Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/Jw8CehK3iLFNF5O4I1d40a_O4s0.roa
File: Jw8CehK3iLFNF5O4I1d40a_O4s0.roa (raw, json)
Hash identifier: JDHi1P8OS4sdtrF3FG7Pjbp+Sj0WYWdHsY621o5HiKk=
Subject key identifier: 27:0F:02:7A:12:B7:88:B1:4D:17:93:B8:23:57:78:D1:AF:CE:E2:CD
Certificate issuer: /CN=38401e58890bf230dcae5d0305119ff2c2b8d433
Certificate serial: 01857246F1DE125D991C83D7AA3AD709786A
Authority key identifier: 38:40:1E:58:89:0B:F2:30:DC:AE:5D:03:05:11:9F:F2:C2:B8:D4:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OEAeWIkL8jDcrl0DBRGf8sK41DM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/Jw8CehK3iLFNF5O4I1d40a_O4s0.roa
Signing time: Mon 02 Jan 2023 11:38:50 +0000
ROA not before: Mon 02 Jan 2023 11:38:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56603
IP address blocks: 192.145.96.0/24 maxlen: 24
2a09:6280:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:f1:de:12:5d:99:1c:83:d7:aa:3a:d7:09:78:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38401e58890bf230dcae5d0305119ff2c2b8d433
Validity
Not Before: Jan 2 11:38:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=270f027a12b788b14d1793b8235778d1afcee2cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:bf:31:02:a6:f7:a7:df:b8:9a:f4:dd:99:23:
28:90:31:a3:fb:73:d2:9f:94:e6:c3:0a:c3:d4:fd:
de:64:d2:fa:a8:40:22:08:ae:14:33:27:24:08:58:
81:ef:69:d7:5a:b9:af:a9:17:c0:ef:41:fd:b8:f6:
f4:98:5e:a6:3c:fe:a1:e0:43:85:01:75:59:50:83:
34:11:e7:0e:9b:f6:96:cb:29:87:25:95:e5:29:a6:
f0:1e:4d:d2:c5:77:a2:d3:8c:6a:76:14:b1:32:32:
b4:19:ad:21:0d:ee:3e:25:91:79:ce:97:69:12:f8:
ff:e0:1e:f7:95:70:40:7e:8a:d8:f3:04:02:1e:dc:
b8:d9:f7:8d:00:d4:f6:f0:33:2a:92:eb:ce:7c:5c:
3e:b6:77:d9:d0:86:b4:5e:07:b0:72:5a:40:60:78:
5c:a0:01:89:78:2f:0e:13:04:34:58:76:df:72:0d:
05:94:aa:aa:12:d7:4d:f7:52:47:7d:1b:7b:09:a9:
75:9d:31:ed:0a:76:3a:7e:70:b7:80:a6:92:a8:ac:
ae:97:37:55:b2:cc:dc:b1:cd:91:88:f3:50:4f:3b:
78:32:ac:87:49:33:29:81:f9:24:0d:79:03:f5:10:
0d:3f:d8:98:92:0f:57:65:0f:5b:c9:93:80:f3:48:
c6:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:0F:02:7A:12:B7:88:B1:4D:17:93:B8:23:57:78:D1:AF:CE:E2:CD
X509v3 Authority Key Identifier:
keyid:38:40:1E:58:89:0B:F2:30:DC:AE:5D:03:05:11:9F:F2:C2:B8:D4:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEAeWIkL8jDcrl0DBRGf8sK41DM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/Jw8CehK3iLFNF5O4I1d40a_O4s0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/67d3b8-c43d-44b7-afa6-8b9cddb73408/1/OEAeWIkL8jDcrl0DBRGf8sK41DM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.145.96.0/24
IPv6:
2a09:6280:1::/48
