Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AFY-K1qxuP3zle8psoxKuFja_4Y.roa
File: AFY-K1qxuP3zle8psoxKuFja_4Y.roa (raw, json)
Hash identifier: 0RRns9+WsegTWhbZkoxMCaSqDwMM2+kPSNrU0CYhzpw=
Subject key identifier: 00:56:3E:2B:5A:B1:B8:FD:F3:95:EF:29:B2:8C:4A:B8:58:DA:FF:86
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018CC8DE302F1D21E0CBD724672FFB372879
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AFY-K1qxuP3zle8psoxKuFja_4Y.roa
Signing time: Tue 02 Jan 2024 06:30:53 +0000
ROA not before: Tue 02 Jan 2024 06:30:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 45.91.238.0/24 maxlen: 24
45.91.237.0/24 maxlen: 24
45.91.236.0/24 maxlen: 24
212.107.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:30:2f:1d:21:e0:cb:d7:24:67:2f:fb:37:28:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 2 06:30:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=00563e2b5ab1b8fdf395ef29b28c4ab858daff86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:09:55:50:bf:2b:3a:ce:e2:a2:5b:95:86:4d:
84:65:f8:90:71:fa:69:e2:3e:0d:e8:76:d4:fc:7a:
fd:7f:d1:ac:37:46:0c:66:1a:f1:a8:57:74:81:4f:
47:37:ab:47:66:43:86:7c:ce:1b:4d:6a:b3:36:f1:
21:af:9e:2a:7b:2d:9f:fb:46:75:fa:33:30:cc:98:
87:f7:e4:9c:63:da:96:e4:36:17:9d:c9:e1:5a:e4:
0f:9d:a2:93:ee:ba:d2:97:cd:77:72:fb:27:bd:2e:
78:b0:3e:11:5c:61:e3:e3:c1:39:5a:25:66:1e:37:
1f:4d:92:bc:5d:3a:32:ed:37:be:af:97:c2:f9:9e:
5d:c4:65:b5:87:43:d9:99:0e:d4:c7:eb:c8:73:42:
b9:7f:55:44:37:22:d1:3b:1b:18:90:43:93:db:55:
72:18:be:ef:81:d9:5e:1c:ce:06:5a:54:70:d4:36:
86:83:ee:4b:d6:6b:bd:91:f4:99:af:97:28:c3:2f:
7d:67:ba:71:c0:3c:cb:65:61:a0:50:b1:c3:f5:ae:
aa:5f:8a:6b:c3:83:d3:c9:83:95:4a:a7:1f:d5:22:
21:f7:46:b8:4b:66:88:ad:0c:be:c6:6d:3e:7b:28:
b1:ad:68:7f:ca:9a:4b:31:7f:68:ba:7c:7a:74:d5:
a2:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:56:3E:2B:5A:B1:B8:FD:F3:95:EF:29:B2:8C:4A:B8:58:DA:FF:86
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AFY-K1qxuP3zle8psoxKuFja_4Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.236.0-45.91.238.255
212.107.27.0/24
Signature Algorithm: sha256WithRSAEncryption
16:78:c6:05:42:d1:20:83:99:aa:af:ba:00:c2:c2:a0:0c:3c:
81:29:bb:ad:1a:f3:5f:8f:5f:b9:c0:a2:a2:48:bc:61:9e:6d:
50:5a:28:fa:3a:f7:41:31:1c:42:e7:cb:51:03:de:36:91:d1:
a2:51:c5:d0:6e:ba:de:55:45:cb:26:74:30:5e:4a:77:19:76:
71:c1:30:2f:7b:32:38:d4:de:c8:b9:27:6c:88:47:87:89:d4:
00:b0:28:25:cf:21:06:42:56:4d:ae:c2:7c:91:04:b5:36:ec:
79:23:ad:b2:5f:20:d1:b8:02:ef:ab:0b:39:01:af:f9:2e:b3:
b9:0e:2d:59:e6:f9:57:f6:25:8f:97:4c:e0:20:a2:9d:eb:f0:
57:fe:76:38:30:00:17:22:83:30:37:03:2e:84:5d:67:c5:b1:
a8:9c:58:01:24:dd:f4:aa:cb:b8:d2:72:5a:45:58:9e:69:d4:
08:be:51:39:8c:ce:b5:a6:73:de:0f:42:06:c6:c4:b8:43:ec:
9f:cd:0f:ad:b3:8d:b2:e6:c6:d7:53:40:f7:5a:8b:86:48:8f:
92:ab:39:da:d2:86:39:e9:da:bd:77:e6:af:5f:23:88:43:d8:
ab:65:88:7e:2c:6c:5d:0e:92:35:22:ca:d6:e9:e9:4b:d5:49:
4d:21:2f:79
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzI3jAvHSHgy9ckZy/7Nyh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU2M2UyYjVhYjFiOGZkZjM5NWVmMjliMjhjNGFiODU4ZGFmZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwlVUL8rOs7ioluVhk2EZfiQcfpp
4j4N6HbU/Hr9f9GsN0YMZhrxqFd0gU9HN6tHZkOGfM4bTWqzNvEhr54qey2f+0Z1
+jMwzJiH9+ScY9qW5DYXncnhWuQPnaKT7rrSl813cvsnvS54sD4RXGHj48E5WiVm
HjcfTZK8XToy7Te+r5fC+Z5dxGW1h0PZmQ7Ux+vIc0K5f1VENyLROxsYkEOT21Vy
GL7vgdleHM4GWlRw1DaGg+5L1mu9kfSZr5cowy99Z7pxwDzLZWGgULHD9a6qX4pr
w4PTyYOVSqcf1SIh90a4S2aIrQy+xm0+eyixrWh/yppLMX9ounx6dNWiKwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFABWPitasbj985XvKbKMSrhY2v+GMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvQUZZLUsxcXh1UDN6bGU4cHNveEt1RmphXzRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAItW+wD
BAAtW+4DBADUaxswDQYJKoZIhvcNAQELBQADggEBABZ4xgVC0SCDmaqvugDCwqAM
PIEpu60a81+PX7nAoqJIvGGebVBaKPo690ExHELny1ED3jaR0aJRxdBuut5VRcsm
dDBeSncZdnHBMC97MjjU3si5J2yIR4eJ1ACwKCXPIQZCVk2uwnyRBLU27HkjrbJf
ING4Au+rCzkBr/kus7kOLVnm+Vf2JY+XTOAgop3r8Ff+djgwABcigzA3Ay6EXWfF
saicWAEk3fSqy7jSclpFWJ5p1Ai+UTmMzrWmc94PQgbGxLhD7J/ND62zjbLmxtdT
QPdai4ZIj5KrOdrShjnp2r135q9fI4hD2KtliH4sbF0OkjUiytbp6UvVSU0hL3k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org