Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zB15YPdYfG3Xl_VEpkNTwl8hw7Q.roa
File: zB15YPdYfG3Xl_VEpkNTwl8hw7Q.roa (raw, json)
Hash identifier: R8Le947OC3W1rjkIMxN9HhB9bxPGPrVOEbg6z5hXZ30=
Subject key identifier: CC:1D:79:60:F7:58:7C:6D:D7:97:F5:44:A6:43:53:C2:5F:21:C3:B4
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018570D5562C0C424BEB35F0E56DBD9E1D20
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zB15YPdYfG3Xl_VEpkNTwl8hw7Q.roa
Signing time: Mon 02 Jan 2023 04:55:07 +0000
ROA not before: Mon 02 Jan 2023 04:55:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35830
IP address blocks: 193.56.67.0/24 maxlen: 24
193.56.75.0/24 maxlen: 24
91.243.190.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:56:2c:0c:42:4b:eb:35:f0:e5:6d:bd:9e:1d:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 2 04:55:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cc1d7960f7587c6dd797f544a64353c25f21c3b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f9:d5:76:19:7d:e0:b5:e4:62:1c:e0:79:7b:
ad:54:cd:99:27:14:a5:de:8e:49:e4:b4:09:63:26:
a7:e3:08:82:15:c0:9d:ce:ce:45:5f:d8:99:f2:cb:
a5:1f:f1:dc:fb:e0:1b:09:26:20:a4:5f:fa:f6:3a:
dd:3c:22:fa:80:85:4a:cc:63:ad:3c:eb:83:4d:6b:
50:4d:30:15:e5:19:f8:5a:35:f3:57:84:f8:4d:fa:
2d:e0:7f:f5:29:11:54:e5:6f:f8:52:37:61:20:a5:
bc:c2:7a:bb:36:0c:0d:0d:18:7e:4d:d9:ac:e0:9b:
36:02:35:69:ab:8f:8c:f8:17:9a:ac:0f:d4:c1:ec:
a6:42:1d:55:9d:34:11:18:a8:9c:bf:64:bc:0f:2f:
7c:b1:3f:7f:1f:4c:b7:10:95:aa:97:bf:1e:c2:94:
d4:1f:4d:57:12:1c:2d:1c:ac:42:d0:f0:0e:01:de:
71:36:c5:4e:38:ab:5d:cb:a1:f6:8b:32:75:1b:97:
ce:8f:98:a6:02:d9:51:4a:cd:be:0d:46:63:0b:ec:
da:8b:f2:5c:b6:c6:a2:ca:1d:fa:e6:03:ea:9b:95:
c7:b0:8c:0f:09:80:a9:f6:ed:88:f2:fb:65:b0:00:
e5:b7:76:be:41:f0:8d:47:ae:82:1b:38:1e:c5:80:
f0:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:1D:79:60:F7:58:7C:6D:D7:97:F5:44:A6:43:53:C2:5F:21:C3:B4
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zB15YPdYfG3Xl_VEpkNTwl8hw7Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.190.0/24
193.56.67.0/24
193.56.75.0/24
Signature Algorithm: sha256WithRSAEncryption
a6:91:b8:dc:58:5f:94:60:32:2d:d8:df:67:dd:cd:b3:5a:dc:
41:5c:09:55:b0:43:7d:01:1b:7f:c2:7f:75:8d:90:a0:7d:f6:
68:6c:d9:57:a8:88:bd:98:12:fb:64:ed:31:ed:3e:26:cc:a5:
46:81:05:24:cb:f3:f9:66:f6:84:7e:4f:a8:42:97:04:20:fd:
a3:1e:04:29:d1:a4:47:18:b0:bb:1d:dd:48:9c:98:df:26:6a:
6c:20:69:8b:ec:41:1c:ca:2f:de:ce:72:93:4e:59:29:7f:57:
49:ac:d9:d0:d9:ee:e8:ad:53:bf:69:58:0e:8b:62:8a:d7:a4:
cf:3a:0e:d1:3c:ee:d1:9a:26:f3:6d:ca:07:4e:11:a1:76:7f:
92:7d:e2:7f:f8:1a:df:7c:49:c2:56:9b:dd:9f:06:af:e1:1c:
a1:e4:aa:2a:ef:97:98:a0:19:68:c6:97:37:7d:32:46:1c:d3:
76:ef:ee:76:64:73:9b:03:9a:98:c2:26:a6:5c:19:95:98:d6:
ee:95:e7:97:c0:c6:e2:c1:16:70:43:34:74:c0:f6:39:c5:b6:
f4:dc:c2:96:b7:ea:e8:aa:c8:f0:56:b6:9d:b5:1d:94:97:bb:
c7:5a:10:c2:e6:08:35:cb:ad:d7:c8:32:08:66:11:37:05:25:
58:8d:52:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVw1VYsDEJL6zXw5W29nh0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFkNzk2MGY3NTg3YzZkZDc5N2Y1NDRhNjQzNTNjMjVmMjFjM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovnVdhl94LXkYhzgeXutVM2ZJxSl
3o5J5LQJYyan4wiCFcCdzs5FX9iZ8sulH/Hc++AbCSYgpF/69jrdPCL6gIVKzGOt
POuDTWtQTTAV5Rn4WjXzV4T4Tfot4H/1KRFU5W/4UjdhIKW8wnq7NgwNDRh+Tdms
4Js2AjVpq4+M+BearA/UweymQh1VnTQRGKicv2S8Dy98sT9/H0y3EJWql78ewpTU
H01XEhwtHKxC0PAOAd5xNsVOOKtdy6H2izJ1G5fOj5imAtlRSs2+DUZjC+zai/Jc
tsaiyh365gPqm5XHsIwPCYCp9u2I8vtlsADlt3a+QfCNR66CGzgexYDw+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMwdeWD3WHxt15f1RKZDU8JfIcO0MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvekIxNVlQZFlmRzNYbF9WRXBrTlR3bDhodzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW/O+AwQA
wThDAwQAwThLMA0GCSqGSIb3DQEBCwUAA4IBAQCmkbjcWF+UYDIt2N9n3c2zWtxB
XAlVsEN9ARt/wn91jZCgffZobNlXqIi9mBL7ZO0x7T4mzKVGgQUky/P5ZvaEfk+o
QpcEIP2jHgQp0aRHGLC7Hd1InJjfJmpsIGmL7EEcyi/eznKTTlkpf1dJrNnQ2e7o
rVO/aVgOi2KK16TPOg7RPO7RmibzbcoHThGhdn+SfeJ/+BrffEnCVpvdnwav4Ryh
5Koq75eYoBloxpc3fTJGHNN27+52ZHObA5qYwiamXBmVmNbuleeXwMbiwRZwQzR0
wPY5xbb03MKWt+roqsjwVradtR2Ul7vHWhDC5gg1y63XyDIIZhE3BSVYjVLG
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org