Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/dQegjtwHI3SsbGrMXRBnjbYqfYY.roa
File: dQegjtwHI3SsbGrMXRBnjbYqfYY.roa (raw, json)
Hash identifier: SEcADpoTw7tvhl7ts4LcWzFZ63rtZiNhpNwrVLJyp0I=
Subject key identifier: 75:07:A0:8E:DC:07:23:74:AC:6C:6A:CC:5D:10:67:8D:B6:2A:7D:86
Certificate issuer: /CN=281a7f07be5c3138cb43c2c18b29aa5468544ba6
Certificate serial: 01863B126B0570CB01AA403FC52B4E12D978
Authority key identifier: 28:1A:7F:07:BE:5C:31:38:CB:43:C2:C1:8B:29:AA:54:68:54:4B:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KBp_B75cMTjLQ8LBiymqVGhUS6Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/dQegjtwHI3SsbGrMXRBnjbYqfYY.roa
Signing time: Fri 10 Feb 2023 11:25:08 +0000
ROA not before: Fri 10 Feb 2023 11:25:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20668
IP address blocks: 91.212.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:3b:12:6b:05:70:cb:01:aa:40:3f:c5:2b:4e:12:d9:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=281a7f07be5c3138cb43c2c18b29aa5468544ba6
Validity
Not Before: Feb 10 11:25:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7507a08edc072374ac6c6acc5d10678db62a7d86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:ea:1d:ac:88:47:7b:8d:df:f6:f0:78:d4:ce:
6c:bd:f9:28:44:be:c1:cd:cb:fe:ab:94:40:75:38:
70:21:cc:ff:e2:a0:39:d3:ff:0a:ee:f7:1c:1f:95:
a0:a5:e0:c4:40:66:77:95:a9:9e:c5:41:59:5f:39:
ff:08:7f:32:77:85:5d:bc:a0:c9:ad:75:22:28:ab:
b2:e1:4f:af:09:48:75:a1:bd:76:ae:3d:0b:9e:76:
ea:af:da:8d:59:1a:68:8d:7b:f9:35:f0:f4:f5:3a:
93:25:92:38:69:7a:90:1d:56:29:ae:a1:7a:3a:82:
fe:3d:44:be:26:46:ab:4c:e4:01:fa:31:11:65:9e:
dd:3f:49:e1:a7:8a:8f:09:83:db:6b:70:a9:fa:7b:
6a:5d:bb:30:b2:b3:18:fe:82:40:0e:16:f4:89:2f:
fa:2c:4f:48:5d:0c:57:e9:25:47:6c:a0:f0:92:95:
db:89:dd:62:94:49:19:af:62:82:d6:4e:9f:fb:c8:
5c:62:08:04:80:c1:b3:ec:89:5d:e1:aa:06:ae:fe:
eb:28:fc:9d:93:6e:c3:8d:9b:9b:05:79:0b:67:0e:
bb:8a:8b:20:75:b3:03:cd:78:0c:7d:bd:94:04:32:
2a:20:3b:ac:68:7c:b9:8c:04:f7:aa:7a:5a:6e:9a:
18:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:07:A0:8E:DC:07:23:74:AC:6C:6A:CC:5D:10:67:8D:B6:2A:7D:86
X509v3 Authority Key Identifier:
keyid:28:1A:7F:07:BE:5C:31:38:CB:43:C2:C1:8B:29:AA:54:68:54:4B:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBp_B75cMTjLQ8LBiymqVGhUS6Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/dQegjtwHI3SsbGrMXRBnjbYqfYY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aca44e-8449-471f-8ebd-52ccf65bd67b/1/KBp_B75cMTjLQ8LBiymqVGhUS6Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.212.74.0/24
