Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa
File: _XCQOMznwFR8_y9f73avkQJ2UwY.roa (raw, json)
Hash identifier: 64c3+YcD2mF4ykcyM57gZ+H7gUCHI9PDEVnUg4LQdiU=
Subject key identifier: FD:70:90:38:CC:E7:C0:54:7C:FF:2F:5F:EF:76:AF:91:02:76:53:06
Certificate issuer: /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial: 018CC72731E24A36B6B466033CFF0A006834
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa
Signing time: Mon 01 Jan 2024 22:31:23 +0000
ROA not before: Mon 01 Jan 2024 22:31:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211500
IP address blocks: 194.36.34.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:31:e2:4a:36:b6:b4:66:03:3c:ff:0a:00:68:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Validity
Not Before: Jan 1 22:31:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fd709038cce7c0547cff2f5fef76af9102765306
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:7c:c9:ad:21:44:32:27:70:dd:70:d0:d9:8c:
fe:c2:91:69:b7:92:96:77:12:26:95:6c:5c:0c:a8:
0d:48:a2:48:51:eb:e2:da:c1:38:69:c3:bf:2e:1a:
a3:67:2f:45:ed:8d:ac:58:6a:18:ab:8f:c9:7b:df:
3f:4a:2c:d5:67:e3:a9:2a:9e:78:1c:18:2d:cc:6f:
26:e4:0a:6b:ab:87:13:54:e3:0a:fa:f2:5d:3e:96:
f9:03:d4:c1:ea:6d:a4:3c:28:c7:70:4d:9c:ed:91:
54:5b:2a:fc:91:ac:5a:ca:3a:8a:e8:a4:1e:ee:91:
d6:6e:cc:d5:d9:7f:97:21:5f:20:82:90:98:1f:61:
dc:c7:81:fd:78:3d:e7:cd:d5:3b:98:06:3c:e1:30:
df:50:d8:14:c7:cd:62:aa:06:fc:00:93:10:de:4b:
c9:4f:ad:51:1e:a4:bb:36:a0:b9:4e:99:fa:a3:67:
5e:11:6e:f0:b6:7c:9f:1c:45:7f:1e:b5:dd:59:79:
d3:3c:50:ec:2a:04:61:79:0f:8a:7c:a3:7e:22:b1:
88:7a:e0:53:e5:df:4d:5f:d8:23:62:fe:24:cc:62:
66:b7:0c:1c:a1:ff:04:0c:9b:28:b2:df:30:4c:1c:
6f:5e:51:d0:96:17:2e:20:2b:d4:7d:97:5b:85:68:
9f:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:70:90:38:CC:E7:C0:54:7C:FF:2F:5F:EF:76:AF:91:02:76:53:06
X509v3 Authority Key Identifier:
keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.36.34.0/23
Signature Algorithm: sha256WithRSAEncryption
55:3c:91:e6:a5:66:c8:df:d8:ef:70:42:8b:24:04:01:a8:9d:
e1:6c:11:31:1e:f9:45:a1:11:4d:fb:ab:ca:fc:3d:bb:2d:9b:
02:f3:d4:77:7b:e9:b6:4f:b4:65:40:cf:cd:e5:34:71:0e:67:
b5:94:4d:8d:90:55:e4:d0:6d:c3:8b:44:cf:3e:1a:9a:70:a1:
c5:a6:61:46:1b:c9:4c:3a:e8:40:16:cf:07:97:64:88:fc:9e:
7e:fc:39:a5:5f:54:fb:1b:b6:38:45:34:82:6f:2d:1b:d0:61:
4f:34:a4:fe:3e:d4:66:3b:6b:ed:7e:64:47:58:49:27:da:3f:
03:11:8f:02:de:22:10:3a:2b:45:74:d6:06:40:e8:34:4f:01:
e9:0d:9f:e4:53:f2:2a:b5:28:a6:00:f1:78:72:3b:53:80:48:
e7:e6:4a:46:6f:ed:04:99:75:10:2e:e2:74:15:91:ea:f7:2a:
28:d8:68:67:ac:db:28:a0:3f:3d:63:81:3f:ad:e8:9c:95:2a:
d5:11:98:c0:ba:7c:49:dc:23:ba:68:a1:87:78:45:8d:d5:08:
a2:05:da:e2:b3:1f:b6:f1:c3:88:7e:c3:0a:93:dd:f6:6d:fe:
98:e5:f5:24:b1:ce:96:68:24:1e:83:12:e9:19:5c:65:0e:bd:
1a:2d:d2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzHiSja2tGYDPP8KAGg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDcwOTAzOGNjZTdjMDU0N2NmZjJmNWZlZjc2YWY5MTAyNzY1MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnzJrSFEMidw3XDQ2Yz+wpFpt5KW
dxImlWxcDKgNSKJIUevi2sE4acO/LhqjZy9F7Y2sWGoYq4/Je98/SizVZ+OpKp54
HBgtzG8m5Aprq4cTVOMK+vJdPpb5A9TB6m2kPCjHcE2c7ZFUWyr8kaxayjqK6KQe
7pHWbszV2X+XIV8ggpCYH2Hcx4H9eD3nzdU7mAY84TDfUNgUx81iqgb8AJMQ3kvJ
T61RHqS7NqC5Tpn6o2deEW7wtnyfHEV/HrXdWXnTPFDsKgRheQ+KfKN+IrGIeuBT
5d9NX9gjYv4kzGJmtwwcof8EDJsost8wTBxvXlHQlhcuICvUfZdbhWifIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1wkDjM58BUfP8vX+92r5ECdlMGMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvX1hDUU9Nem53RlI4X3k5ZjczYXZrUUoyVXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiQiMA0G
CSqGSIb3DQEBCwUAA4IBAQBVPJHmpWbI39jvcEKLJAQBqJ3hbBExHvlFoRFN+6vK
/D27LZsC89R3e+m2T7RlQM/N5TRxDme1lE2NkFXk0G3Di0TPPhqacKHFpmFGG8lM
OuhAFs8Hl2SI/J5+/DmlX1T7G7Y4RTSCby0b0GFPNKT+PtRmO2vtfmRHWEkn2j8D
EY8C3iIQOitFdNYGQOg0TwHpDZ/kU/IqtSimAPF4cjtTgEjn5kpGb+0EmXUQLuJ0
FZHq9yoo2GhnrNsooD89Y4E/reiclSrVEZjAunxJ3CO6aKGHeEWN1QiiBdrisx+2
8cOIfsMKk932bf6Y5fUksc6WaCQegxLpGVxlDr0aLdKZ
-----END CERTIFICATE-----
Generated at Thu Aug 8 15:19:00 2024 by rpki-client on console-ams.rpki-client.org