Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/JDc0jDSgKjwNNaFjRtAo9U3KTA4.roa
File: JDc0jDSgKjwNNaFjRtAo9U3KTA4.roa (raw, json)
Hash identifier: J8zbAsIBl7iYmQ4JrjPSb4LI5WL4bRIK/zP6KnjUB40=
Subject key identifier: 24:37:34:8C:34:A0:2A:3C:0D:35:A1:63:46:D0:28:F5:4D:CA:4C:0E
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018A28C69C419E952D6CC6E29A036CA3FD83
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/JDc0jDSgKjwNNaFjRtAo9U3KTA4.roa
Signing time: Thu 24 Aug 2023 18:20:19 +0000
ROA not before: Thu 24 Aug 2023 18:20:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 27522
IP address blocks: 198.151.96.0/20 maxlen: 20
198.151.112.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:28:c6:9c:41:9e:95:2d:6c:c6:e2:9a:03:6c:a3:fd:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Aug 24 18:20:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2437348c34a02a3c0d35a16346d028f54dca4c0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:8e:13:96:94:23:91:86:81:3c:6c:9b:aa:e3:
a6:41:d6:e0:63:b6:29:59:d1:89:72:b4:27:93:db:
de:8e:ed:b5:c2:a5:8a:e6:bf:9b:21:14:77:87:2f:
13:11:64:45:39:dd:3f:44:64:a9:b8:df:b7:bb:46:
3a:ea:d8:39:68:ef:c4:16:6a:0f:b8:8f:ab:9d:8d:
ba:a2:53:65:3a:ce:79:45:1f:4a:49:82:9f:0d:4a:
3d:a5:fa:e5:f7:bb:41:5d:04:ed:16:69:1c:16:d2:
60:9e:2c:26:51:e8:f2:a0:c6:65:e2:28:ac:a6:db:
6d:a2:93:c9:a8:d6:e5:cf:3d:22:6f:2e:6b:20:b7:
21:78:7e:4a:c5:6f:35:32:e2:d1:07:39:d7:65:d9:
5f:f7:62:4d:ed:50:cc:31:73:b6:b8:8b:df:6c:0b:
d6:f6:61:9f:7f:c4:80:0e:1e:b3:1c:ad:8f:d5:79:
cd:c0:6a:96:f8:28:9f:27:0b:30:2c:5c:e2:bf:ae:
55:5d:18:d3:38:82:3f:27:8c:eb:e1:67:87:03:c0:
ad:f0:d2:2a:b3:fd:4b:0b:68:38:14:dd:9d:b8:b3:
b7:6c:07:b6:3c:4b:c3:a9:c0:29:35:c7:3f:a7:f7:
f6:8b:a5:7f:75:6c:c1:59:d0:b2:5b:e1:06:38:e6:
92:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:37:34:8C:34:A0:2A:3C:0D:35:A1:63:46:D0:28:F5:4D:CA:4C:0E
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/JDc0jDSgKjwNNaFjRtAo9U3KTA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
198.151.96.0/19
Signature Algorithm: sha256WithRSAEncryption
6a:17:1c:3d:7c:16:21:e4:58:f0:f5:91:18:94:01:d4:72:55:
36:84:f3:2c:43:43:6d:99:28:44:15:aa:ef:77:99:3f:a0:96:
65:aa:ed:c1:b5:38:6d:64:30:3b:c1:9b:a2:18:0a:d9:eb:6c:
56:e1:34:87:b1:da:34:12:d3:7f:59:0c:e0:15:2a:b1:c8:43:
46:14:46:c6:23:5b:f2:a3:6c:9d:2d:1b:14:6a:54:36:0b:a8:
21:81:a1:16:7e:b6:72:0e:a5:96:92:c7:8d:55:4e:95:11:4d:
0c:3c:16:c3:19:92:31:2d:99:4d:e0:d7:fc:72:59:6e:60:7b:
b2:bc:f5:45:ea:ea:2b:77:fb:eb:7f:4f:6f:97:c5:c8:15:e0:
91:95:50:d1:a6:46:1f:e5:8d:ff:d6:41:12:c6:bb:ba:13:5a:
95:5c:db:a9:48:73:ac:8e:d1:e3:0c:0c:82:e1:4c:af:c9:ce:
f6:8f:54:5e:c2:70:9a:46:0f:dd:5a:cb:ab:90:b2:7c:30:41:
b1:74:2e:7f:3d:41:41:a1:f0:50:19:76:da:d5:5f:2f:a9:6a:
80:f9:93:df:b6:2d:b0:2d:a4:a5:cc:8e:c8:43:98:08:fa:4a:
52:fc:fa:48:39:fd:e6:53:7e:43:67:73:a8:37:d8:e4:8b:0a:
04:36:42:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYooxpxBnpUtbMbimgNso/2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwODI0MTgyMDE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM3MzQ4YzM0YTAyYTNjMGQzNWExNjM0NmQwMjhmNTRkY2E0YzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto4TlpQjkYaBPGybquOmQdbgY7Yp
WdGJcrQnk9veju21wqWK5r+bIRR3hy8TEWRFOd0/RGSpuN+3u0Y66tg5aO/EFmoP
uI+rnY26olNlOs55RR9KSYKfDUo9pfrl97tBXQTtFmkcFtJgniwmUejyoMZl4iis
ptttopPJqNblzz0iby5rILcheH5KxW81MuLRBznXZdlf92JN7VDMMXO2uIvfbAvW
9mGff8SADh6zHK2P1XnNwGqW+CifJwswLFziv65VXRjTOII/J4zr4WeHA8Ct8NIq
s/1LC2g4FN2duLO3bAe2PEvDqcApNcc/p/f2i6V/dWzBWdCyW+EGOOaS0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ3NIw0oCo8DTWhY0bQKPVNykwOMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvSkRjMGpEU2dLandOTmFGalJ0QW85VTNLVEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFxpdgMA0G
CSqGSIb3DQEBCwUAA4IBAQBqFxw9fBYh5Fjw9ZEYlAHUclU2hPMsQ0NtmShEFarv
d5k/oJZlqu3BtThtZDA7wZuiGArZ62xW4TSHsdo0EtN/WQzgFSqxyENGFEbGI1vy
o2ydLRsUalQ2C6ghgaEWfrZyDqWWkseNVU6VEU0MPBbDGZIxLZlN4Nf8clluYHuy
vPVF6uord/vrf09vl8XIFeCRlVDRpkYf5Y3/1kESxru6E1qVXNupSHOsjtHjDAyC
4Uyvyc72j1RewnCaRg/dWsurkLJ8MEGxdC5/PUFBofBQGXba1V8vqWqA+ZPfti2w
LaSlzI7IQ5gI+kpS/PpIOf3mU35DZ3OoN9jkiwoENkJ2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org