Signature Algorithm: sha256WithRSAEncryption
5a:5f:7d:20:32:f2:bd:6c:3c:ec:45:27:26:51:4d:1d:3e:77:
37:15:d7:56:88:d5:88:5f:99:f6:c2:86:57:65:26:a7:ed:7b:
74:db:02:ad:3e:15:7b:e0:85:56:f6:da:71:f4:4e:c0:d0:28:
bc:a5:c8:29:cf:a7:da:ea:53:fb:8e:a8:bd:60:3d:54:ff:dd:
8b:70:fd:95:85:bc:73:c6:90:17:36:a0:1f:41:e9:e8:45:30:
6b:f0:7d:77:9c:9d:51:a3:23:5e:15:d5:a1:f4:fc:7a:8c:43:
f2:90:ed:3f:94:7f:34:1d:ee:8f:53:72:fc:0e:64:88:3e:07:
e3:e2:f3:df:b5:71:58:96:03:4f:33:16:27:bf:b6:4e:14:72:
1b:9c:b9:9f:13:26:8b:6c:13:93:a5:6e:37:ff:81:ed:7c:bb:
6c:38:b2:bb:7b:19:e1:e5:98:87:b9:bd:aa:b9:04:d1:ee:4a:
f1:a7:fb:50:d3:8a:53:51:98:e7:12:45:e8:07:af:28:66:e1:
be:b9:74:73:78:83:d6:d1:fe:22:07:c0:65:aa:78:99:c2:82:
9c:12:57:9e:42:3c:3a:0d:b2:f1:f7:2d:83:37:9a:97:7c:61:
84:93:39:cc:26:d5:8f:18:64:47:d5:92:5e:73:86:63:34:26:
35:49:62:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVyRvHeEl2ZHIPXqjrXCXhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDAxZTU4ODkwYmYyMzBkY2FlNWQwMzA1MTE5ZmYyYzJi
OGQ0MzMwHhcNMjMwMTAyMTEzODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzBmMDI3YTEyYjc4OGIxNGQxNzkzYjgyMzU3NzhkMWFmY2VlMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkb8xAqb3p9+4mvTdmSMokDGj+3PS
n5TmwwrD1P3eZNL6qEAiCK4UMyckCFiB72nXWrmvqRfA70H9uPb0mF6mPP6h4EOF
AXVZUIM0EecOm/aWyymHJZXlKabwHk3SxXei04xqdhSxMjK0Ga0hDe4+JZF5zpdp
Evj/4B73lXBAforY8wQCHty42feNANT28DMqkuvOfFw+tnfZ0Ia0XgewclpAYHhc
oAGJeC8OEwQ0WHbfcg0FlKqqEtdN91JHfRt7Cal1nTHtCnY6fnC3gKaSqKyulzdV
sszcsc2RiPNQTzt4MqyHSTMpgfkkDXkD9RANP9iYkg9XZQ9byZOA80jGmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCcPAnoSt4ixTReTuCNXeNGvzuLNMB8GA1UdIwQY
MBaAFDhAHliJC/Iw3K5dAwURn/LCuNQzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VBZVdJa0w4akRjcmwwREJSR2Y4c0s0MURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82N2QzYjgtYzQzZC00NGI3LWFmYTYt
OGI5Y2RkYjczNDA4LzEvSnc4Q2VoSzNpTEZORjVPNEkxZDQwYV9PNHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82N2QzYjgtYzQzZC00NGI3LWFmYTYtOGI5Y2RkYjczNDA4
LzEvT0VBZVdJa0w4akRjcmwwREJSR2Y4c0s0MURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwJFgMA8E
AgACMAkDBwAqCWKAAAEwDQYJKoZIhvcNAQELBQADggEBAFpffSAy8r1sPOxFJyZR
TR0+dzcV11aI1YhfmfbChldlJqfte3TbAq0+FXvghVb22nH0TsDQKLylyCnPp9rq
U/uOqL1gPVT/3Ytw/ZWFvHPGkBc2oB9B6ehFMGvwfXecnVGjI14V1aH0/HqMQ/KQ
7T+UfzQd7o9TcvwOZIg+B+Pi89+1cViWA08zFie/tk4UchucuZ8TJotsE5Olbjf/
ge18u2w4srt7GeHlmIe5vaq5BNHuSvGn+1DTilNRmOcSRegHryhm4b65dHN4g9bR
/iIHwGWqeJnCgpwSV55CPDoNsvH3LYM3mpd8YYSTOcwm1Y8YZEfVkl5zhmM0JjVJ
Yq4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:26 2024 by rpki-client on console-fra.rpki-client.org