Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa
File: kJ_VT3GO0udL_NSsShskecrS4Ec.roa (raw, json)
Hash identifier: BSY3r9bbMLSjXXQww1EavF3FXrgtQUS1ZSpqcJZUVE8=
Subject key identifier: 90:9F:D5:4F:71:8E:D2:E7:4B:FC:D4:AC:4A:1B:24:79:CA:D2:E0:47
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018570028C0FE467F4DDEDA91A778615E197
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa
Signing time: Mon 02 Jan 2023 01:04:53 +0000
ROA not before: Mon 02 Jan 2023 01:04:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20473
IP address blocks: 91.243.177.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:02:8c:0f:e4:67:f4:dd:ed:a9:1a:77:86:15:e1:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 2 01:04:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=909fd54f718ed2e74bfcd4ac4a1b2479cad2e047
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f1:06:5b:45:78:1e:b1:3f:d2:54:5c:15:e3:
df:5e:b2:d2:74:ad:e7:5a:c3:98:f7:7c:0f:05:9d:
35:bc:80:f8:43:77:bc:07:68:33:a3:28:4b:38:92:
78:4d:2f:bd:97:c5:d3:ae:d9:03:d9:ae:cb:ad:34:
81:2d:cc:c2:48:3e:24:a4:f9:5b:72:44:56:55:c1:
7c:27:56:27:50:f0:d5:a0:2d:32:e2:c4:11:7c:15:
d3:00:39:59:4d:03:5f:9a:6a:99:6c:b6:88:8c:51:
03:55:8f:27:43:f9:bb:b0:1e:27:12:17:cc:8c:bf:
0b:4b:a7:b3:47:cd:b3:7a:b3:ed:11:db:58:a3:9c:
0a:27:b0:91:1d:7f:a3:5b:54:09:af:75:af:48:08:
e6:75:0c:7a:4d:8c:4e:10:16:36:bb:c4:40:57:6c:
b3:4c:90:d6:bc:80:7c:cb:4e:db:f2:af:0d:78:17:
2b:ab:4e:98:2b:27:b9:23:f0:7c:a7:98:fb:de:e5:
fe:50:69:40:7d:f0:2a:c1:cd:bb:9b:4f:16:51:ed:
ed:ff:2d:f4:99:59:20:74:55:4d:67:ff:f7:0c:1e:
f6:09:63:c6:72:af:9f:dc:eb:1d:bc:56:8e:20:de:
3f:a2:cc:ba:9b:c1:a8:dc:7b:b9:57:5d:2f:1f:20:
0c:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:9F:D5:4F:71:8E:D2:E7:4B:FC:D4:AC:4A:1B:24:79:CA:D2:E0:47
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.177.0/24
Signature Algorithm: sha256WithRSAEncryption
27:d4:16:55:93:8e:42:48:e1:62:63:3e:38:47:a9:6d:53:1c:
87:f6:da:10:90:d5:a8:8d:e6:9f:89:49:2d:75:52:ec:44:14:
bc:00:37:5e:b6:ac:c0:20:d9:4e:77:e4:db:02:23:d8:05:48:
77:fd:37:04:28:61:06:ba:c6:25:37:a2:ff:57:7e:46:95:f8:
20:78:6c:c9:de:57:6c:91:1b:0f:99:ed:39:7f:d3:8f:72:23:
1a:86:76:28:6a:ee:1a:f4:d4:0c:e2:7b:0d:0e:81:95:05:44:
ae:6c:76:cc:b3:4c:f1:8c:46:a2:eb:67:72:60:d8:54:57:85:
60:58:47:48:42:27:d7:b5:ac:a6:03:02:58:f4:8f:4f:9c:11:
a8:72:57:fc:28:2e:ad:94:82:cb:62:e5:3a:8a:a0:0f:60:d7:
ff:3f:5e:5c:c6:54:3b:ee:1b:a9:21:a8:e5:60:00:62:cf:4f:
96:85:32:8a:23:1d:3c:b0:5f:90:bd:64:de:84:79:47:90:2c:
7e:23:7c:ad:8b:6a:2c:a9:2e:5d:78:8d:20:97:1f:c6:21:b6:
a5:52:33:07:0f:06:97:89:df:1b:92:9e:40:9d:ca:45:e6:9d:
9d:f1:4b:ec:47:62:eb:da:de:00:95:95:b3:2d:d7:8a:bb:1d:
43:1c:d3:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwAowP5Gf03e2pGneGFeGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwMTAyMDEwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDlmZDU0ZjcxOGVkMmU3NGJmY2Q0YWM0YTFiMjQ3OWNhZDJlMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfEGW0V4HrE/0lRcFePfXrLSdK3n
WsOY93wPBZ01vID4Q3e8B2gzoyhLOJJ4TS+9l8XTrtkD2a7LrTSBLczCSD4kpPlb
ckRWVcF8J1YnUPDVoC0y4sQRfBXTADlZTQNfmmqZbLaIjFEDVY8nQ/m7sB4nEhfM
jL8LS6ezR82zerPtEdtYo5wKJ7CRHX+jW1QJr3WvSAjmdQx6TYxOEBY2u8RAV2yz
TJDWvIB8y07b8q8NeBcrq06YKye5I/B8p5j73uX+UGlAffAqwc27m08WUe3t/y30
mVkgdFVNZ//3DB72CWPGcq+f3OsdvFaOIN4/osy6m8Go3Hu5V10vHyAMxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCf1U9xjtLnS/zUrEobJHnK0uBHMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEva0pfVlQzR08wdWRMX05Tc1Noc2tlY3JTNEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/OxMA0G
CSqGSIb3DQEBCwUAA4IBAQAn1BZVk45CSOFiYz44R6ltUxyH9toQkNWojeafiUkt
dVLsRBS8ADdetqzAINlOd+TbAiPYBUh3/TcEKGEGusYlN6L/V35GlfggeGzJ3lds
kRsPme05f9OPciMahnYoau4a9NQM4nsNDoGVBUSubHbMs0zxjEai62dyYNhUV4Vg
WEdIQifXtaymAwJY9I9PnBGoclf8KC6tlILLYuU6iqAPYNf/P15cxlQ77hupIajl
YABiz0+WhTKKIx08sF+QvWTehHlHkCx+I3yti2osqS5deI0glx/GIbalUjMHDwaX
id8bkp5AncpF5p2d8UvsR2Lr2t4AlZWzLdeKux1DHNMt
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:53:07 2025 by rpki-client