Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/O6rjgBp5WOl-frqFlfhNQjeShPs.roa
File: O6rjgBp5WOl-frqFlfhNQjeShPs.roa (raw, json)
Hash identifier: 6gzSA4YjyWmOLA1sH1VHNqBwdRWwEWH8Z7ryGnsFSQk=
Subject key identifier: 3B:AA:E3:80:1A:79:58:E9:7E:7E:BA:85:95:F8:4D:42:37:92:84:FB
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 01857230FD5B4D014D21A53A086A5B05576E
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/O6rjgBp5WOl-frqFlfhNQjeShPs.roa
Signing time: Mon 02 Jan 2023 11:14:51 +0000
ROA not before: Mon 02 Jan 2023 11:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58061
IP address blocks: 45.11.213.0/24 maxlen: 24
31.40.250.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:30:fd:5b:4d:01:4d:21:a5:3a:08:6a:5b:05:57:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 2 11:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3baae3801a7958e97e7eba8595f84d42379284fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:51:68:cc:b6:78:18:c6:7c:5c:e1:d0:4a:40:
aa:d7:1a:eb:15:d1:20:fa:b6:bc:2d:21:a8:8e:f6:
76:fa:b2:a5:f1:e9:f2:0b:0a:9a:8a:8c:5c:f7:11:
64:cd:11:98:b7:b5:55:dc:0e:98:6d:85:3c:cd:5a:
16:5f:50:de:4d:83:fb:4b:25:6e:a2:cf:a2:1a:05:
a2:0c:86:c9:c8:79:43:49:45:9b:fc:4c:b6:b5:44:
eb:db:bf:31:44:f4:83:e5:98:49:c3:2b:2d:5b:26:
7f:59:fc:45:af:2a:9a:d2:91:4a:6d:c5:cf:9c:b8:
a5:05:0c:f4:fa:c2:b3:21:c5:83:de:67:93:18:87:
7f:6e:8c:38:88:70:6b:3c:35:13:a3:d8:29:1b:eb:
68:ea:27:fb:0d:5a:c9:68:0b:28:39:f6:9f:da:04:
82:ab:05:9e:3d:3b:3e:a6:eb:f7:b7:a8:d5:6d:20:
45:3a:a1:8d:3b:6d:38:a3:5e:1f:51:a1:35:73:99:
68:5d:7b:18:3e:9e:c0:78:ca:66:67:5f:4d:65:97:
4d:a1:e4:a5:f7:6d:fb:3c:f5:f4:ae:fe:f9:2e:06:
63:e4:de:6a:0b:4e:ba:5e:31:2e:9c:9f:fb:7e:ad:
32:97:8b:de:a8:c2:5b:ac:74:3e:2f:74:20:40:66:
1e:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:AA:E3:80:1A:79:58:E9:7E:7E:BA:85:95:F8:4D:42:37:92:84:FB
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/O6rjgBp5WOl-frqFlfhNQjeShPs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.40.250.0/24
45.11.213.0/24
Signature Algorithm: sha256WithRSAEncryption
64:b3:fe:cd:57:d3:9f:85:ed:5e:e7:29:3e:e0:93:93:3b:1c:
e8:db:ef:14:a1:ed:cb:1b:4e:c0:65:00:bc:2c:ad:ec:2f:26:
1a:28:8c:75:3e:87:73:e2:84:78:b6:f0:23:6d:10:f9:20:76:
81:6f:32:4f:b0:89:2a:dc:83:e2:42:74:90:db:17:0d:c8:ac:
b8:38:37:10:78:a8:3f:e4:fc:ec:5c:99:48:64:d7:ac:ec:35:
d6:86:66:5b:12:e7:4f:10:cd:ec:09:b3:1f:bc:49:30:5a:b6:
bb:70:2d:9a:e3:fd:69:78:ee:e0:b9:fc:85:6a:17:63:83:ab:
7a:f5:48:b9:80:ad:91:ef:76:9f:85:17:bd:fc:84:30:0f:eb:
0c:85:ea:61:72:51:99:70:bc:60:4c:c7:42:22:5a:c8:a7:6a:
3e:49:c0:78:ab:8c:27:23:7a:cd:ca:71:67:77:83:9f:1a:a1:
5c:12:9c:1b:b5:f8:3b:ae:2d:fd:df:b4:89:2c:07:0e:5f:59:
b7:fd:10:70:2b:60:db:58:47:72:5c:1d:6c:45:73:76:0d:56:
c1:14:47:aa:d6:4f:6f:c3:90:40:ef:fe:95:67:e3:b6:4c:0f:
c5:51:bf:c9:7a:d7:0c:11:3f:92:12:02:d1:0b:00:bb:18:7d:
9f:4c:ff:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyMP1bTQFNIaU6CGpbBVduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjMwMTAyMTExNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmFhZTM4MDFhNzk1OGU5N2U3ZWJhODU5NWY4NGQ0MjM3OTI4NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFFozLZ4GMZ8XOHQSkCq1xrrFdEg
+ra8LSGojvZ2+rKl8enyCwqaioxc9xFkzRGYt7VV3A6YbYU8zVoWX1DeTYP7SyVu
os+iGgWiDIbJyHlDSUWb/Ey2tUTr278xRPSD5ZhJwystWyZ/WfxFryqa0pFKbcXP
nLilBQz0+sKzIcWD3meTGId/bow4iHBrPDUTo9gpG+to6if7DVrJaAsoOfaf2gSC
qwWePTs+puv3t6jVbSBFOqGNO204o14fUaE1c5loXXsYPp7AeMpmZ19NZZdNoeSl
9237PPX0rv75LgZj5N5qC066XjEunJ/7fq0yl4veqMJbrHQ+L3QgQGYe5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDuq44AaeVjpfn66hZX4TUI3koT7MB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvTzZyamdCcDVXT2wtZnJxRmxmaE5RamVTaFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyj6AwQA
LQvVMA0GCSqGSIb3DQEBCwUAA4IBAQBks/7NV9Ofhe1e5yk+4JOTOxzo2+8Uoe3L
G07AZQC8LK3sLyYaKIx1Podz4oR4tvAjbRD5IHaBbzJPsIkq3IPiQnSQ2xcNyKy4
ODcQeKg/5PzsXJlIZNes7DXWhmZbEudPEM3sCbMfvEkwWra7cC2a4/1peO7gufyF
ahdjg6t69Ui5gK2R73afhRe9/IQwD+sMhephclGZcLxgTMdCIlrIp2o+ScB4q4wn
I3rNynFnd4OfGqFcEpwbtfg7ri3937SJLAcOX1m3/RBwK2DbWEdyXB1sRXN2DVbB
FEeq1k9vw5BA7/6VZ+O2TA/FUb/JetcMET+SEgLRCwC7GH2fTP9w
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org