Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/minfKbLHEAMNQeGI2LlFMyxJvbQ.roa
File: minfKbLHEAMNQeGI2LlFMyxJvbQ.roa (raw, json)
Hash identifier: Qb9C6ZSp4Epv6FtQu3u5sG/QZmtT6AgeRrtcpy7j5d0=
Subject key identifier: 9A:29:DF:29:B2:C7:10:03:0D:41:E1:88:D8:B9:45:33:2C:49:BD:B4
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 018CC8DF9548ACC18C8598FBF4197B4DB7A3
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/minfKbLHEAMNQeGI2LlFMyxJvbQ.roa
Signing time: Tue 02 Jan 2024 06:32:25 +0000
ROA not before: Tue 02 Jan 2024 06:32:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51395
IP address blocks: 79.132.141.0/24 maxlen: 24
2a0b:7140:4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:95:48:ac:c1:8c:85:98:fb:f4:19:7b:4d:b7:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Jan 2 06:32:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9a29df29b2c710030d41e188d8b945332c49bdb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:10:73:e4:b4:41:a3:3e:f2:6a:9d:97:20:a6:
54:20:1b:af:76:c9:50:38:07:35:b1:44:43:de:d7:
11:a8:69:98:92:cf:ec:70:57:4a:86:71:3d:10:a7:
50:a8:af:32:2b:1b:20:a2:51:1a:28:ec:ab:f6:75:
9a:e1:ec:24:6d:94:4e:e2:9f:54:fe:e1:c3:8b:82:
51:ff:6d:0d:59:d3:b8:ca:a3:db:74:3a:37:04:61:
e2:db:5a:8c:f6:45:37:4a:be:4f:13:19:ec:04:22:
c9:88:b5:d3:da:64:a0:66:5d:65:bf:53:fd:a7:99:
8c:59:56:13:94:c1:18:81:f7:88:74:d7:56:89:2e:
6d:66:02:7a:9b:2b:bf:e8:7d:ed:71:83:f2:22:3a:
06:ea:fb:86:c0:96:4b:1a:d7:34:86:a8:18:54:91:
2b:9a:7e:b3:73:60:53:6e:c0:44:6b:bb:5d:06:a5:
ee:85:7e:21:57:03:27:1f:56:43:66:c4:73:ef:04:
7e:20:f8:e9:12:a0:20:cb:84:53:a7:9c:e8:64:7a:
b8:8e:d4:ae:5c:a1:b9:37:13:06:7c:f4:75:7f:95:
e3:7d:9c:b8:64:a6:9e:69:63:00:75:7a:5d:44:75:
7a:e3:a7:bf:f5:c6:17:2f:d4:02:b2:2c:dc:92:72:
16:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:29:DF:29:B2:C7:10:03:0D:41:E1:88:D8:B9:45:33:2C:49:BD:B4
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/minfKbLHEAMNQeGI2LlFMyxJvbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.132.141.0/24
IPv6:
2a0b:7140:4::/48
Signature Algorithm: sha256WithRSAEncryption
4c:b0:a6:1b:3a:8d:0e:50:36:24:49:0e:8d:9e:7e:14:a8:e3:
bd:67:88:27:5f:47:1d:50:fe:40:9a:51:a0:64:19:e6:57:5b:
42:8d:bd:80:83:47:a1:f6:7c:07:16:42:b0:01:3d:42:9f:65:
b7:df:7e:26:61:78:81:04:c9:40:78:a9:94:03:c8:f2:1c:ed:
0b:76:e9:74:3e:ea:d4:e9:7d:4a:1a:22:44:4a:7a:11:71:60:
cb:b5:44:34:5f:1f:f3:05:d3:0f:9b:75:f6:a2:9b:a6:2d:87:
86:90:c0:d0:ff:2b:8b:ea:08:f1:a2:e8:3c:d4:b8:dc:1c:a9:
9c:52:41:62:70:c1:d4:5c:6e:97:88:bc:b1:7e:5d:df:7c:4e:
4f:3a:fc:eb:ae:d9:3f:07:c3:4c:16:17:5b:68:72:f0:c6:87:
33:c7:0d:cb:1e:c1:82:28:03:27:6e:9c:28:44:e9:49:ac:35:
5a:f5:c4:39:a1:e1:11:eb:28:bb:89:70:19:d6:4e:ac:6b:67:
25:58:09:30:09:c6:52:4d:99:2a:bd:6c:f0:24:99:64:ab:07:
72:69:e0:8f:55:4c:15:fc:57:88:55:36:53:d1:cc:be:ef:df:
d1:a1:40:b1:4c:5a:fc:50:a8:52:fa:17:63:75:1a:62:95:34:
de:9d:8a:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI35VIrMGMhZj79Bl7TbejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTI5ZGYyOWIyYzcxMDAzMGQ0MWUxODhkOGI5NDUzMzJjNDliZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshBz5LRBoz7yap2XIKZUIBuvdslQ
OAc1sURD3tcRqGmYks/scFdKhnE9EKdQqK8yKxsgolEaKOyr9nWa4ewkbZRO4p9U
/uHDi4JR/20NWdO4yqPbdDo3BGHi21qM9kU3Sr5PExnsBCLJiLXT2mSgZl1lv1P9
p5mMWVYTlMEYgfeIdNdWiS5tZgJ6myu/6H3tcYPyIjoG6vuGwJZLGtc0hqgYVJEr
mn6zc2BTbsBEa7tdBqXuhX4hVwMnH1ZDZsRz7wR+IPjpEqAgy4RTp5zoZHq4jtSu
XKG5NxMGfPR1f5XjfZy4ZKaeaWMAdXpdRHV646e/9cYXL9QCsizcknIWGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJop3ymyxxADDUHhiNi5RTMsSb20MB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvbWluZktiTEhFQU1OUWVHSTJMbEZNeXhKdmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAT4SNMA8E
AgACMAkDBwAqC3FAAAQwDQYJKoZIhvcNAQELBQADggEBAEywphs6jQ5QNiRJDo2e
fhSo471niCdfRx1Q/kCaUaBkGeZXW0KNvYCDR6H2fAcWQrABPUKfZbfffiZheIEE
yUB4qZQDyPIc7Qt26XQ+6tTpfUoaIkRKehFxYMu1RDRfH/MF0w+bdfaim6Yth4aQ
wND/K4vqCPGi6DzUuNwcqZxSQWJwwdRcbpeIvLF+Xd98Tk86/Ouu2T8Hw0wWF1to
cvDGhzPHDcsewYIoAydunChE6UmsNVr1xDmh4RHrKLuJcBnWTqxrZyVYCTAJxlJN
mSq9bPAkmWSrB3Jp4I9VTBX8V4hVNlPRzL7v39GhQLFMWvxQqFL6F2N1GmKVNN6d
ioA=
-----END CERTIFICATE-----
Generated at Thu Feb 15 15:51:02 2024 by rpki-client on console-fra.rpki-client.org