Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/aMXf-r7cWqoTyYq1FhLny7qQx98.roa
File: aMXf-r7cWqoTyYq1FhLny7qQx98.roa (raw, json)
Hash identifier: pYNiQy8tw/qjd4HMropMenOFqLveFYY+jAYcyxL0F8o=
Subject key identifier: 68:C5:DF:FA:BE:DC:5A:AA:13:C9:8A:B5:16:12:E7:CB:BA:90:C7:DF
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 018905A26A1C24BA5169B732BB002EE75C59
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/aMXf-r7cWqoTyYq1FhLny7qQx98.roa
Signing time: Thu 29 Jun 2023 05:31:17 +0000
ROA not before: Thu 29 Jun 2023 05:31:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44066
IP address blocks: 79.132.138.0/24 maxlen: 24
79.132.136.0/24 maxlen: 24
79.132.142.0/24 maxlen: 24
79.132.140.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:05:a2:6a:1c:24:ba:51:69:b7:32:bb:00:2e:e7:5c:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Jun 29 05:31:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=68c5dffabedc5aaa13c98ab51612e7cbba90c7df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:54:b2:93:8c:91:7f:51:1c:02:fd:9e:8c:14:
fa:37:be:de:a1:25:5e:8e:7b:cb:5c:c7:e8:63:62:
ff:74:c9:4c:65:49:a8:7e:84:5c:9c:7d:3c:4f:ef:
ad:a3:5f:c8:49:76:76:95:f9:a1:f0:76:f0:23:6f:
59:99:3a:51:99:3b:1b:4c:71:65:e4:cb:8b:86:69:
29:e2:0c:6c:bd:02:b2:b5:35:f7:a1:9a:88:67:9f:
9d:cb:d5:86:26:3f:f2:3d:36:0f:8a:07:2d:20:8f:
6e:1d:55:94:30:83:d6:23:3c:24:18:37:83:57:29:
d4:90:d5:13:8a:8d:2f:57:02:15:61:a7:94:bf:60:
91:a1:21:df:73:b1:4a:2a:2a:c0:37:c5:3a:e4:26:
0f:e1:ef:2a:8e:78:0d:cf:e5:97:3b:9c:94:ef:03:
59:93:6d:75:6c:53:48:b5:51:50:29:68:d1:84:61:
b5:7b:71:2a:63:6c:b4:66:96:52:e3:1c:1f:70:06:
35:0c:11:1c:7a:75:28:b7:4c:ea:0f:3e:e4:59:f8:
91:0f:e5:e0:52:22:bd:51:09:12:ef:a6:22:26:04:
eb:73:d9:74:b3:00:f3:ad:78:9f:b3:ef:a9:ba:cc:
1e:c3:fe:d5:a7:d0:25:09:9a:e8:cf:28:81:75:f4:
93:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:C5:DF:FA:BE:DC:5A:AA:13:C9:8A:B5:16:12:E7:CB:BA:90:C7:DF
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/aMXf-r7cWqoTyYq1FhLny7qQx98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.132.136.0/24
79.132.138.0/24
79.132.140.0/24
79.132.142.0/24
Signature Algorithm: sha256WithRSAEncryption
60:d6:b0:d4:a7:43:55:1a:66:02:81:dd:6b:ad:1a:d1:f4:1b:
59:e3:10:c8:86:f8:6d:d4:a1:6f:75:c8:54:9c:a9:e3:e7:3e:
eb:10:ee:91:82:7c:26:63:a4:7d:ca:3e:8e:ff:5e:1b:7b:b0:
69:56:c5:d9:dc:5c:b0:1b:14:4e:f8:53:ae:db:be:1c:40:36:
2c:06:3a:87:67:ae:9c:74:50:a7:0f:de:31:f6:13:58:84:af:
72:9f:18:e8:79:ba:e0:98:85:1a:5e:12:90:35:f7:cf:32:4c:
07:18:05:f8:58:d8:06:b4:94:12:fe:a8:97:da:de:61:99:a9:
4a:dd:cb:a1:58:10:5e:a3:e4:b6:59:2c:7e:db:c8:86:ea:30:
ae:df:f2:96:e0:3f:ad:06:b9:62:9d:37:63:24:15:8b:f9:ab:
a2:03:9f:b6:35:b5:5c:fb:a9:98:15:3d:89:2e:ef:14:45:fd:
d4:3c:0f:b2:72:f3:96:37:d4:83:b6:e3:63:35:e1:c2:f5:7b:
92:04:7b:1b:b4:fc:1c:a4:61:26:65:ca:52:d0:da:ef:34:a3:
de:03:a5:b3:cf:a6:38:af:a3:fc:9b:a7:2e:98:32:c8:15:6b:
d1:6d:30:9a:8e:97:a4:92:9d:68:0c:39:a8:ab:79:8f:cd:c9:
fd:79:2c:ff
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYkFomocJLpRabcyuwAu51xZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwNjI5MDUzMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM1ZGZmYWJlZGM1YWFhMTNjOThhYjUxNjEyZTdjYmJhOTBjN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlSyk4yRf1EcAv2ejBT6N77eoSVe
jnvLXMfoY2L/dMlMZUmofoRcnH08T++to1/ISXZ2lfmh8HbwI29ZmTpRmTsbTHFl
5MuLhmkp4gxsvQKytTX3oZqIZ5+dy9WGJj/yPTYPigctII9uHVWUMIPWIzwkGDeD
VynUkNUTio0vVwIVYaeUv2CRoSHfc7FKKirAN8U65CYP4e8qjngNz+WXO5yU7wNZ
k211bFNItVFQKWjRhGG1e3EqY2y0ZpZS4xwfcAY1DBEcenUot0zqDz7kWfiRD+Xg
UiK9UQkS76YiJgTrc9l0swDzrXifs++puswew/7Vp9AlCZrozyiBdfSTTQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGjF3/q+3FqqE8mKtRYS58u6kMffMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvYU1YZi1yN2NXcW9UeVlxMUZoTG55N3FReDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAT4SIAwQA
T4SKAwQAT4SMAwQAT4SOMA0GCSqGSIb3DQEBCwUAA4IBAQBg1rDUp0NVGmYCgd1r
rRrR9BtZ4xDIhvht1KFvdchUnKnj5z7rEO6RgnwmY6R9yj6O/14be7BpVsXZ3Fyw
GxRO+FOu274cQDYsBjqHZ66cdFCnD94x9hNYhK9ynxjoebrgmIUaXhKQNffPMkwH
GAX4WNgGtJQS/qiX2t5hmalK3cuhWBBeo+S2WSx+28iG6jCu3/KW4D+tBrlinTdj
JBWL+auiA5+2NbVc+6mYFT2JLu8URf3UPA+ycvOWN9SDtuNjNeHC9XuSBHsbtPwc
pGEmZcpS0NrvNKPeA6Wzz6Y4r6P8m6cumDLIFWvRbTCajpekkp1oDDmoq3mPzcn9
eSz/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org