7:0a:5f:4d:a4:22:6c:cf:3a:88:9a:3a:b2:52:
27:6d:da:d0:54:02:95:2a:d9:31:70:da:ca:18:00:28:de:46:
bb:92:1b:ad:c0:07:d3:29:33:b2:4c:fd:69:cc:cc:19:5a:f8:
62:fd:c5:c2:4b:13:15:08:2a:c8:b9:40:4c:6f:d0:1c:a6:e6:
49:4d:ae:6d:cb:16:d9:bf:c6:a3:79:23:77:8f:a8:76:c0:e3:
78:f0:5a:b3
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEOO2NRTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NTAxODE1YzZmOThmM2EyYjYxODRhZmViZjE4ZWEzNDFiZTg4MmVhMB4XDTIyMDQw
ODEyNDgwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzY0Y2VmMjQ2NmU2
ZDNiMWQ0NDFhMTA5NmMzNzg3MTI0MzViMGIxZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOZC3YRsshO5xygSg9mp9G5lQi8W+zB/FSJ0pmIcaaC+kS6B
b+0DSQ+H5vELX8M7/xqAmJy+G8BLWXmjwgDXFOCVO7HcOpllNiqWW5DUSC7R+bJk
qcjv4dzm3AantwyAhLmu3A2JRXPuhRD2fF2hnnpocI0yEAxj0WjEp8YBpcklSW/X
6X3C3EAzW4m9wh9bYXsjMDZY6ZzO1sk0kVnC5x2dAtLDh82DYpnmmdClxdM4OPAh
VbnH9VngHg4ev/YNYdMBCLo9K4/0pwMdxt3gQlUsbT2QROxuqJ3K7rTzH8FVg65w
yWOexN4LaUzXrmqbAAGRh3FwRIruJ/bfU2Ff7KMCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBR2TO8kZubTsdRBoQlsN4cSQ1sLHjAfBgNVHSMEGDAWgBTlAYFcb5jzorYY
Sv6/GOo0G+iC6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVRR0JYRy1ZODZLMkdFci12eGpxTkJ2b2d1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvNWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8x
L2RrenZKR2JtMDdIVVFhRUpiRGVIRWtOYkN4NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
NWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8xLzVRR0JYRy1ZODZL
MkdFci12eGpxTkJ2b2d1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFf7AwMEAFf7BgMEAFf7GAMEAVf7
HjANBgkqhkiG9w0BAQsFAAOCAQEAg5yE0tEw3nAh16KFRt5rIsY+SNgQiHBbmhoO
3MQGqbPYdSzJ6muvzYYDwjx1+np4eBdp/4nzBD0iDlnXknU22YTosrSX2HKL/Hj9
cwSA0jyw9my4qvxvsWgVge48Bhl9bgtmnu39siYjd/Y/hjpx82koLLXK6ROWUQDr
J6tkwgSSSHPaXNd3U/gCllOedzSSShZMlzVT5qk8yikoK3uqSoxQUUSUVKcKX02k
ImzPOoiaOrJSJ23a0FQClSrZMXDayhgAKN5Gu5IbrcAH0ykzskz9aczMGVr4Yv3F
wksTFQgqyLlATG/QHKbmSU2ubcsW2b/Go3kjd4+odsDjePBasw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:59 2024 by rpki-client on console-ams.rpki-client.org