Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/KJWmhI-sVZvBO2z08ycxrkRa51o.roa
File: KJWmhI-sVZvBO2z08ycxrkRa51o.roa (raw, json)
Hash identifier: ZQ4BdRm/LiDL8p5yZZihUodjrvqpgNj8SgfZLfAvOtk=
Subject key identifier: 28:95:A6:84:8F:AC:55:9B:C1:3B:6C:F4:F3:27:31:AE:44:5A:E7:5A
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 018CC6B8147F97A1A3B7C8DB6D91F7B6E77C
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/KJWmhI-sVZvBO2z08ycxrkRa51o.roa
Signing time: Mon 01 Jan 2024 20:30:01 +0000
ROA not before: Mon 01 Jan 2024 20:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39554
IP address blocks: 90.184.0.0/15 maxlen: 15
2a02:980::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:14:7f:97:a1:a3:b7:c8:db:6d:91:f7:b6:e7:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Jan 1 20:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2895a6848fac559bc13b6cf4f32731ae445ae75a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:da:04:36:45:b6:ee:b2:7e:44:64:9c:2f:02:
64:c7:79:a0:b9:58:05:59:17:4f:c6:51:ff:83:d0:
02:69:5e:0f:41:3c:85:de:d5:d6:36:f2:a3:9c:ca:
17:5f:8e:76:f6:e2:22:90:69:e1:53:f3:a8:07:07:
51:a6:ac:e2:b5:53:35:cf:1a:f9:60:55:11:79:85:
b9:c6:ec:38:e5:5b:c3:fe:40:98:d7:5a:f9:8e:6e:
0a:13:6c:3c:6e:7c:f9:14:db:5c:21:c3:cc:6e:db:
8f:f8:59:86:6c:2b:15:e0:e1:12:a8:ba:4e:29:22:
83:83:8b:a0:71:9c:69:88:6c:4f:4f:b5:e3:c2:68:
5a:74:1e:bd:95:44:7d:86:d9:90:40:72:c1:6e:ef:
bd:12:04:40:21:ec:c7:6f:1b:96:a6:d6:aa:8c:6b:
fe:07:d8:fc:0c:9b:26:c2:cd:a9:a5:58:07:4b:91:
19:64:32:99:ee:fd:f4:b3:e6:b9:34:fc:b2:a5:b4:
aa:b6:4c:53:af:64:58:92:a8:59:3a:06:68:5b:f5:
3b:0a:0a:59:d5:cc:16:cc:dc:5d:72:62:83:d9:4a:
46:8c:d0:f3:02:55:6c:c0:fd:d0:ed:1f:df:d7:59:
3e:b2:8d:7f:d7:97:ec:b2:32:d3:ca:0d:64:43:01:
ea:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:95:A6:84:8F:AC:55:9B:C1:3B:6C:F4:F3:27:31:AE:44:5A:E7:5A
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/KJWmhI-sVZvBO2z08ycxrkRa51o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.184.0.0/15
IPv6:
2a02:980::/32
Signature Algorithm: sha256WithRSAEncryption
19:11:41:e9:34:aa:72:83:35:5a:0b:64:68:c7:1b:20:fd:82:
28:ed:24:09:6d:5b:15:3e:c3:e9:c4:9b:95:7d:0f:6c:c2:a9:
d6:ba:0b:e7:27:d1:c0:b1:5a:3f:70:ef:7e:1d:33:1a:fa:a6:
de:8d:fe:01:e9:9d:2c:79:81:5f:5a:73:78:b5:66:f7:e0:58:
f5:ed:ac:d6:a8:c8:bd:05:c8:ee:c5:db:8b:93:bd:af:b1:f4:
93:aa:f5:af:a4:b8:9f:91:a7:6c:51:41:34:45:71:a8:8c:3b:
cd:00:71:aa:d6:a1:8d:5f:ce:6a:cb:7a:2f:fc:d8:e4:3e:30:
56:5b:64:f0:1b:65:f5:ab:99:26:65:36:d7:9e:4a:9a:2b:a0:
e9:c3:5f:1b:79:09:2e:96:23:52:5c:5d:57:ba:4f:58:f3:24:
3a:08:e5:b4:6e:42:90:33:a5:73:3e:59:58:a8:bd:02:cb:70:
7c:5c:c5:64:38:38:5d:d7:a6:33:0b:1b:82:b3:94:79:02:75:
a5:e9:b8:ec:29:08:9d:3e:70:a9:62:29:ec:24:5a:31:8c:2e:
42:0f:6d:e9:9f:96:e9:11:cc:af:d9:91:55:ff:cc:3d:d2:e9:
a2:0b:16:60:a4:48:e6:10:52:27:6c:e2:95:5a:0d:be:3c:06:
8b:87:9b:14
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuBR/l6Gjt8jbbZH3tud8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk1YTY4NDhmYWM1NTliYzEzYjZjZjRmMzI3MzFhZTQ0NWFlNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdoENkW27rJ+RGScLwJkx3mguVgF
WRdPxlH/g9ACaV4PQTyF3tXWNvKjnMoXX4529uIikGnhU/OoBwdRpqzitVM1zxr5
YFUReYW5xuw45VvD/kCY11r5jm4KE2w8bnz5FNtcIcPMbtuP+FmGbCsV4OESqLpO
KSKDg4ugcZxpiGxPT7XjwmhadB69lUR9htmQQHLBbu+9EgRAIezHbxuWptaqjGv+
B9j8DJsmws2ppVgHS5EZZDKZ7v30s+a5NPyypbSqtkxTr2RYkqhZOgZoW/U7CgpZ
1cwWzNxdcmKD2UpGjNDzAlVswP3Q7R/f11k+so1/15fssjLTyg1kQwHqRQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCiVpoSPrFWbwTts9PMnMa5EWudaMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvS0pXbWhJLXNWWnZCTzJ6MDh5Y3hya1JhNTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMBWrgwDQQC
AAIwBwMFACoCCYAwDQYJKoZIhvcNAQELBQADggEBABkRQek0qnKDNVoLZGjHGyD9
gijtJAltWxU+w+nEm5V9D2zCqda6C+cn0cCxWj9w734dMxr6pt6N/gHpnSx5gV9a
c3i1ZvfgWPXtrNaoyL0FyO7F24uTva+x9JOq9a+kuJ+Rp2xRQTRFcaiMO80AcarW
oY1fzmrLei/82OQ+MFZbZPAbZfWrmSZlNteeSporoOnDXxt5CS6WI1JcXVe6T1jz
JDoI5bRuQpAzpXM+WViovQLLcHxcxWQ4OF3XpjMLG4KzlHkCdaXpuOwpCJ0+cKli
KewkWjGMLkIPbemflukRzK/ZkVX/zD3S6aILFmCkSOYQUids4pVaDb48BouHmxQ=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:31 2025 by rpki-client