Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/Ns5R2fqr3EPuhYzbJhSU1aJ5A24.roa
File: Ns5R2fqr3EPuhYzbJhSU1aJ5A24.roa (raw, json)
Hash identifier: TXWLVdBqrx/yVzPTW17y8V9ZC4FlCES21Kt2IfZeNsM=
Subject key identifier: 36:CE:51:D9:FA:AB:DC:43:EE:85:8C:DB:26:14:94:D5:A2:79:03:6E
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 01899088BAD71D88EEBCD91E7A88C76E2FCE
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/Ns5R2fqr3EPuhYzbJhSU1aJ5A24.roa
Signing time: Wed 26 Jul 2023 04:50:27 +0000
ROA not before: Wed 26 Jul 2023 04:50:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58024
IP address blocks: 77.105.145.0/24 maxlen: 24
84.54.46.0/24 maxlen: 24
77.105.165.0/24 maxlen: 24
176.113.112.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:90:88:ba:d7:1d:88:ee:bc:d9:1e:7a:88:c7:6e:2f:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Jul 26 04:50:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=36ce51d9faabdc43ee858cdb261494d5a279036e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:f1:93:80:07:10:87:5a:09:2f:29:82:42:23:
84:77:fc:08:1c:db:46:72:40:8d:d2:42:10:bf:18:
52:d0:ec:88:3a:c6:72:a4:d9:54:43:f6:8c:36:ca:
d4:58:4f:78:4c:1a:31:c1:16:16:30:d0:90:dc:4d:
b0:ee:e7:a2:e0:25:2e:ee:13:f6:92:b4:3c:ff:49:
90:be:68:2d:b1:61:97:2a:4e:89:1e:51:61:c8:63:
01:26:2d:a9:0e:16:f3:5a:00:03:8d:31:b9:d8:a6:
8b:af:a0:41:55:4c:78:66:da:24:5f:03:56:a8:05:
0f:0e:85:7c:a7:ab:4e:e8:ce:60:da:74:86:5b:38:
b1:58:44:f7:3e:4b:0c:13:3a:da:3f:90:1f:c2:68:
93:05:bc:2d:c8:fd:63:e3:5b:17:73:c0:57:c0:d1:
26:ca:1d:0d:17:e5:50:bc:67:e9:6b:8f:9e:d7:2a:
99:87:fb:21:83:22:87:3d:81:b1:60:3b:7c:2d:21:
80:0d:e6:e7:13:e3:00:23:04:2f:b5:ad:c4:77:cb:
18:ec:79:91:48:d5:cc:3e:b9:da:65:f2:be:1a:39:
cd:cb:a9:e5:01:c7:2d:d0:67:42:85:70:42:43:10:
e4:f4:75:02:77:f8:4f:16:0d:13:fb:7d:1c:bd:fd:
dc:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:CE:51:D9:FA:AB:DC:43:EE:85:8C:DB:26:14:94:D5:A2:79:03:6E
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/Ns5R2fqr3EPuhYzbJhSU1aJ5A24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.145.0/24
77.105.165.0/24
84.54.46.0/24
176.113.112.0/24
Signature Algorithm: sha256WithRSAEncryption
19:fe:97:27:29:c3:24:ef:95:65:fd:33:ed:8e:44:7c:4b:8e:
ac:7c:62:fc:17:2a:d0:71:0a:76:b7:4e:57:37:65:2b:18:ea:
42:19:da:ba:80:50:c3:28:9c:59:73:3b:06:f5:15:10:43:65:
70:17:ce:7b:6e:c0:26:78:c0:0a:59:c4:a5:63:bd:de:26:b0:
ba:f8:5d:4e:12:d0:e6:b6:1e:ae:10:9a:08:3a:35:c6:92:88:
02:f7:63:89:91:09:fb:db:ce:ec:1e:01:4a:e0:55:40:b6:f6:
af:d3:02:79:87:69:a7:3f:9d:29:aa:20:c6:db:02:5e:70:95:
dc:e4:28:e6:0e:70:53:8d:b1:17:85:96:af:68:16:9d:68:db:
e5:61:ba:61:d7:42:e7:80:2d:97:43:52:11:80:3a:69:66:ca:
7a:a6:a8:2f:13:11:9b:f7:32:f6:b8:66:cd:c9:dd:b9:e8:2a:
be:4a:85:82:ae:5b:fc:db:be:18:97:54:4d:4c:83:46:dc:14:
f6:71:e2:ad:93:be:2d:c8:18:74:63:14:15:d1:40:3d:b3:ee:
63:d0:30:6c:f7:9d:fa:94:1c:2e:12:63:69:29:ec:36:80:57:
17:4f:6b:8b:6d:b6:d3:36:b0:97:54:85:0e:f5:37:cd:2e:6e:
7a:8f:92:4f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYmQiLrXHYjuvNkeeojHbi/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwNzI2MDQ1MDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNlNTFkOWZhYWJkYzQzZWU4NThjZGIyNjE0OTRkNWEyNzkwMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPGTgAcQh1oJLymCQiOEd/wIHNtG
ckCN0kIQvxhS0OyIOsZypNlUQ/aMNsrUWE94TBoxwRYWMNCQ3E2w7uei4CUu7hP2
krQ8/0mQvmgtsWGXKk6JHlFhyGMBJi2pDhbzWgADjTG52KaLr6BBVUx4ZtokXwNW
qAUPDoV8p6tO6M5g2nSGWzixWET3PksMEzraP5AfwmiTBbwtyP1j41sXc8BXwNEm
yh0NF+VQvGfpa4+e1yqZh/shgyKHPYGxYDt8LSGADebnE+MAIwQvta3Ed8sY7HmR
SNXMPrnaZfK+GjnNy6nlAcct0GdChXBCQxDk9HUCd/hPFg0T+30cvf3clwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDbOUdn6q9xD7oWM2yYUlNWieQNuMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvTnM1UjJmcXIzRVB1aFl6YkpoU1UxYUo1QTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATWmRAwQA
TWmlAwQAVDYuAwQAsHFwMA0GCSqGSIb3DQEBCwUAA4IBAQAZ/pcnKcMk75Vl/TPt
jkR8S46sfGL8FyrQcQp2t05XN2UrGOpCGdq6gFDDKJxZczsG9RUQQ2VwF857bsAm
eMAKWcSlY73eJrC6+F1OEtDmth6uEJoIOjXGkogC92OJkQn7287sHgFK4FVAtvav
0wJ5h2mnP50pqiDG2wJecJXc5CjmDnBTjbEXhZavaBadaNvlYbph10LngC2XQ1IR
gDppZsp6pqgvExGb9zL2uGbNyd256Cq+SoWCrlv8274Yl1RNTING3BT2ceKtk74t
yBh0YxQV0UA9s+5j0DBs9536lBwuEmNpKew2gFcXT2uLbbbTNrCXVIUO9TfNLm56
j5JP
-----END CERTIFICATE-----
Generated at Tue Nov 14 10:29:14 2023 by rpki-client on console-ams.rpki-client.org