Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/MbHr91X6UUi0RtA3mZ5mkYtOYms.roa
File: MbHr91X6UUi0RtA3mZ5mkYtOYms.roa (raw, json)
Hash identifier: q05/VdrTMJFC6UhU8VMPk5fDJ+D7iIOfoS6qi1FvsPw=
Subject key identifier: 31:B1:EB:F7:55:FA:51:48:B4:46:D0:37:99:9E:66:91:8B:4E:62:6B
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01856E2FBF152B77C9B35A002E97AE17E612
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/MbHr91X6UUi0RtA3mZ5mkYtOYms.roa
Signing time: Sun 01 Jan 2023 16:35:00 +0000
ROA not before: Sun 01 Jan 2023 16:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43624
IP address blocks: 91.222.239.0/24 maxlen: 24
91.222.236.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:bf:15:2b:77:c9:b3:5a:00:2e:97:ae:17:e6:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 1 16:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=31b1ebf755fa5148b446d037999e66918b4e626b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:87:aa:f4:3f:f6:26:43:96:0a:c3:e8:ba:9c:
9c:ba:d0:44:d0:eb:20:d6:c0:5e:96:a1:09:f5:27:
6c:fd:e2:04:28:59:57:04:be:26:87:77:2c:ee:5f:
a6:d6:76:e4:df:1e:31:11:58:c7:bb:40:32:ea:22:
fe:30:ce:57:15:cd:99:0e:4a:f2:72:ea:87:0f:5c:
dc:19:e7:42:9e:58:41:00:ed:1b:cd:2c:ab:fe:b6:
4c:43:e2:84:56:71:18:a0:05:f6:f9:c9:6b:63:ad:
8f:dc:68:71:ee:da:5a:e1:b7:64:09:34:10:57:35:
69:63:fd:0a:ab:89:07:68:4b:38:99:3e:f6:8b:10:
b0:8c:9b:f6:fd:a3:df:37:e0:36:ab:29:57:6d:38:
3c:96:f7:2c:2a:0a:f3:10:39:ef:21:ae:91:72:41:
cc:d2:f1:99:42:a1:61:45:07:6e:45:f3:97:21:46:
8c:55:5c:54:6c:2d:d0:ab:ca:20:31:0f:2e:89:bb:
7c:09:cd:8a:84:d7:e5:52:ae:ec:52:75:7f:53:4f:
90:c7:17:02:8c:d1:54:3e:f1:a9:83:a5:8f:c2:4f:
f8:77:18:b9:9e:f4:e6:d1:4e:17:67:4b:3f:ad:f1:
20:8c:89:8c:a6:23:40:21:c0:a2:c8:7b:85:f3:4b:
7a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:B1:EB:F7:55:FA:51:48:B4:46:D0:37:99:9E:66:91:8B:4E:62:6B
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/MbHr91X6UUi0RtA3mZ5mkYtOYms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.222.236.0/24
91.222.239.0/24
Signature Algorithm: sha256WithRSAEncryption
84:4d:39:f1:e6:24:72:97:c8:6c:8c:8a:ec:2f:99:ff:30:0c:
b1:3d:3f:27:f4:66:d0:21:12:a0:b1:e8:7e:c9:9f:9e:51:60:
0b:d9:af:b5:84:ae:b1:d7:89:70:c6:bc:c4:26:89:0f:49:cc:
e3:2b:c5:22:74:4b:69:57:ce:f7:a4:1c:7b:ee:4e:b9:b3:f2:
75:4b:16:cb:a7:51:ac:f9:a3:82:f3:ad:c9:21:9e:62:46:cd:
7a:4e:f0:e1:9e:26:1e:7b:27:cf:2d:fa:aa:e0:60:f7:65:a1:
3d:76:b3:0c:19:be:da:c2:7c:9c:40:d9:d6:9d:a9:8e:b3:56:
8b:cd:48:6a:15:f8:44:13:98:b7:69:9d:5f:21:9c:16:80:a8:
5d:09:ff:bc:8c:d8:1d:02:11:38:9d:78:de:a4:30:22:45:b3:
45:66:8e:b5:67:59:83:28:d6:94:7c:97:50:b1:c1:f0:54:da:
73:65:59:68:6f:47:83:23:42:47:03:21:73:b7:2b:0c:6d:28:
4c:8f:11:8a:71:a1:bc:a8:43:9d:18:bb:82:82:c0:e0:99:e5:
fa:6d:33:18:dc:86:57:fa:ae:a0:dc:25:65:58:de:c1:3f:41:
74:8c:70:59:ee:06:77:21:53:11:1e:aa:1f:d3:64:5e:40:8f:
55:f2:f1:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVuL78VK3fJs1oALpeuF+YSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTAxMTYzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIxZWJmNzU1ZmE1MTQ4YjQ0NmQwMzc5OTllNjY5MThiNGU2MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIeq9D/2JkOWCsPoupycutBE0Osg
1sBelqEJ9Sds/eIEKFlXBL4mh3cs7l+m1nbk3x4xEVjHu0Ay6iL+MM5XFc2ZDkry
cuqHD1zcGedCnlhBAO0bzSyr/rZMQ+KEVnEYoAX2+clrY62P3Ghx7tpa4bdkCTQQ
VzVpY/0Kq4kHaEs4mT72ixCwjJv2/aPfN+A2qylXbTg8lvcsKgrzEDnvIa6RckHM
0vGZQqFhRQduRfOXIUaMVVxUbC3Qq8ogMQ8uibt8Cc2KhNflUq7sUnV/U0+QxxcC
jNFUPvGpg6WPwk/4dxi5nvTm0U4XZ0s/rfEgjImMpiNAIcCiyHuF80t6YQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDGx6/dV+lFItEbQN5meZpGLTmJrMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvTWJIcjkxWDZVVWkwUnRBM21aNW1rWXRPWW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW97sAwQA
W97vMA0GCSqGSIb3DQEBCwUAA4IBAQCETTnx5iRyl8hsjIrsL5n/MAyxPT8n9GbQ
IRKgseh+yZ+eUWAL2a+1hK6x14lwxrzEJokPSczjK8UidEtpV873pBx77k65s/J1
SxbLp1Gs+aOC863JIZ5iRs16TvDhniYeeyfPLfqq4GD3ZaE9drMMGb7awnycQNnW
namOs1aLzUhqFfhEE5i3aZ1fIZwWgKhdCf+8jNgdAhE4nXjepDAiRbNFZo61Z1mD
KNaUfJdQscHwVNpzZVlob0eDI0JHAyFztysMbShMjxGKcaG8qEOdGLuCgsDgmeX6
bTMY3IZX+q6g3CVlWN7BP0F0jHBZ7gZ3IVMRHqof02ReQI9V8vH9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org