Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/MHgnfzEZgRdEiw8bHwORj-YRFIE.roa
File: MHgnfzEZgRdEiw8bHwORj-YRFIE.roa (raw, json)
Hash identifier: UCv4MSo372g+jFlCGFSRsu0P4dCIN7hXdGVF8J3TNEM=
Subject key identifier: 30:78:27:7F:31:19:81:17:44:8B:0F:1B:1F:03:91:8F:E6:11:14:81
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 01893B608C78FDEDB8310B31CD7C5C3F7C56
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/MHgnfzEZgRdEiw8bHwORj-YRFIE.roa
Signing time: Sun 09 Jul 2023 15:58:50 +0000
ROA not before: Sun 09 Jul 2023 15:58:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44259
IP address blocks: 91.208.164.0/24 maxlen: 24
109.235.55.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:3b:60:8c:78:fd:ed:b8:31:0b:31:cd:7c:5c:3f:7c:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Jul 9 15:58:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3078277f31198117448b0f1b1f03918fe6111481
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:4a:6d:e9:29:72:f5:f8:05:87:14:65:2b:7a:
85:f9:53:d8:f0:29:87:1a:d8:8c:bc:25:3c:e0:10:
8b:44:ed:0b:4c:40:02:84:cc:dc:1a:ad:3e:af:04:
49:93:c2:20:b2:f2:b0:25:bc:69:f3:34:31:9f:aa:
59:b8:30:56:fe:3a:66:a7:78:36:a9:b3:73:0b:d8:
a3:bd:95:52:43:36:12:36:07:86:5d:61:e8:9c:49:
20:bb:a6:a6:ba:7d:29:15:24:72:58:94:9a:0e:51:
6a:e7:dc:4e:81:0d:f3:86:70:31:cb:31:ae:6d:be:
c5:30:f5:73:df:30:db:76:24:d5:eb:9b:ef:eb:db:
e4:62:32:6d:0c:a2:0a:bd:e4:d3:78:3c:5b:ad:c3:
08:99:5f:0a:a6:a7:bc:cb:4a:e4:f1:6f:66:44:7c:
0d:05:53:33:59:fb:ca:06:1a:07:be:f3:61:5f:1a:
7f:00:0d:7f:97:f5:54:4c:8d:36:29:7a:f3:90:5b:
59:1f:6c:79:92:bf:7b:44:f7:58:34:95:fb:84:5d:
68:cd:47:87:96:c7:23:06:40:4a:49:e7:47:22:d0:
15:9f:c3:9d:41:9c:91:18:93:e7:dd:cd:1e:63:5a:
73:83:d8:4b:ba:e4:81:60:8b:70:32:ab:e4:60:2e:
82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:78:27:7F:31:19:81:17:44:8B:0F:1B:1F:03:91:8F:E6:11:14:81
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/MHgnfzEZgRdEiw8bHwORj-YRFIE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.164.0/24
109.235.55.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:07:b8:19:4c:00:29:b2:35:5b:75:34:f8:9d:00:db:56:be:
87:7e:2d:43:da:2e:c6:78:ca:3c:61:fe:7c:11:bc:cf:8b:87:
f6:23:c9:dd:39:86:85:3b:2b:b6:85:8a:23:eb:9f:2c:18:9a:
0b:a7:19:47:2f:88:82:36:de:1f:ce:28:35:f4:5c:ed:30:5f:
a6:51:7a:7f:b3:6f:02:6c:11:b6:6a:ae:c6:af:b2:fc:2a:0e:
2e:30:a7:5e:5c:ac:1f:19:bb:23:7d:a6:ce:cf:5a:76:1e:f2:
86:88:45:9c:dc:89:0c:c4:3b:ad:11:46:ce:16:5e:22:a2:22:
0e:c8:9e:94:99:a2:e6:9e:49:13:5e:89:9f:02:11:96:3f:9d:
b3:59:d7:2f:f9:af:21:71:c4:82:06:9a:fe:dc:03:4c:f2:b1:
65:29:4b:a7:8a:ed:73:da:bb:37:20:12:47:55:ce:c1:7e:ac:
68:79:99:d3:26:48:36:81:3b:6e:30:00:e7:44:e9:da:07:0a:
96:81:25:91:a3:2f:97:57:72:90:0c:a2:06:a6:9e:64:c5:e8:
45:26:8f:75:11:80:b8:56:d1:29:9a:4b:86:80:8f:fa:c2:67:
36:f9:a3:6d:18:69:91:e0:c6:5f:da:30:e3:fd:36:10:1a:24:
06:13:d0:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYk7YIx4/e24MQsxzXxcP3xWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMwNzA5MTU1ODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc4Mjc3ZjMxMTk4MTE3NDQ4YjBmMWIxZjAzOTE4ZmU2MTExNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUpt6Sly9fgFhxRlK3qF+VPY8CmH
GtiMvCU84BCLRO0LTEAChMzcGq0+rwRJk8IgsvKwJbxp8zQxn6pZuDBW/jpmp3g2
qbNzC9ijvZVSQzYSNgeGXWHonEkgu6amun0pFSRyWJSaDlFq59xOgQ3zhnAxyzGu
bb7FMPVz3zDbdiTV65vv69vkYjJtDKIKveTTeDxbrcMImV8Kpqe8y0rk8W9mRHwN
BVMzWfvKBhoHvvNhXxp/AA1/l/VUTI02KXrzkFtZH2x5kr97RPdYNJX7hF1ozUeH
lscjBkBKSedHItAVn8OdQZyRGJPn3c0eY1pzg9hLuuSBYItwMqvkYC6CbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDB4J38xGYEXRIsPGx8DkY/mERSBMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvTUhnbmZ6RVpnUmRFaXc4Ykh3T1JqLVlSRklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9CkAwQA
bes3MA0GCSqGSIb3DQEBCwUAA4IBAQCrB7gZTAApsjVbdTT4nQDbVr6Hfi1D2i7G
eMo8Yf58EbzPi4f2I8ndOYaFOyu2hYoj658sGJoLpxlHL4iCNt4fzig19FztMF+m
UXp/s28CbBG2aq7Gr7L8Kg4uMKdeXKwfGbsjfabOz1p2HvKGiEWc3IkMxDutEUbO
Fl4ioiIOyJ6UmaLmnkkTXomfAhGWP52zWdcv+a8hccSCBpr+3ANM8rFlKUuniu1z
2rs3IBJHVc7BfqxoeZnTJkg2gTtuMADnROnaBwqWgSWRoy+XV3KQDKIGpp5kxehF
Jo91EYC4VtEpmkuGgI/6wmc2+aNtGGmR4MZf2jDj/TYQGiQGE9CZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:40 2024 by rpki-client on console-fra.rpki-client.org