Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/Y9w3Z0TLsxHSYKnLn8INWCllvu0.roa
File: Y9w3Z0TLsxHSYKnLn8INWCllvu0.roa (raw, json)
Hash identifier: h9GRxh+yzhJqq3kdo2XE5rBFvOmhOTuToGrJy7bOpa4=
Subject key identifier: 63:DC:37:67:44:CB:B3:11:D2:60:A9:CB:9F:C2:0D:58:29:65:BE:ED
Certificate issuer: /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial: 018C3F7FE28E7F9CA39CA1B2DB5C9C0E5A19
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/Y9w3Z0TLsxHSYKnLn8INWCllvu0.roa
Signing time: Wed 06 Dec 2023 14:19:54 +0000
ROA not before: Wed 06 Dec 2023 14:19:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216146
IP address blocks: 188.132.240.0/24 maxlen: 24
31.210.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3f:7f:e2:8e:7f:9c:a3:9c:a1:b2:db:5c:9c:0e:5a:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Validity
Not Before: Dec 6 14:19:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=63dc376744cbb311d260a9cb9fc20d582965beed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:f4:9b:89:84:93:8b:9f:ca:c5:af:c4:f6:91:
74:74:48:42:93:01:68:2b:47:a1:b4:e9:99:96:e0:
60:cb:d4:ff:a1:ce:eb:88:43:94:c2:b1:ad:e6:30:
40:93:3b:1e:21:a8:1e:77:a4:c1:c0:c0:7a:b4:a4:
51:dd:54:d5:72:7a:3b:22:58:db:03:99:d2:8a:bf:
ab:90:cd:d9:9e:11:fd:52:ca:67:00:1e:e0:80:78:
8a:99:fd:dd:68:c9:d8:a2:a4:87:78:5d:28:fe:3d:
aa:9a:97:0d:ac:1b:51:b0:bc:59:c2:40:b4:c7:75:
b0:f8:eb:6c:03:b8:aa:5e:f1:75:06:5a:42:1b:28:
6d:63:64:36:f7:bb:06:a0:d5:94:ae:6e:57:33:9f:
95:8f:16:c5:a4:5c:46:52:23:d7:9f:e9:6d:7e:c0:
17:9e:0e:f3:5d:ef:08:09:12:45:c6:7a:01:ee:66:
8f:31:82:b6:41:b8:76:db:eb:8d:ad:42:7a:85:77:
c3:40:9d:41:93:e3:16:34:cb:93:43:1e:4d:e9:43:
b3:86:38:4f:23:3e:d6:ef:4e:ba:9d:92:5f:fe:36:
f7:e5:f9:4b:aa:62:dc:f5:e3:6c:fa:d7:58:55:25:
44:e4:92:e3:b9:70:88:9f:70:7d:7a:c9:df:44:89:
48:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:DC:37:67:44:CB:B3:11:D2:60:A9:CB:9F:C2:0D:58:29:65:BE:ED
X509v3 Authority Key Identifier:
keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/Y9w3Z0TLsxHSYKnLn8INWCllvu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.41.0/24
188.132.240.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:4b:9a:4f:99:28:09:c5:df:39:1d:af:51:16:ef:4b:86:d8:
dc:3f:44:b6:db:71:a4:b4:b4:34:99:b0:ea:cf:41:c7:6c:30:
46:0f:d1:fe:30:05:e1:3e:6f:dd:b0:70:f9:86:39:7d:ea:32:
cc:f8:6b:7e:4d:a1:89:f5:38:dd:d1:e8:90:c6:e8:16:ff:4d:
37:e7:1f:e0:50:d4:9a:3f:ca:b4:06:d3:86:97:df:e9:1d:56:
e5:e5:de:f4:6a:86:a0:eb:eb:6b:8f:b2:bf:16:a2:0e:e5:6d:
e4:7b:32:ba:0e:fb:49:5d:2b:e0:c5:cb:92:07:c4:f1:ca:08:
38:cb:af:90:92:8e:77:20:23:52:c6:63:89:ad:7f:9e:2e:6a:
cf:24:ad:fe:b5:4d:84:80:58:8f:1d:40:d9:3c:1b:61:ca:2c:
e6:ba:19:dd:cc:5f:24:b0:d5:8f:25:0a:bf:87:b2:83:ac:b7:
c9:2b:b0:b4:f6:5b:79:9d:d5:46:45:2b:d8:05:ac:fd:c1:3b:
fb:73:b8:c7:58:4c:54:a3:50:76:63:86:d1:9d:42:1c:d2:f8:
46:f1:7e:67:d4:87:60:be:b2:e2:37:af:93:bd:1b:f1:85:85:
41:b1:16:7d:0f:aa:d1:ae:e9:78:8d:40:8d:bd:39:70:b7:c9:
11:29:8b:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYw/f+KOf5yjnKGy21ycDloZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMjA2MTQxOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RjMzc2NzQ0Y2JiMzExZDI2MGE5Y2I5ZmMyMGQ1ODI5NjViZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvSbiYSTi5/Kxa/E9pF0dEhCkwFo
K0ehtOmZluBgy9T/oc7riEOUwrGt5jBAkzseIaged6TBwMB6tKRR3VTVcno7Iljb
A5nSir+rkM3ZnhH9UspnAB7ggHiKmf3daMnYoqSHeF0o/j2qmpcNrBtRsLxZwkC0
x3Ww+OtsA7iqXvF1BlpCGyhtY2Q297sGoNWUrm5XM5+VjxbFpFxGUiPXn+ltfsAX
ng7zXe8ICRJFxnoB7maPMYK2Qbh22+uNrUJ6hXfDQJ1Bk+MWNMuTQx5N6UOzhjhP
Iz7W7066nZJf/jb35flLqmLc9eNs+tdYVSVE5JLjuXCIn3B9esnfRIlIwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPcN2dEy7MR0mCpy5/CDVgpZb7tMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvWTl3M1owVExzeEhTWUtuTG44SU5XQ2xsdnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9IpAwQA
vITwMA0GCSqGSIb3DQEBCwUAA4IBAQBbS5pPmSgJxd85Ha9RFu9LhtjcP0S223Gk
tLQ0mbDqz0HHbDBGD9H+MAXhPm/dsHD5hjl96jLM+Gt+TaGJ9Tjd0eiQxugW/003
5x/gUNSaP8q0BtOGl9/pHVbl5d70aoag6+trj7K/FqIO5W3kezK6DvtJXSvgxcuS
B8Txygg4y6+Qko53ICNSxmOJrX+eLmrPJK3+tU2EgFiPHUDZPBthyizmuhndzF8k
sNWPJQq/h7KDrLfJK7C09lt5ndVGRSvYBaz9wTv7c7jHWExUo1B2Y4bRnUIc0vhG
8X5n1IdgvrLiN6+TvRvxhYVBsRZ9D6rRrul4jUCNvTlwt8kRKYt6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:53 2024 by rpki-client on console-ams.rpki-client.org