Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/g15chNFrJfyqT1mnlvO2VDY49x4.roa
File: g15chNFrJfyqT1mnlvO2VDY49x4.roa (raw, json)
Hash identifier: AxRFjS/hN4kF+B0jyFw89B68dpEL1qjv0cM+TZaMnX0=
Subject key identifier: 83:5E:5C:84:D1:6B:25:FC:AA:4F:59:A7:96:F3:B6:54:36:38:F7:1E
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018D1827B40F18A504DC3D4713F825A17B08
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/g15chNFrJfyqT1mnlvO2VDY49x4.roa
Signing time: Wed 17 Jan 2024 16:01:11 +0000
ROA not before: Wed 17 Jan 2024 16:01:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41957
IP address blocks: 91.242.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:18:27:b4:0f:18:a5:04:dc:3d:47:13:f8:25:a1:7b:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 17 16:01:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=835e5c84d16b25fcaa4f59a796f3b6543638f71e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:f2:2d:df:fb:20:51:de:b0:5b:a1:ae:ff:a5:
b4:e5:ef:02:78:63:c1:71:1a:b2:47:d1:57:d4:f2:
49:60:82:7e:5e:09:65:63:de:f7:8a:ef:1d:cd:ff:
5a:d4:29:c3:8d:5f:dc:8c:9c:f5:b4:c2:d8:b3:22:
55:96:dc:d3:67:6a:dc:1e:e2:f5:cb:05:85:2f:ab:
fb:d4:4c:ce:c0:63:55:ec:0e:75:18:3e:af:57:15:
1f:92:58:e8:9a:64:27:5a:3e:b3:dc:f3:1b:07:3d:
75:22:cc:c3:36:9d:3f:24:bc:5e:5b:43:22:e9:72:
db:9d:51:6c:a2:d1:bc:a5:07:b1:a5:b1:8f:1c:06:
11:7a:76:94:ea:a5:6d:76:52:ab:7a:c2:ed:79:20:
e3:ca:f8:f1:aa:f6:98:9d:60:21:77:3b:a9:76:ff:
5d:fe:25:a4:68:0a:4e:4d:11:87:4e:db:a7:15:49:
9a:53:66:ef:95:3a:ad:b0:1b:2b:62:db:8f:e6:72:
c5:32:8b:f0:07:ea:5b:fb:87:7b:14:e6:ee:9b:46:
2f:05:4c:85:1b:b7:ba:8d:6f:dc:75:8a:82:c3:44:
58:fc:a8:96:bc:b8:3b:6c:16:9c:fe:77:85:ae:85:
57:c2:55:40:a0:4b:7a:dd:c2:d9:f1:0c:5d:58:22:
84:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:5E:5C:84:D1:6B:25:FC:AA:4F:59:A7:96:F3:B6:54:36:38:F7:1E
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/g15chNFrJfyqT1mnlvO2VDY49x4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.242.254.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:6f:d6:10:dd:68:f2:cb:05:a0:b3:41:89:a6:85:f1:e5:02:
41:85:16:cd:23:5a:b2:da:c7:59:a7:95:17:7b:d9:83:8d:07:
05:c7:14:96:47:fe:60:eb:41:2d:13:f3:46:a1:a8:fc:77:31:
fb:71:8b:dd:75:4c:17:1a:8f:e3:26:d9:bd:36:a2:d6:5c:c8:
5b:24:c2:2d:d9:ee:6c:d9:a5:55:4e:b2:c0:44:2a:79:a1:51:
d1:32:66:fa:f8:4d:34:e9:98:b2:eb:55:00:eb:f3:54:bf:70:
cc:fb:9b:ab:f4:8a:48:4f:87:ed:c5:fa:23:c9:dd:bc:f3:69:
22:b6:66:f1:86:b4:bc:35:ad:d0:5f:0f:14:d4:f0:a4:ee:4e:
8b:93:46:60:a3:bb:38:f6:51:87:52:f8:09:a0:f9:03:9c:9e:
35:2f:36:99:d5:92:82:3e:7d:74:34:8c:29:ea:32:e8:0d:3b:
b8:25:b1:c9:03:e1:cb:10:77:2d:bf:c8:f1:1a:b3:0e:99:b0:
02:c5:29:0a:ce:92:30:60:cf:03:16:e1:39:13:0a:ef:1a:a9:
df:d6:c2:2d:3c:a8:7e:c5:7c:54:76:d0:c9:b4:c6:68:81:c5:
b7:92:5c:a1:28:72:40:29:42:e0:96:95:62:df:47:fe:ea:91:
b2:ec:2e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0YJ7QPGKUE3D1HE/gloXsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTE3MTYwMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzVlNWM4NGQxNmIyNWZjYWE0ZjU5YTc5NmYzYjY1NDM2MzhmNzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvIt3/sgUd6wW6Gu/6W05e8CeGPB
cRqyR9FX1PJJYIJ+XgllY973iu8dzf9a1CnDjV/cjJz1tMLYsyJVltzTZ2rcHuL1
ywWFL6v71EzOwGNV7A51GD6vVxUfkljommQnWj6z3PMbBz11IszDNp0/JLxeW0Mi
6XLbnVFsotG8pQexpbGPHAYRenaU6qVtdlKresLteSDjyvjxqvaYnWAhdzupdv9d
/iWkaApOTRGHTtunFUmaU2bvlTqtsBsrYtuP5nLFMovwB+pb+4d7FObum0YvBUyF
G7e6jW/cdYqCw0RY/KiWvLg7bBac/neFroVXwlVAoEt63cLZ8QxdWCKE0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINeXITRayX8qk9Zp5bztlQ2OPceMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvZzE1Y2hORnJKZnlxVDFtbmx2TzJWRFk0OXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/L+MA0G
CSqGSIb3DQEBCwUAA4IBAQANb9YQ3WjyywWgs0GJpoXx5QJBhRbNI1qy2sdZp5UX
e9mDjQcFxxSWR/5g60EtE/NGoaj8dzH7cYvddUwXGo/jJtm9NqLWXMhbJMIt2e5s
2aVVTrLARCp5oVHRMmb6+E006Ziy61UA6/NUv3DM+5ur9IpIT4ftxfojyd2882ki
tmbxhrS8Na3QXw8U1PCk7k6Lk0Zgo7s49lGHUvgJoPkDnJ41LzaZ1ZKCPn10NIwp
6jLoDTu4JbHJA+HLEHctv8jxGrMOmbACxSkKzpIwYM8DFuE5EwrvGqnf1sItPKh+
xXxUdtDJtMZogcW3klyhKHJAKULglpVi30f+6pGy7C5A
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org