Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/Z5wGf4N85TYT-vkJvjeB0m0GoTU.roa
File: Z5wGf4N85TYT-vkJvjeB0m0GoTU.roa (raw, json)
Hash identifier: yKgLL8jI6Hpq9Nx4+4oiYQg64/9Mm62W3IX3orkLqec=
Subject key identifier: 67:9C:06:7F:83:7C:E5:36:13:FA:F9:09:BE:37:81:D2:6D:06:A1:35
Certificate issuer: /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial: 0190D9BCC9D3561F74697CC4ED594BDC45BB
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/Z5wGf4N85TYT-vkJvjeB0m0GoTU.roa
Signing time: Mon 22 Jul 2024 09:19:06 +0000
ROA not before: Mon 22 Jul 2024 09:19:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 193.228.139.0/24 maxlen: 24
194.36.32.0/23 maxlen: 23
194.36.32.0/24 maxlen: 24
194.36.33.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:d9:bc:c9:d3:56:1f:74:69:7c:c4:ed:59:4b:dc:45:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Validity
Not Before: Jul 22 09:19:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=679c067f837ce53613faf909be3781d26d06a135
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:63:86:49:67:84:64:91:e8:70:f1:17:7c:bf:
c7:cc:a5:ab:57:dc:9f:5c:39:a5:11:1e:97:53:3b:
c6:e8:25:34:7b:0c:c8:89:b9:75:73:7a:e0:2d:0b:
a2:31:b9:0e:c2:b3:42:d8:23:ad:41:f4:d7:cf:30:
7b:3c:6e:11:fa:5f:94:de:84:a2:6b:da:e9:f4:5b:
e8:75:37:cf:07:8d:f8:0e:f1:da:e0:f9:e5:d1:f0:
38:88:75:e8:9c:d6:16:4b:c8:91:76:b5:02:eb:51:
44:02:2d:d6:da:88:54:7e:d7:ee:40:3e:5e:2e:c9:
e6:55:0c:24:7a:71:53:af:c3:2a:30:3e:12:a1:0a:
8d:f5:d5:99:1e:e0:b8:bb:bd:c7:a9:a4:27:a8:f3:
1b:31:0a:60:c6:15:4b:43:11:d1:1d:9c:b2:79:d0:
d4:fe:5f:84:c6:48:36:ec:c5:8b:13:85:51:ba:7f:
87:f3:9f:dc:37:08:e0:90:68:77:0e:46:fa:25:49:
58:86:00:c7:2b:ab:63:0a:bc:c0:0e:72:b1:4f:9c:
26:af:d1:64:e9:32:5b:2d:50:d2:23:9b:8b:08:b2:
5d:43:0e:f7:3b:9f:82:66:00:1c:d6:03:bd:6f:67:
6d:f9:0d:5d:09:33:1a:d9:07:d7:b9:8e:77:1a:df:
7a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:9C:06:7F:83:7C:E5:36:13:FA:F9:09:BE:37:81:D2:6D:06:A1:35
X509v3 Authority Key Identifier:
keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/Z5wGf4N85TYT-vkJvjeB0m0GoTU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.228.139.0/24
194.36.32.0/23
Signature Algorithm: sha256WithRSAEncryption
46:91:2c:29:91:a3:2e:55:d9:ce:35:16:6c:f1:f8:52:ad:d2:
8c:53:19:cb:6f:3b:f7:26:8a:97:4c:c8:f5:86:f6:9f:3b:b6:
5f:6c:9a:57:f9:6c:e5:19:d4:f3:fc:a3:de:ae:67:d4:d1:fb:
0d:8c:d6:6b:b6:7e:ec:28:39:af:13:a4:5f:20:31:b1:02:d0:
5a:05:d5:fe:d7:a6:64:7d:8e:1b:b4:a8:5f:1d:ee:d4:04:9c:
8c:6a:6b:c4:4c:fb:bb:c6:0c:ff:d0:86:da:4e:74:21:2e:4c:
bb:4c:5c:e5:f0:82:51:44:a0:d4:18:04:94:fe:0f:6d:c5:53:
b9:95:13:47:94:9f:23:fa:06:2e:f2:35:20:93:60:0e:b6:72:
e5:17:1b:2a:fb:a2:a3:2a:1f:3f:1f:70:41:62:a6:a0:f8:c1:
e2:40:7b:59:66:d0:31:3b:99:25:3e:31:a1:a5:97:65:0d:0b:
56:31:32:c1:a3:49:a6:1b:58:8a:5c:62:c5:93:fb:1f:c9:7d:
2a:96:f4:4c:76:c8:27:ab:c1:40:17:5b:3f:3b:38:b6:b0:0c:
e9:4a:0d:6c:63:27:f1:ce:a0:44:19:97:e7:6c:d8:1c:fe:8d:
80:e2:ed:c0:17:f2:47:9d:f2:57:a3:4a:28:06:85:b2:d8:9a:
f2:94:ec:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDZvMnTVh90aXzE7VlL3EW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwNzIyMDkxOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzljMDY3ZjgzN2NlNTM2MTNmYWY5MDliZTM3ODFkMjZkMDZhMTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GOGSWeEZJHocPEXfL/HzKWrV9yf
XDmlER6XUzvG6CU0ewzIibl1c3rgLQuiMbkOwrNC2COtQfTXzzB7PG4R+l+U3oSi
a9rp9FvodTfPB434DvHa4Pnl0fA4iHXonNYWS8iRdrUC61FEAi3W2ohUftfuQD5e
LsnmVQwkenFTr8MqMD4SoQqN9dWZHuC4u73HqaQnqPMbMQpgxhVLQxHRHZyyedDU
/l+Exkg27MWLE4VRun+H85/cNwjgkGh3Dkb6JUlYhgDHK6tjCrzADnKxT5wmr9Fk
6TJbLVDSI5uLCLJdQw73O5+CZgAc1gO9b2dt+Q1dCTMa2QfXuY53Gt962QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGecBn+DfOU2E/r5Cb43gdJtBqE1MB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvWjV3R2Y0Tjg1VFlULXZrSnZqZUIwbTBHb1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAweSLAwQB
wiQgMA0GCSqGSIb3DQEBCwUAA4IBAQBGkSwpkaMuVdnONRZs8fhSrdKMUxnLbzv3
JoqXTMj1hvafO7ZfbJpX+WzlGdTz/KPermfU0fsNjNZrtn7sKDmvE6RfIDGxAtBa
BdX+16ZkfY4btKhfHe7UBJyMamvETPu7xgz/0IbaTnQhLky7TFzl8IJRRKDUGASU
/g9txVO5lRNHlJ8j+gYu8jUgk2AOtnLlFxsq+6KjKh8/H3BBYqag+MHiQHtZZtAx
O5klPjGhpZdlDQtWMTLBo0mmG1iKXGLFk/sfyX0qlvRMdsgnq8FAF1s/Ozi2sAzp
Sg1sYyfxzqBEGZfnbNgc/o2A4u3AF/JHnfJXo0ooBoWy2JrylOx4
-----END CERTIFICATE-----
Generated at Thu Aug 8 15:19:00 2024 by rpki-client on console-ams.rpki-client.org