Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/P3XOecp8JNOpY9Wo7diZrZ5ypas.roa
File: P3XOecp8JNOpY9Wo7diZrZ5ypas.roa (raw, json)
Hash identifier: HeNl/Vb0HbA9zCJrUaqcjfJRi4oItJ2KhVoV6jGJosc=
Subject key identifier: 3F:75:CE:79:CA:7C:24:D3:A9:63:D5:A8:ED:D8:99:AD:9E:72:A5:AB
Certificate issuer: /CN=3aebf22e86444255fdf78a30c4cb0b2d91e5b757
Certificate serial: 01856DA66A167CA057BE5E2ECC0EC09B96D0
Authority key identifier: 3A:EB:F2:2E:86:44:42:55:FD:F7:8A:30:C4:CB:0B:2D:91:E5:B7:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OuvyLoZEQlX994owxMsLLZHlt1c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/P3XOecp8JNOpY9Wo7diZrZ5ypas.roa
Signing time: Sun 01 Jan 2023 14:05:00 +0000
ROA not before: Sun 01 Jan 2023 14:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3170
IP address blocks: 194.0.58.0/24 maxlen: 24
91.240.224.0/24 maxlen: 24
195.144.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:a6:6a:16:7c:a0:57:be:5e:2e:cc:0e:c0:9b:96:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3aebf22e86444255fdf78a30c4cb0b2d91e5b757
Validity
Not Before: Jan 1 14:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f75ce79ca7c24d3a963d5a8edd899ad9e72a5ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:12:a8:c5:e8:a3:8b:4c:dc:d0:ba:a2:56:d1:
de:fa:64:fe:25:e6:92:df:72:c6:3e:63:03:af:fa:
00:44:2d:7a:84:3b:3a:32:a1:2f:86:a3:1c:e3:b8:
97:b7:a8:59:2d:41:52:8f:99:c4:c4:6f:a7:d1:a8:
d2:e4:aa:5e:3d:e2:04:e4:52:59:f9:ae:2a:1c:bd:
df:13:e0:51:a1:e1:8a:5f:2b:ed:26:32:ff:8a:2a:
7e:93:b1:ef:63:3d:b8:7f:85:ee:1f:8f:c9:f0:32:
f4:c9:22:08:90:75:31:6e:8f:6f:5f:95:2f:8c:c8:
82:3c:99:37:e8:55:86:72:44:f7:c8:fd:d1:90:51:
bb:79:5b:e2:45:18:ce:c6:bb:5e:9c:43:89:ff:7a:
97:69:de:d7:4c:44:b9:e7:74:a9:de:6a:d7:ee:87:
85:27:96:5e:8a:0c:22:66:1d:8f:4e:b7:f2:f1:d3:
0d:77:3b:4e:60:19:54:19:83:ef:6f:31:cd:07:38:
fa:20:50:37:28:22:44:e8:53:46:76:fe:b1:e1:1d:
7d:bf:16:0a:14:5b:14:1b:60:5e:d5:1b:c6:9f:82:
c4:b5:06:a5:b3:1c:49:71:b0:e7:95:85:a4:0d:a1:
36:ab:be:23:5e:e1:b0:15:d1:68:39:92:a9:03:7c:
72:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:75:CE:79:CA:7C:24:D3:A9:63:D5:A8:ED:D8:99:AD:9E:72:A5:AB
X509v3 Authority Key Identifier:
keyid:3A:EB:F2:2E:86:44:42:55:FD:F7:8A:30:C4:CB:0B:2D:91:E5:B7:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OuvyLoZEQlX994owxMsLLZHlt1c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/P3XOecp8JNOpY9Wo7diZrZ5ypas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/OuvyLoZEQlX994owxMsLLZHlt1c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.240.224.0/24
194.0.58.0/24
