Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/i-MWjIY82FttFMkDxumb6jDOs9A.roa
File: i-MWjIY82FttFMkDxumb6jDOs9A.roa (raw, json)
Hash identifier: CfcQxR8eqQx/imI03Exgu65AyMBO9QfhUmjvw6dwFrA=
Subject key identifier: 8B:E3:16:8C:86:3C:D8:5B:6D:14:C9:03:C6:E9:9B:EA:30:CE:B3:D0
Certificate issuer: /CN=9d4ef20bb6a867eccd87fa0acae22c5bf634d51b
Certificate serial: 038242F2
Authority key identifier: 9D:4E:F2:0B:B6:A8:67:EC:CD:87:FA:0A:CA:E2:2C:5B:F6:34:D5:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/i-MWjIY82FttFMkDxumb6jDOs9A.roa
Signing time: Sat 01 Jan 2022 14:07:52 +0000
ROA not before: Sat 01 Jan 2022 14:07:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34691
IP address blocks: 91.233.252.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 58868466 (0x38242f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d4ef20bb6a867eccd87fa0acae22c5bf634d51b
Validity
Not Before: Jan 1 14:07:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8be3168c863cd85b6d14c903c6e99bea30ceb3d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:6b:e7:47:c1:fe:b8:b8:66:4b:b6:3a:dc:48:
c0:08:d8:65:c7:8d:bb:6f:11:b0:ba:45:ac:04:08:
03:43:5c:74:78:70:bb:93:86:a7:31:45:00:57:1f:
b5:56:2b:53:03:fa:d1:53:2d:0c:49:81:0d:09:11:
7b:f3:bd:54:1a:7c:87:b3:57:83:20:31:11:86:1e:
33:0e:d6:f8:61:2a:59:8f:99:1b:d5:3d:c1:c8:87:
b4:e2:9a:47:80:62:e8:35:fe:60:b1:1f:ac:67:e6:
38:32:08:82:c6:ed:2a:51:4e:12:3f:56:15:9b:17:
05:24:e9:ad:71:a7:2c:89:91:db:a8:93:74:79:bd:
19:bc:28:c1:d9:67:59:67:c5:7d:38:76:97:91:48:
04:0a:ca:b5:cb:87:a1:24:ed:ad:87:f7:64:e5:c1:
59:15:66:1c:32:68:9f:14:02:cd:ed:c6:d2:01:ef:
f5:dd:f6:6a:46:97:bd:df:29:95:5b:94:42:0c:1e:
46:e3:dc:83:bf:e6:0c:79:1f:9b:df:3a:a7:4a:e2:
a4:db:3b:38:8c:75:68:48:38:c1:3c:c1:b3:34:b1:
92:28:e0:23:7b:51:3c:58:cb:ab:da:a0:18:c8:64:
5f:6e:96:19:de:4c:86:fd:24:ef:ec:2b:c1:f3:13:
9f:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:E3:16:8C:86:3C:D8:5B:6D:14:C9:03:C6:E9:9B:EA:30:CE:B3:D0
X509v3 Authority Key Identifier:
keyid:9D:4E:F2:0B:B6:A8:67:EC:CD:87:FA:0A:CA:E2:2C:5B:F6:34:D5:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/i-MWjIY82FttFMkDxumb6jDOs9A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.233.252.0/23
Signature Algorithm: sha256WithRSAEncryption
3d:0a:c3:d3:9c:30:1c:e8:8f:30:f7:16:2f:44:8a:3c:4b:3d:
64:e2:d8:6e:6b:97:55:92:c3:4f:74:80:02:51:57:ab:36:d9:
64:c2:e1:0e:1a:1e:e9:e4:9b:18:3e:f0:15:35:71:f4:d1:73:
31:80:6d:75:36:c8:87:2c:e1:0b:c9:0b:0c:17:96:95:25:06:
9e:56:54:c7:3c:c4:cf:15:56:e1:03:1c:eb:c3:88:7e:1e:e1:
33:4f:37:b9:13:90:bb:3c:b7:2f:e3:4e:59:ac:7b:bb:73:35:
ea:66:b4:08:0e:1b:39:6f:ba:b4:0f:4b:ce:a8:1b:03:fe:53:
74:6a:c9:6a:1f:d3:f2:95:ee:ff:b2:ab:33:1d:e8:82:fa:dd:
7d:6d:b0:14:50:c9:c4:60:e5:bd:7a:36:d5:af:36:97:ee:d3:
a7:4e:d4:fc:58:3c:cb:b2:2a:63:09:df:3c:bc:ac:99:6c:48:
b5:d4:eb:5a:80:22:58:57:e2:21:6c:0c:c3:06:f4:ee:7e:03:
f3:1b:4b:a5:c5:55:50:17:3d:38:40:73:11:98:8f:41:53:07:
ad:e2:be:f7:71:7d:8a:10:64:8f:98:e7:52:30:12:56:93:6d:
0c:66:75:7f:07:34:0b:5e:18:77:6c:77:d7:4f:60:6c:4c:ce:
b3:33:39:e0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA4JC8jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZDRlZjIwYmI2YTg2N2VjY2Q4N2ZhMGFjYWUyMmM1YmY2MzRkNTFiMB4XDTIyMDEw
MTE0MDc1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGJlMzE2OGM4NjNj
ZDg1YjZkMTRjOTAzYzZlOTliZWEzMGNlYjNkMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMNr50fB/ri4Zku2OtxIwAjYZceNu28RsLpFrAQIA0NcdHhw
u5OGpzFFAFcftVYrUwP60VMtDEmBDQkRe/O9VBp8h7NXgyAxEYYeMw7W+GEqWY+Z
G9U9wciHtOKaR4Bi6DX+YLEfrGfmODIIgsbtKlFOEj9WFZsXBSTprXGnLImR26iT
dHm9GbwowdlnWWfFfTh2l5FIBArKtcuHoSTtrYf3ZOXBWRVmHDJonxQCze3G0gHv
9d32akaXvd8plVuUQgweRuPcg7/mDHkfm986p0ripNs7OIx1aEg4wTzBszSxkijg
I3tRPFjLq9qgGMhkX26WGd5Mhv0k7+wrwfMTn5cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSL4xaMhjzYW20UyQPG6ZvqMM6z0DAfBgNVHSMEGDAWgBSdTvILtqhn7M2H
+grK4ixb9jTVGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25VN3lDN2FvWi16Tmhfb0t5dUlzV19ZMDFScy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDYvNzE4MWE2LTdmZjQtNDBiYS05M2RmLTc4ODViN2I4MzcxYy8x
L2ktTVdqSVk4MkZ0dEZNa0R4dW1iNmpET3M5QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYv
NzE4MWE2LTdmZjQtNDBiYS05M2RmLTc4ODViN2I4MzcxYy8xL25VN3lDN2FvWi16
Tmhfb0t5dUlzV19ZMDFScy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVvp/DANBgkqhkiG9w0BAQsFAAOC
AQEAPQrD05wwHOiPMPcWL0SKPEs9ZOLYbmuXVZLDT3SAAlFXqzbZZMLhDhoe6eSb
GD7wFTVx9NFzMYBtdTbIhyzhC8kLDBeWlSUGnlZUxzzEzxVW4QMc68OIfh7hM083
uROQuzy3L+NOWax7u3M16ma0CA4bOW+6tA9LzqgbA/5TdGrJah/T8pXu/7KrMx3o
gvrdfW2wFFDJxGDlvXo21a82l+7Tp07U/Fg8y7IqYwnfPLysmWxItdTrWoAiWFfi
IWwMwwb07n4D8xtLpcVVUBc9OEBzEZiPQVMHreK+93F9ihBkj5jnUjASVpNtDGZ1
fwc0C14Yd2x3109gbEzOszM54A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:10 2024 by rpki-client on console-ams.rpki-client.org