Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/fJNYm2yEXqTCn3BC9WgNaHqhdRg.roa
File: fJNYm2yEXqTCn3BC9WgNaHqhdRg.roa (raw, json)
Hash identifier: w/UwMSBrdU9ixAfI9FB3TZ+y1nqGKrNJilqAkYuEI18=
Subject key identifier: 7C:93:58:9B:6C:84:5E:A4:C2:9F:70:42:F5:68:0D:68:7A:A1:75:18
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 0185700290F6459823CB9EC240ED1893A5CB
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/fJNYm2yEXqTCn3BC9WgNaHqhdRg.roa
Signing time: Mon 02 Jan 2023 01:04:54 +0000
ROA not before: Mon 02 Jan 2023 01:04:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 63023
IP address blocks: 91.243.179.0/24 maxlen: 24
195.242.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:02:90:f6:45:98:23:cb:9e:c2:40:ed:18:93:a5:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 2 01:04:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7c93589b6c845ea4c29f7042f5680d687aa17518
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:72:ea:be:54:39:56:4f:12:76:71:52:a7:7f:
70:c1:a2:dd:6a:16:e5:d0:88:bf:a6:c0:f3:2e:7d:
bd:47:4d:3c:52:54:fa:26:44:d0:ee:06:e2:7a:f5:
56:18:c8:f0:b4:52:90:aa:e5:44:40:79:3d:2a:84:
ee:9a:1d:0a:eb:4d:72:ef:d8:a3:78:1e:9f:22:67:
53:5a:5d:b0:61:e2:d3:71:83:e2:12:42:35:59:16:
1c:5f:69:9c:1a:15:86:2c:62:72:cb:ab:cc:5a:fd:
f9:fa:a3:30:ee:03:23:a9:fd:19:96:8d:0c:b4:1c:
bb:80:7c:48:12:13:f8:ef:68:97:4b:9c:f9:cd:24:
a8:6c:c5:d8:5a:63:c7:80:98:7c:d3:53:f9:09:82:
3d:ab:d5:12:fa:98:29:74:a7:85:89:64:ff:3b:5f:
09:46:6b:b4:27:8c:b0:cc:e7:00:e1:64:08:31:a4:
ed:b7:99:5c:42:eb:94:a8:19:a5:e7:d2:20:72:3e:
11:e6:2f:20:ff:f3:ff:ac:bc:27:a0:03:be:49:98:
af:22:02:a1:29:ed:9c:ef:f0:bc:4d:a1:2a:d3:12:
0f:bb:5c:19:a5:85:d8:2c:62:7c:16:1e:5b:c0:37:
d1:de:50:e2:26:03:bf:16:fa:ee:59:3e:86:6d:81:
fd:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:93:58:9B:6C:84:5E:A4:C2:9F:70:42:F5:68:0D:68:7A:A1:75:18
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/fJNYm2yEXqTCn3BC9WgNaHqhdRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.179.0/24
195.242.242.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:6c:0c:e8:cc:82:cf:1e:0a:14:24:a6:d6:59:37:e2:55:55:
19:1d:cb:99:de:d3:82:a8:16:ef:2e:e0:8a:d5:09:0d:f8:7a:
ef:b3:b2:3b:a1:5a:0d:37:1e:e7:3f:3b:87:8f:6e:2f:a3:ca:
cf:66:9c:c5:20:06:21:79:61:05:f1:1e:6a:07:e7:2c:9e:ec:
78:23:f9:e4:e2:f2:91:0d:97:4a:c5:a3:59:f2:7d:2e:84:d1:
5a:69:05:3a:0d:99:c2:f9:5d:c0:b1:e8:d0:fa:83:b4:95:bb:
2c:56:c4:40:3c:0b:7e:59:a8:7c:ad:0f:b6:31:47:76:4d:70:
c2:4d:54:dd:93:94:00:ad:02:ec:ee:8f:23:1b:61:b6:57:9f:
79:6e:7f:e1:a1:dd:32:c6:77:b6:a0:6d:7c:15:a4:85:37:3c:
8d:59:c0:7d:56:a9:a1:4c:31:be:6f:b6:33:74:75:ea:11:05:
83:9b:ad:f0:7c:60:91:5b:70:8e:c0:1a:a7:60:89:c0:68:10:
8c:4c:38:be:0c:bc:90:77:7f:68:20:3b:ba:db:29:dd:bb:1a:
80:28:96:98:b8:fc:e9:3b:98:dd:a8:0c:b7:b5:7f:0e:88:52:
31:6e:bc:86:91:88:6b:42:b8:38:e1:0d:b2:57:50:d0:49:a2:
8e:72:1c:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwApD2RZgjy57CQO0Yk6XLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwMTAyMDEwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzkzNTg5YjZjODQ1ZWE0YzI5ZjcwNDJmNTY4MGQ2ODdhYTE3NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnLqvlQ5Vk8SdnFSp39wwaLdahbl
0Ii/psDzLn29R008UlT6JkTQ7gbievVWGMjwtFKQquVEQHk9KoTumh0K601y79ij
eB6fImdTWl2wYeLTcYPiEkI1WRYcX2mcGhWGLGJyy6vMWv35+qMw7gMjqf0Zlo0M
tBy7gHxIEhP472iXS5z5zSSobMXYWmPHgJh801P5CYI9q9US+pgpdKeFiWT/O18J
Rmu0J4ywzOcA4WQIMaTtt5lcQuuUqBml59Igcj4R5i8g//P/rLwnoAO+SZivIgKh
Ke2c7/C8TaEq0xIPu1wZpYXYLGJ8Fh5bwDfR3lDiJgO/FvruWT6GbYH9jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyTWJtshF6kwp9wQvVoDWh6oXUYMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvZkpOWW0yeUVYcVRDbjNCQzlXZ05hSHFoZFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/OzAwQA
w/LyMA0GCSqGSIb3DQEBCwUAA4IBAQA6bAzozILPHgoUJKbWWTfiVVUZHcuZ3tOC
qBbvLuCK1QkN+Hrvs7I7oVoNNx7nPzuHj24vo8rPZpzFIAYheWEF8R5qB+csnux4
I/nk4vKRDZdKxaNZ8n0uhNFaaQU6DZnC+V3AsejQ+oO0lbssVsRAPAt+Wah8rQ+2
MUd2TXDCTVTdk5QArQLs7o8jG2G2V595bn/hod0yxne2oG18FaSFNzyNWcB9Vqmh
TDG+b7YzdHXqEQWDm63wfGCRW3COwBqnYInAaBCMTDi+DLyQd39oIDu62ynduxqA
KJaYuPzpO5jdqAy3tX8OiFIxbryGkYhrQrg44Q2yV1DQSaKOchyL
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:22 2025 by rpki-client