195.144.8.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:f5:ea:d9:25:91:0e:df:03:1b:ee:5a:ea:bf:d5:0a:4e:e0:
2a:e4:3a:53:49:b0:b0:ac:c2:c8:5c:90:ed:ba:fe:09:c7:8d:
65:e7:18:a6:ba:76:f1:fa:f2:cd:e5:30:77:87:94:72:78:4d:
74:ab:a7:23:76:bd:09:e7:bb:b7:af:bb:73:01:f9:bc:a8:80:
e7:62:03:17:61:83:81:ad:4a:9b:92:2a:09:54:08:4b:71:1f:
e3:94:8f:8e:5b:de:e5:f1:86:d9:ef:da:50:37:20:5d:14:24:
5e:0c:65:18:c8:94:5d:77:29:91:57:c8:a2:30:0c:00:61:97:
11:17:55:eb:c9:a8:9e:5c:84:50:09:cd:f5:39:2b:14:45:6d:
22:d7:eb:4e:4d:1f:fe:9c:f7:0f:d9:0a:04:fb:95:7c:8b:32:
e5:0f:0a:ff:92:0f:2d:8e:4f:4c:fd:db:36:48:65:d3:d8:46:
37:6c:b4:36:a0:e0:01:5f:24:a9:c2:85:72:4c:f9:7f:9f:fc:
d3:05:c4:90:0e:e3:6d:78:6c:05:57:76:5b:ec:13:98:1a:29:
a4:ef:db:fa:20:a7:33:b1:e0:5d:a2:c1:c0:3e:ae:5c:1a:ed:
23:02:75:05:6b:74:ae:56:be:c3:5f:d2:3f:91:a3:a7:89:15:
ec:49:9b:e2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVtpmoWfKBXvl4uzA7Am5bQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZWJmMjJlODY0NDQyNTVmZGY3OGEzMGM0Y2IwYjJkOTFl
NWI3NTcwHhcNMjMwMTAxMTQwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc1Y2U3OWNhN2MyNGQzYTk2M2Q1YThlZGQ4OTlhZDllNzJhNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BKoxeiji0zc0LqiVtHe+mT+JeaS
33LGPmMDr/oARC16hDs6MqEvhqMc47iXt6hZLUFSj5nExG+n0ajS5KpePeIE5FJZ
+a4qHL3fE+BRoeGKXyvtJjL/iip+k7HvYz24f4XuH4/J8DL0ySIIkHUxbo9vX5Uv
jMiCPJk36FWGckT3yP3RkFG7eVviRRjOxrtenEOJ/3qXad7XTES553Sp3mrX7oeF
J5ZeigwiZh2PTrfy8dMNdztOYBlUGYPvbzHNBzj6IFA3KCJE6FNGdv6x4R19vxYK
FFsUG2Be1RvGn4LEtQalsxxJcbDnlYWkDaE2q74jXuGwFdFoOZKpA3xysQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD91znnKfCTTqWPVqO3Yma2ecqWrMB8GA1UdIwQY
MBaAFDrr8i6GREJV/feKMMTLCy2R5bdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3V2eUxvWkVRbFg5OTRvd3hNc0xMWkhsdDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85OGIyZjUtNzVlMS00MjQ1LTk3NmQt
MDE1MGM5NGY5NDBkLzEvUDNYT2VjcDhKTk9wWTlXbzdkaVpyWjV5cGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85OGIyZjUtNzVlMS00MjQ1LTk3NmQtMDE1MGM5NGY5NDBk
LzEvT3V2eUxvWkVRbFg5OTRvd3hNc0xMWkhsdDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW/DgAwQA
wgA6AwQAw5AIMA0GCSqGSIb3DQEBCwUAA4IBAQBa9erZJZEO3wMb7lrqv9UKTuAq
5DpTSbCwrMLIXJDtuv4Jx41l5ximunbx+vLN5TB3h5RyeE10q6cjdr0J57u3r7tz
Afm8qIDnYgMXYYOBrUqbkioJVAhLcR/jlI+OW97l8YbZ79pQNyBdFCReDGUYyJRd
dymRV8iiMAwAYZcRF1XryaieXIRQCc31OSsURW0i1+tOTR/+nPcP2QoE+5V8izLl
Dwr/kg8tjk9M/ds2SGXT2EY3bLQ2oOABXySpwoVyTPl/n/zTBcSQDuNteGwFV3Zb
7BOYGimk79v6IKczseBdosHAPq5cGu0jAnUFa3SuVr7DX9I/kaOniRXsSZvi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:03 2024 by rpki-client on console-fra.rpki-client.org