Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/jhRHZJmc9hWiy4673t7RZ2_Yuxg.roa
File: jhRHZJmc9hWiy4673t7RZ2_Yuxg.roa (raw, json)
Hash identifier: BdbYrvPjJ1U6AhQdG3JaKXz0cFfCZpTD52oe4BccCW0=
Subject key identifier: 8E:14:47:64:99:9C:F6:15:A2:CB:8E:BB:DE:DE:D1:67:6F:D8:BB:18
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 01856FD53A54B13788A2DDE26937BEB52E7A
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/jhRHZJmc9hWiy4673t7RZ2_Yuxg.roa
Signing time: Mon 02 Jan 2023 00:15:23 +0000
ROA not before: Mon 02 Jan 2023 00:15:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44066
IP address blocks: 79.132.138.0/24 maxlen: 24
79.132.136.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d5:3a:54:b1:37:88:a2:dd:e2:69:37:be:b5:2e:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Jan 2 00:15:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8e144764999cf615a2cb8ebbdeded1676fd8bb18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:9b:99:7e:69:92:16:f2:7b:01:84:aa:94:d6:
6a:0d:4a:6f:44:57:52:b7:94:98:11:c2:be:09:96:
bd:16:f3:95:54:56:74:3c:16:4a:23:a9:f4:2b:cc:
41:67:4c:d9:ac:27:f2:16:a7:da:f9:16:f7:10:8e:
a0:07:be:8a:2a:e5:86:ec:fd:c2:89:83:22:d0:d2:
35:2e:f4:5a:55:0e:5a:43:a5:2a:42:4b:48:9d:7f:
af:34:88:fa:49:0c:a7:49:b3:da:5d:f9:75:c9:9d:
fa:72:38:40:44:93:70:29:d1:66:8f:6b:b9:59:76:
9c:7b:8b:be:fa:63:01:04:9e:93:91:15:b9:82:59:
43:0f:1a:4d:aa:d2:fe:f5:d3:09:43:0d:63:e0:a2:
9c:ed:24:7d:43:b8:0c:63:29:55:24:b0:c3:18:87:
ee:65:7a:5a:5a:f7:06:1e:42:4c:ee:1a:54:77:3f:
8d:37:62:b2:35:83:08:87:6d:c0:86:09:c9:9b:cf:
4e:34:f3:14:c4:de:cc:de:10:0f:a0:63:1d:79:6b:
99:f0:88:f5:03:ab:4c:c4:e4:66:d1:2d:67:11:44:
2c:e0:17:ec:09:e7:b6:76:dc:e1:39:ba:da:8e:70:
fd:f1:60:27:80:e9:88:d7:62:9e:99:2e:ff:78:dc:
52:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:14:47:64:99:9C:F6:15:A2:CB:8E:BB:DE:DE:D1:67:6F:D8:BB:18
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/jhRHZJmc9hWiy4673t7RZ2_Yuxg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.132.136.0/24
79.132.138.0/24
Signature Algorithm: sha256WithRSAEncryption
65:7d:cc:97:22:90:62:5f:1c:ee:64:00:10:e6:e9:21:a2:51:
a4:4a:c4:a1:af:92:47:7f:7c:33:7c:34:25:9e:fa:58:3a:36:
3c:12:bc:df:43:d3:d9:45:e5:a7:eb:32:2e:7d:dc:11:fd:7e:
53:7e:51:a7:f4:d3:74:7d:25:75:54:b4:ab:45:eb:70:ad:bf:
e1:8c:f0:12:2c:c6:1c:6a:e6:fc:5c:c3:96:4e:f4:0e:c0:d9:
81:d1:bf:90:1b:9c:91:94:72:a1:e0:fe:cd:71:f3:24:1e:47:
87:42:9d:b3:fd:90:99:72:de:52:62:2e:fb:f2:85:27:06:f0:
4b:96:75:d4:36:a0:30:fb:98:8d:c5:c6:04:d6:55:5e:59:74:
b4:fd:bc:8d:24:cc:31:85:7d:3e:24:68:26:b3:45:7f:f1:66:
cb:ab:1d:8e:ff:45:a7:04:b6:95:53:fc:30:33:76:9a:a9:a9:
69:e5:70:e1:ea:a5:68:89:9f:c5:87:b9:7c:c8:a7:fa:8d:c8:
b0:98:78:13:50:a8:1c:82:65:7e:a9:9f:a2:87:e2:94:2e:a9:
ed:f2:44:8c:3c:ad:80:69:be:00:38:ef:76:98:96:a0:c6:11:
c5:b3:1a:66:19:9c:e4:e8:5e:8c:ce:da:8c:74:b5:19:45:a9:
cc:22:6a:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVv1TpUsTeIot3iaTe+tS56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwMTAyMDAxNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE0NDc2NDk5OWNmNjE1YTJjYjhlYmJkZWRlZDE2NzZmZDhiYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5uZfmmSFvJ7AYSqlNZqDUpvRFdS
t5SYEcK+CZa9FvOVVFZ0PBZKI6n0K8xBZ0zZrCfyFqfa+Rb3EI6gB76KKuWG7P3C
iYMi0NI1LvRaVQ5aQ6UqQktInX+vNIj6SQynSbPaXfl1yZ36cjhARJNwKdFmj2u5
WXace4u++mMBBJ6TkRW5gllDDxpNqtL+9dMJQw1j4KKc7SR9Q7gMYylVJLDDGIfu
ZXpaWvcGHkJM7hpUdz+NN2KyNYMIh23AhgnJm89ONPMUxN7M3hAPoGMdeWuZ8Ij1
A6tMxORm0S1nEUQs4BfsCee2dtzhObrajnD98WAngOmI12KemS7/eNxSJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4UR2SZnPYVosuOu97e0Wdv2LsYMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvamhSSFpKbWM5aFdpeTQ2NzN0N1JaMl9ZdXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4SIAwQA
T4SKMA0GCSqGSIb3DQEBCwUAA4IBAQBlfcyXIpBiXxzuZAAQ5ukholGkSsShr5JH
f3wzfDQlnvpYOjY8ErzfQ9PZReWn6zIufdwR/X5TflGn9NN0fSV1VLSrRetwrb/h
jPASLMYcaub8XMOWTvQOwNmB0b+QG5yRlHKh4P7NcfMkHkeHQp2z/ZCZct5SYi77
8oUnBvBLlnXUNqAw+5iNxcYE1lVeWXS0/byNJMwxhX0+JGgms0V/8WbLqx2O/0Wn
BLaVU/wwM3aaqalp5XDh6qVoiZ/Fh7l8yKf6jciwmHgTUKgcgmV+qZ+ih+KULqnt
8kSMPK2Aab4AOO92mJagxhHFsxpmGZzk6F6MztqMdLUZRanMImri
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:56 2024 by rpki-client on console-ams.rpki-client.org