Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa
File: XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa (raw, json)
Hash identifier: D68XlNj2mdySEYDrG+BPbqyqwQFh13I4bxYHFK+QOLQ=
Subject key identifier: 5D:49:B1:B3:80:E1:03:32:CD:06:E2:C6:CD:45:44:5C:DE:86:75:7A
Certificate issuer: /CN=ed2fa686d18c8020afc6adf55afdbe660dbaac15
Certificate serial: 018CC794C23B62E8E1C5E8AF242A2D374151
Authority key identifier: ED:2F:A6:86:D1:8C:80:20:AF:C6:AD:F5:5A:FD:BE:66:0D:BA:AC:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7S-mhtGMgCCvxq31Wv2-Zg26rBU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa
Signing time: Tue 02 Jan 2024 00:31:04 +0000
ROA not before: Tue 02 Jan 2024 00:31:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212870
IP address blocks: 212.104.212.0/22 maxlen: 22
91.198.188.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:c2:3b:62:e8:e1:c5:e8:af:24:2a:2d:37:41:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed2fa686d18c8020afc6adf55afdbe660dbaac15
Validity
Not Before: Jan 2 00:31:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d49b1b380e10332cd06e2c6cd45445cde86757a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:8b:03:65:45:3d:cc:d5:ff:8a:05:62:0f:40:
aa:41:51:b8:5b:0d:ad:14:6f:b5:c4:5e:2d:65:3b:
77:bf:a5:86:cf:50:ad:88:1c:6c:4e:92:f9:19:4a:
4a:f0:5a:91:c7:36:0d:f9:a2:64:4d:22:dc:01:0a:
5f:7e:65:45:71:80:17:37:84:90:1d:3c:06:ec:b1:
76:7d:15:01:05:18:e4:1b:6b:71:f4:f1:b3:85:06:
33:12:3f:ce:ae:63:3c:7c:9d:52:8b:e7:ec:68:b9:
da:b7:93:1a:26:7d:cc:6d:66:5c:5b:3e:4c:ac:a2:
c3:e6:8a:b5:34:ee:26:0f:bd:63:6d:86:3b:f7:b0:
77:c8:c8:fc:3e:ff:1b:8e:bc:39:35:66:be:7f:56:
eb:58:4e:72:9f:ab:0f:db:21:94:ca:81:23:5c:ab:
5d:67:9e:b0:b8:dc:7d:1d:49:cd:8a:4d:1c:87:37:
e8:fd:81:49:4e:56:66:85:cf:6d:f3:60:8f:60:40:
47:58:73:2b:37:64:d9:23:3d:67:0a:d2:cf:52:1b:
00:ea:eb:bf:b5:11:7d:e8:5d:ff:99:cb:60:59:16:
d9:16:ff:54:b0:75:c1:70:19:b0:b3:59:e5:0b:2c:
64:c4:5f:d8:5f:6a:94:a6:79:31:8b:0b:0a:79:94:
21:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:49:B1:B3:80:E1:03:32:CD:06:E2:C6:CD:45:44:5C:DE:86:75:7A
X509v3 Authority Key Identifier:
keyid:ED:2F:A6:86:D1:8C:80:20:AF:C6:AD:F5:5A:FD:BE:66:0D:BA:AC:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7S-mhtGMgCCvxq31Wv2-Zg26rBU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/7S-mhtGMgCCvxq31Wv2-Zg26rBU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.188.0/24
212.104.212.0/22
Signature Algorithm: sha256WithRSAEncryption
