Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/XveFFxmyyeXKBqyL2QtbVg_f7Zw.roa
File: XveFFxmyyeXKBqyL2QtbVg_f7Zw.roa (raw, json)
Hash identifier: 9IkAdZgVJhz06v5hVnJZbpy/XaVWFCVz300AmJ7jTMw=
Subject key identifier: 5E:F7:85:17:19:B2:C9:E5:CA:06:AC:8B:D9:0B:5B:56:0F:DF:ED:9C
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 0190352D38D8823ED334D0C391B0CAB3CB5E
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/XveFFxmyyeXKBqyL2QtbVg_f7Zw.roa
Signing time: Thu 20 Jun 2024 10:24:34 +0000
ROA not before: Thu 20 Jun 2024 10:24:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 91.210.69.0/24 maxlen: 24
185.109.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:35:2d:38:d8:82:3e:d3:34:d0:c3:91:b0:ca:b3:cb:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jun 20 10:24:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5ef7851719b2c9e5ca06ac8bd90b5b560fdfed9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:96:7d:f2:78:0d:c3:4f:65:af:29:fa:3b:cb:
45:ad:d0:9d:aa:5b:7c:e0:20:f3:ee:cf:d2:98:d6:
e5:3f:a3:c7:3f:3b:5a:eb:c8:e7:74:45:dd:0a:0a:
05:90:fb:ee:40:09:3a:14:b0:07:fb:70:d5:47:ba:
24:80:f1:7c:15:3c:08:1b:aa:28:b8:57:23:03:6a:
3b:92:b9:ec:b2:07:f9:a7:96:99:c0:1d:05:d7:f3:
2f:de:e8:f8:d6:12:7a:cc:16:58:32:2e:59:80:ab:
93:c5:41:d2:e0:04:8b:52:1c:2f:17:8c:fb:14:b7:
e4:cd:31:83:1a:96:3f:48:81:00:1e:e8:ea:11:d0:
12:d1:6b:60:51:fc:a1:19:a4:6e:bb:d9:74:9e:5d:
ed:02:98:61:bb:7a:a3:f5:71:20:59:24:32:f8:f1:
d4:71:9c:ae:03:0f:63:46:63:61:7d:d3:13:3e:9b:
6e:c7:fa:d7:a8:dd:f3:b9:58:8a:97:31:4e:93:cd:
eb:d2:8f:66:8b:e5:cc:73:81:84:14:50:63:c4:18:
ed:c3:36:f4:47:db:6f:75:a0:46:c2:df:6b:69:9e:
ff:c6:a5:c4:13:69:dc:32:86:b8:0d:73:73:59:ee:
b1:cf:a4:be:d9:34:ba:39:18:e3:b1:f3:6a:1c:c6:
d6:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:F7:85:17:19:B2:C9:E5:CA:06:AC:8B:D9:0B:5B:56:0F:DF:ED:9C
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/XveFFxmyyeXKBqyL2QtbVg_f7Zw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.69.0/24
185.109.238.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:96:b1:25:ac:5a:88:2c:76:78:68:4b:fe:33:6a:ee:11:1a:
59:74:7b:a7:25:b0:a6:48:b0:01:98:9b:dc:37:91:de:a7:64:
1f:75:3b:b0:ca:33:42:54:7f:60:b7:cf:1c:98:77:0d:ca:68:
bc:67:e3:64:2e:29:32:25:ca:30:0b:8d:1f:6e:01:dd:37:8b:
64:90:05:35:7b:d3:e9:2f:2e:2a:80:93:3e:c6:85:0b:21:10:
cf:dd:8c:66:8e:a8:10:e3:bb:ea:f3:44:07:43:56:53:8a:ec:
db:12:df:3a:6b:f4:37:29:85:dd:a7:1c:6e:bc:81:0c:b8:da:
d1:bd:4a:70:a7:1e:b1:10:02:cc:55:24:b2:3b:7d:22:37:a0:
a7:89:fe:8b:83:6d:76:c8:d2:62:36:f6:34:37:db:ef:a6:6e:
42:74:ea:68:e7:3c:ea:78:67:d7:be:c7:65:4a:6e:5a:6c:ab:
9e:61:49:f4:51:5c:e2:6b:b5:b2:e3:40:8c:db:c4:9c:3d:ce:
c3:b4:0e:92:ac:3f:f7:78:17:f2:25:38:a9:11:e1:a8:3f:56:
40:2d:2f:06:9a:b7:49:b9:0b:1c:51:f0:14:93:18:1e:1e:9e:
92:ae:ca:54:77:78:ec:23:d2:5a:2c:0b:ba:80:db:2c:47:cf:
43:bb:a9:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA1LTjYgj7TNNDDkbDKs8teMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwNjIwMTAyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY3ODUxNzE5YjJjOWU1Y2EwNmFjOGJkOTBiNWI1NjBmZGZlZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpZ98ngNw09lryn6O8tFrdCdqlt8
4CDz7s/SmNblP6PHPzta68jndEXdCgoFkPvuQAk6FLAH+3DVR7okgPF8FTwIG6oo
uFcjA2o7krnssgf5p5aZwB0F1/Mv3uj41hJ6zBZYMi5ZgKuTxUHS4ASLUhwvF4z7
FLfkzTGDGpY/SIEAHujqEdAS0WtgUfyhGaRuu9l0nl3tAphhu3qj9XEgWSQy+PHU
cZyuAw9jRmNhfdMTPptux/rXqN3zuViKlzFOk83r0o9mi+XMc4GEFFBjxBjtwzb0
R9tvdaBGwt9raZ7/xqXEE2ncMoa4DXNzWe6xz6S+2TS6ORjjsfNqHMbW4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF73hRcZssnlygasi9kLW1YP3+2cMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvWHZlRkZ4bXl5ZVhLQnF5TDJRdGJWZ19mN1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9JFAwQA
uW3uMA0GCSqGSIb3DQEBCwUAA4IBAQBqlrElrFqILHZ4aEv+M2ruERpZdHunJbCm
SLABmJvcN5Hep2QfdTuwyjNCVH9gt88cmHcNymi8Z+NkLikyJcowC40fbgHdN4tk
kAU1e9PpLy4qgJM+xoULIRDP3YxmjqgQ47vq80QHQ1ZTiuzbEt86a/Q3KYXdpxxu
vIEMuNrRvUpwpx6xEALMVSSyO30iN6Cnif6Lg212yNJiNvY0N9vvpm5CdOpo5zzq
eGfXvsdlSm5abKueYUn0UVzia7Wy40CM28ScPc7DtA6SrD/3eBfyJTipEeGoP1ZA
LS8GmrdJuQscUfAUkxgeHp6SrspUd3jsI9JaLAu6gNssR89Du6lH
-----END CERTIFICATE-----
Generated at Fri Aug 30 09:05:03 2024 by rpki-client on console-ams.rpki-client.org