Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/rI0a0ZT-PYKbKfcWqesd1I1hsGA.roa
File: rI0a0ZT-PYKbKfcWqesd1I1hsGA.roa (raw, json)
Hash identifier: NNfKWmo+7OZ8m7CoFipoCmvZmfGn0t9pdmVR64KSl6U=
Subject key identifier: AC:8D:1A:D1:94:FE:3D:82:9B:29:F7:16:A9:EB:1D:D4:8D:61:B0:60
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018570D55A0A908BE1BBFA2845988DFDD4C8
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/rI0a0ZT-PYKbKfcWqesd1I1hsGA.roa
Signing time: Mon 02 Jan 2023 04:55:08 +0000
ROA not before: Mon 02 Jan 2023 04:55:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49121
IP address blocks: 91.191.185.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:5a:0a:90:8b:e1:bb:fa:28:45:98:8d:fd:d4:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 2 04:55:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac8d1ad194fe3d829b29f716a9eb1dd48d61b060
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:8d:22:34:53:0c:a9:75:1b:dd:8e:d6:42:cc:
7a:dd:f0:02:e5:89:6f:3b:11:d4:11:fd:ba:2c:f9:
e4:c5:95:24:3a:4a:0b:3c:f3:b7:9f:f7:7c:27:b3:
24:72:c2:81:4f:7b:0a:b9:52:ae:dc:6a:27:8c:ad:
04:00:ee:f6:19:43:dd:02:f3:7b:58:4b:53:bf:f2:
90:c7:25:79:cf:31:7a:d3:ba:3e:28:7c:63:f7:79:
aa:47:06:02:5b:33:7c:d0:40:c3:88:93:9e:4b:1d:
a5:a8:cd:49:85:2f:5f:65:49:f7:02:2d:48:66:d6:
c8:25:14:21:35:01:0f:48:5a:7a:67:1e:e0:00:55:
35:95:db:38:87:0b:af:10:09:2a:62:58:2e:c0:0d:
d3:79:d5:65:e9:b4:42:5a:c1:58:99:b3:09:f7:af:
bb:52:bb:82:7a:a5:7e:de:49:da:16:e0:54:a8:cd:
6f:3a:d4:ec:9d:73:ff:a9:0a:5d:a7:8a:39:b6:f6:
9d:36:cc:1e:50:27:23:94:bf:dd:3b:7a:9a:bf:9e:
4c:a7:04:a9:d3:90:f0:e3:75:a1:db:d6:3d:94:c8:
70:da:ac:d9:4b:c0:a2:fa:04:85:07:01:f4:a5:89:
32:07:35:9d:43:4c:f9:62:6e:98:39:cb:61:81:a8:
04:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:8D:1A:D1:94:FE:3D:82:9B:29:F7:16:A9:EB:1D:D4:8D:61:B0:60
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/rI0a0ZT-PYKbKfcWqesd1I1hsGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.191.185.0/24
Signature Algorithm: sha256WithRSAEncryption
40:9e:6f:33:aa:26:a2:6a:ac:0f:71:1a:b5:ca:14:bc:a1:3f:
34:62:db:a8:ad:9f:f3:19:e5:c5:30:a5:7d:32:d0:de:cd:bc:
77:38:8f:14:38:0b:ba:cc:c8:50:8c:ca:14:ef:da:20:ea:62:
91:62:44:3c:83:d3:c6:3e:45:8c:90:09:43:b2:20:16:2f:9a:
a1:8d:03:62:97:f6:a1:f9:1d:2f:00:91:e8:6a:73:48:cf:ed:
e4:d3:c4:3c:51:8c:5c:59:8a:56:e7:1a:4c:82:08:02:a9:5b:
bd:b5:4f:0f:cb:fc:f4:55:95:32:5c:20:95:05:c3:22:e3:2f:
66:55:a7:1a:e5:fc:8b:1a:54:65:23:ff:c7:b7:8f:78:82:1a:
d9:da:3b:e1:cf:0b:2b:c2:2c:b1:76:a5:f1:f5:fe:bc:f3:9b:
34:58:05:c6:ac:14:38:e6:0a:0b:3d:fb:91:de:d6:25:a4:3e:
cb:f1:aa:c4:6f:67:1e:b3:b6:bf:fe:d2:9c:4f:58:72:fd:4a:
6b:5d:8c:03:91:79:e1:d2:3d:07:27:b9:8b:55:c1:ea:ec:4d:
33:e0:c4:c1:bb:99:a0:e5:92:0e:7f:e1:ee:ab:85:28:7f:54:
b0:c1:b3:b2:74:22:40:87:5f:6e:b0:e9:a5:2b:e2:38:dd:fd:
6d:ec:3a:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw1VoKkIvhu/ooRZiN/dTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhkMWFkMTk0ZmUzZDgyOWIyOWY3MTZhOWViMWRkNDhkNjFiMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA540iNFMMqXUb3Y7WQsx63fAC5Ylv
OxHUEf26LPnkxZUkOkoLPPO3n/d8J7MkcsKBT3sKuVKu3GonjK0EAO72GUPdAvN7
WEtTv/KQxyV5zzF607o+KHxj93mqRwYCWzN80EDDiJOeSx2lqM1JhS9fZUn3Ai1I
ZtbIJRQhNQEPSFp6Zx7gAFU1lds4hwuvEAkqYlguwA3TedVl6bRCWsFYmbMJ96+7
UruCeqV+3knaFuBUqM1vOtTsnXP/qQpdp4o5tvadNsweUCcjlL/dO3qav55MpwSp
05Dw43Wh29Y9lMhw2qzZS8Ci+gSFBwH0pYkyBzWdQ0z5Ym6YOcthgagEvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyNGtGU/j2Cmyn3FqnrHdSNYbBgMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvckkwYTBaVC1QWUtiS2ZjV3Flc2QxSTFoc0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7+5MA0G
CSqGSIb3DQEBCwUAA4IBAQBAnm8zqiaiaqwPcRq1yhS8oT80YtuorZ/zGeXFMKV9
MtDezbx3OI8UOAu6zMhQjMoU79og6mKRYkQ8g9PGPkWMkAlDsiAWL5qhjQNil/ah
+R0vAJHoanNIz+3k08Q8UYxcWYpW5xpMgggCqVu9tU8Py/z0VZUyXCCVBcMi4y9m
Vaca5fyLGlRlI//Ht494ghrZ2jvhzwsrwiyxdqXx9f6885s0WAXGrBQ45goLPfuR
3tYlpD7L8arEb2ces7a//tKcT1hy/UprXYwDkXnh0j0HJ7mLVcHq7E0z4MTBu5mg
5ZIOf+Huq4Uof1SwwbOydCJAh19usOmlK+I43f1t7Drl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org