87:88:cd:3d:47:71:01:ae:7f:64:c0:22:d6:91:f8:63:29:7e:
4d:64:ea:cc:97:3e:9c:14:3d:43:ab:42:c8:32:cd:20:77:3c:
de:b2:f4:ec:2e:b7:a5:0d:47:a1:6c:e3:81:4b:5c:b3:df:01:
88:16:89:df:0e:5d:89:88:b9:c2:5a:84:1a:6d:89:79:b2:af:
b3:fe:64:a0:5f:35:26:68:2f:4a:cc:6b:0d:b7:2c:5f:2d:74:
67:30:11:12:01:93:be:fb:8c:50:b5:f1:37:36:eb:05:e1:70:
e0:d8:fd:bc:bb:fc:87:25:ad:cd:01:fa:ee:58:ee:a3:cf:41:
9f:4c:52:45:db:18:0f:56:0b:f5:08:bc:0a:ed:df:c3:f8:df:
bf:a1:f5:a1:e2:c6:46:73:f9:66:01:9e:c3:4d:cd:03:41:51:
5a:00:16:1f:9a:b2:26:d0:5b:da:da:a3:dc:79:c9:a1:c5:0a:
74:3a:da:ee:0d:fc:9d:e8:69:64:b1:3e:d7:3b:ea:4e:9c:28:
40:4b:ee:6a:e2:ab:3c:3f:a5:33:2b:8a:ee:af:48:98:70:a9:
1a:77:a3:24:8f:65:16:72:e0:20:30:23:cf:65:62:43:91:c3:
dc:6e:17:9f:fb:14:c2:67:23:b3:ed:ad:7c:90:50:9e:76:09:
fa:37:54:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlMI7YujhxeivJCotN0FRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMmZhNjg2ZDE4YzgwMjBhZmM2YWRmNTVhZmRiZTY2MGRi
YWFjMTUwHhcNMjQwMTAyMDAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQ5YjFiMzgwZTEwMzMyY2QwNmUyYzZjZDQ1NDQ1Y2RlODY3NTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIsDZUU9zNX/igViD0CqQVG4Ww2t
FG+1xF4tZTt3v6WGz1CtiBxsTpL5GUpK8FqRxzYN+aJkTSLcAQpffmVFcYAXN4SQ
HTwG7LF2fRUBBRjkG2tx9PGzhQYzEj/OrmM8fJ1Si+fsaLnat5MaJn3MbWZcWz5M
rKLD5oq1NO4mD71jbYY797B3yMj8Pv8bjrw5NWa+f1brWE5yn6sP2yGUyoEjXKtd
Z56wuNx9HUnNik0chzfo/YFJTlZmhc9t82CPYEBHWHMrN2TZIz1nCtLPUhsA6uu/
tRF96F3/mctgWRbZFv9UsHXBcBmws1nlCyxkxF/YX2qUpnkxiwsKeZQh9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF1JsbOA4QMyzQbixs1FRFzehnV6MB8GA1UdIwQY
MBaAFO0vpobRjIAgr8at9Vr9vmYNuqwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1MtbWh0R01nQ0N2eHEzMVd2Mi1aZzI2ckJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kNzhmYzUtYmYzZS00Njg2LThkODUt
YzMzZjhhMjExMjJjLzEvWFVteHM0RGhBekxOQnVMR3pVVkVYTjZHZFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kNzhmYzUtYmYzZS00Njg2LThkODUtYzMzZjhhMjExMjJj
LzEvN1MtbWh0R01nQ0N2eHEzMVd2Mi1aZzI2ckJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8a8AwQC
1GjUMA0GCSqGSIb3DQEBCwUAA4IBAQCHiM09R3EBrn9kwCLWkfhjKX5NZOrMlz6c
FD1Dq0LIMs0gdzzesvTsLrelDUehbOOBS1yz3wGIFonfDl2JiLnCWoQabYl5sq+z
/mSgXzUmaC9KzGsNtyxfLXRnMBESAZO++4xQtfE3NusF4XDg2P28u/yHJa3NAfru
WO6jz0GfTFJF2xgPVgv1CLwK7d/D+N+/ofWh4sZGc/lmAZ7DTc0DQVFaABYfmrIm
0Fva2qPcecmhxQp0OtruDfyd6GlksT7XO+pOnChAS+5q4qs8P6UzK4rur0iYcKka
d6Mkj2UWcuAgMCPPZWJDkcPcbhef+xTCZyOz7a18kFCedgn6N1Rs
-----END CERTIFICATE-----
Generated at Wed Oct 2 12:47:48 2024 by rpki-client on console-fra.rpki-client.org