Signature Algorithm: sha256WithRSAEncryption
ca:ca:05:78:8e:51:99:aa:df:f8:b5:e3:3e:42:af:d6:bd:a8:
05:dd:6e:bf:68:2b:59:54:fd:5a:eb:99:e4:95:cf:42:64:99:
40:f4:20:49:3f:fd:c3:43:c1:03:3b:77:aa:ef:5b:6d:dd:47:
49:86:42:02:d2:be:b9:1e:27:ed:ca:f0:dd:59:92:c8:c2:94:
91:30:c0:26:a2:ab:d2:83:60:7b:56:9d:20:d9:fd:fc:04:43:
4b:ad:87:31:f1:89:d9:6f:74:1d:13:19:19:2d:96:81:9e:9b:
51:3b:d8:84:e0:f7:26:6a:8e:93:f9:74:11:c9:3d:2f:a3:22:
07:3c:5e:9a:bc:79:8c:6b:84:b2:8f:23:be:67:8a:e3:9a:71:
8e:f1:5a:07:53:70:68:62:08:46:47:cd:59:d7:73:1b:b7:d9:
4a:88:23:89:2a:cf:65:2f:1b:a2:30:38:ae:2f:47:f9:af:ef:
b1:78:67:d7:b2:83:d3:73:68:50:e1:43:5a:71:19:43:41:8b:
d4:f8:2f:21:f6:8d:5b:ba:e0:8d:49:9f:70:54:d8:dc:b8:4c:
ea:29:f8:d3:6b:29:e1:1b:89:d0:3b:32:d3:be:a2:12:29:73:
7b:d8:7c:26:ce:6f:27:1f:26:d8:97:ba:de:d2:ea:9b:de:60:
b2:e6:62:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYY7EmsFcMsBqkA/xStOEtl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MWE3ZjA3YmU1YzMxMzhjYjQzYzJjMThiMjlhYTU0Njg1
NDRiYTYwHhcNMjMwMjEwMTEyNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA3YTA4ZWRjMDcyMzc0YWM2YzZhY2M1ZDEwNjc4ZGI2MmE3ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOodrIhHe43f9vB41M5svfkoRL7B
zcv+q5RAdThwIcz/4qA50/8K7vccH5WgpeDEQGZ3lamexUFZXzn/CH8yd4VdvKDJ
rXUiKKuy4U+vCUh1ob12rj0Lnnbqr9qNWRpojXv5NfD09TqTJZI4aXqQHVYprqF6
OoL+PUS+JkarTOQB+jERZZ7dP0nhp4qPCYPba3Cp+ntqXbswsrMY/oJADhb0iS/6
LE9IXQxX6SVHbKDwkpXbid1ilEkZr2KC1k6f+8hcYggEgMGz7Ild4aoGrv7rKPyd
k27DjZubBXkLZw67iosgdbMDzXgMfb2UBDIqIDusaHy5jAT3qnpabpoYiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUHoI7cByN0rGxqzF0QZ422Kn2GMB8GA1UdIwQY
MBaAFCgafwe+XDE4y0PCwYspqlRoVEumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JwX0I3NWNNVGpMUThMQml5bXFWR2hVUzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hY2E0NGUtODQ0OS00NzFmLThlYmQt
NTJjY2Y2NWJkNjdiLzEvZFFlZ2p0d0hJM1NzYkdyTVhSQm5qYllxZllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hY2E0NGUtODQ0OS00NzFmLThlYmQtNTJjY2Y2NWJkNjdi
LzEvS0JwX0I3NWNNVGpMUThMQml5bXFWR2hVUzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RKMA0G
CSqGSIb3DQEBCwUAA4IBAQDKygV4jlGZqt/4teM+Qq/WvagF3W6/aCtZVP1a65nk
lc9CZJlA9CBJP/3DQ8EDO3eq71tt3UdJhkIC0r65HiftyvDdWZLIwpSRMMAmoqvS
g2B7Vp0g2f38BENLrYcx8YnZb3QdExkZLZaBnptRO9iE4Pcmao6T+XQRyT0voyIH
PF6avHmMa4SyjyO+Z4rjmnGO8VoHU3BoYghGR81Z13Mbt9lKiCOJKs9lLxuiMDiu
L0f5r++xeGfXsoPTc2hQ4UNacRlDQYvU+C8h9o1buuCNSZ9wVNjcuEzqKfjTaynh
G4nQOzLTvqISKXN72Hwmzm8nHybYl7re0uqb3mCy5mK4
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:46 2025 by rpki-client