Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/DXJ_3NMQL8ktdHLfjR2ujIY-BAU.roa
File: DXJ_3NMQL8ktdHLfjR2ujIY-BAU.roa (raw, json)
Hash identifier: q688QYHPykGs5NscR3UNRLF4Q6cuI/U/7BXvcSeYIVM=
Subject key identifier: 0D:72:7F:DC:D3:10:2F:C9:2D:74:72:DF:8D:1D:AE:8C:86:3E:04:05
Certificate issuer: /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial: 0186BEAAF705DC7A77694952863C06925F25
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/DXJ_3NMQL8ktdHLfjR2ujIY-BAU.roa
Signing time: Wed 08 Mar 2023 00:42:00 +0000
ROA not before: Wed 08 Mar 2023 00:42:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49761
IP address blocks: 193.28.226.0/24 maxlen: 24
45.131.34.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:be:aa:f7:05:dc:7a:77:69:49:52:86:3c:06:92:5f:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Validity
Not Before: Mar 8 00:42:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0d727fdcd3102fc92d7472df8d1dae8c863e0405
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:b0:e3:f2:e1:2e:02:13:95:6f:8f:08:a7:7f:
b8:b3:62:27:20:49:d7:2b:e7:d4:fe:fa:c7:f9:37:
b7:8b:56:53:a4:a2:a0:e8:7d:10:19:37:e5:5a:58:
48:6f:c2:70:77:86:07:dd:58:a1:4e:f1:d0:26:5f:
47:32:65:63:20:be:65:d2:12:4b:ba:68:c5:ab:36:
31:d5:ee:f4:b0:4b:e0:19:c3:75:23:bb:fb:ca:3e:
82:38:d1:cb:52:d7:06:d4:4f:2b:6d:ba:b7:c6:6e:
2d:b7:ef:12:46:fe:b6:48:0d:e7:ce:0e:f1:87:21:
eb:96:77:fc:8e:2a:60:1f:9e:16:4a:2d:71:74:80:
91:48:40:65:7c:76:4e:45:61:5e:b6:29:14:4e:c0:
6c:ba:d8:3c:15:60:ee:21:ea:30:f9:f5:3e:2f:8f:
96:f5:0d:1d:24:34:c6:e9:af:84:0a:54:d9:f5:91:
f6:dd:8a:dd:36:4b:d0:61:09:e7:c8:15:34:aa:ee:
4b:df:86:3f:22:52:94:fc:24:ff:c9:94:c0:2b:6b:
07:0b:f0:91:a6:be:d7:d1:0c:7e:10:bc:e4:33:aa:
7b:77:5c:f0:c7:76:b0:c0:84:a9:63:a9:71:4b:f8:
7c:d3:b5:55:e5:18:4e:e0:fc:28:0d:4b:d0:c4:89:
2d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:72:7F:DC:D3:10:2F:C9:2D:74:72:DF:8D:1D:AE:8C:86:3E:04:05
X509v3 Authority Key Identifier:
keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/DXJ_3NMQL8ktdHLfjR2ujIY-BAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.131.34.0/24
193.28.226.0/24
Signature Algorithm: sha256WithRSAEncryption
75:69:29:6a:19:e4:f5:c4:8b:d2:70:09:9e:b5:81:3d:8f:b9:
48:5a:40:3e:fb:64:77:ba:e2:9a:f0:66:86:bd:2f:b2:0b:94:
ee:a8:2e:64:49:92:d3:3c:5d:be:9d:a2:30:46:2e:23:8d:0a:
83:af:74:c3:85:a1:d3:67:c2:0b:3b:9b:c5:55:61:f7:23:1e:
59:09:f9:d6:21:7c:67:dd:7c:ff:26:be:5d:f6:0e:34:14:d1:
b8:e4:d8:a5:40:68:19:82:71:02:29:dd:8d:84:cb:b0:7e:a5:
2c:89:30:ee:35:fa:28:ad:3c:17:be:d4:d7:2e:19:61:c3:9b:
ba:fe:cc:65:fe:51:71:c9:7a:07:97:e5:68:45:6a:6f:a5:84:
b8:7d:75:5b:a4:2e:cf:bf:ab:45:91:50:12:60:e9:bc:9e:33:
33:9d:64:1e:1b:88:b3:52:60:87:34:89:6a:97:0e:fe:6e:f6:
4d:a3:07:6b:75:6e:4b:78:33:8d:af:e9:eb:52:d6:a6:77:1e:
db:af:05:77:ad:35:c7:fc:e4:3d:1a:d7:53:4f:fc:b3:9f:2e:
8c:d2:ff:8e:7e:b4:30:0e:ce:7f:56:76:d4:df:93:e2:45:3a:
63:fb:6a:41:98:27:6d:ea:ed:af:cd:76:9c:ba:b9:71:21:f9:
4d:9f:25:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYa+qvcF3Hp3aUlShjwGkl8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTFhMmM5ZmM4ZGU5Njc5YmIxNTg1ODFiMTBjZWFlZTkx
ZmY3OTEwHhcNMjMwMzA4MDA0MjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDcyN2ZkY2QzMTAyZmM5MmQ3NDcyZGY4ZDFkYWU4Yzg2M2UwNDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLDj8uEuAhOVb48Ip3+4s2InIEnX
K+fU/vrH+Te3i1ZTpKKg6H0QGTflWlhIb8Jwd4YH3VihTvHQJl9HMmVjIL5l0hJL
umjFqzYx1e70sEvgGcN1I7v7yj6CONHLUtcG1E8rbbq3xm4tt+8SRv62SA3nzg7x
hyHrlnf8jipgH54WSi1xdICRSEBlfHZORWFetikUTsBsutg8FWDuIeow+fU+L4+W
9Q0dJDTG6a+EClTZ9ZH23YrdNkvQYQnnyBU0qu5L34Y/IlKU/CT/yZTAK2sHC/CR
pr7X0Qx+ELzkM6p7d1zwx3awwISpY6lxS/h807VV5RhO4PwoDUvQxIktXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA1yf9zTEC/JLXRy340droyGPgQFMB8GA1UdIwQY
MBaAFKgRosn8jelnm7FYWBsQzq7pH/eRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYt
MGNjNGMwMDAwODU4LzEvRFhKXzNOTVFMOGt0ZEhMZmpSMnVqSVktQkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8xZGVjYjMtMTU5My00NWRiLWFmNTYtMGNjNGMwMDAwODU4
LzEvcUJHaXlmeU42V2Vic1ZoWUd4RE9ydWtmOTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYMiAwQA
wRziMA0GCSqGSIb3DQEBCwUAA4IBAQB1aSlqGeT1xIvScAmetYE9j7lIWkA++2R3
uuKa8GaGvS+yC5TuqC5kSZLTPF2+naIwRi4jjQqDr3TDhaHTZ8ILO5vFVWH3Ix5Z
CfnWIXxn3Xz/Jr5d9g40FNG45NilQGgZgnECKd2NhMuwfqUsiTDuNfoorTwXvtTX
Lhlhw5u6/sxl/lFxyXoHl+VoRWpvpYS4fXVbpC7Pv6tFkVASYOm8njMznWQeG4iz
UmCHNIlqlw7+bvZNowdrdW5LeDONr+nrUtamdx7brwV3rTXH/OQ9GtdTT/yzny6M
0v+OfrQwDs5/VnbU35PiRTpj+2pBmCdt6u2vzXacurlxIflNnyUH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:59 2024 by rpki-client on console-ams.rpki-client.org