Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/US_J9QXGvB9pi9aRDxRcIsidizA.roa
File: US_J9QXGvB9pi9aRDxRcIsidizA.roa (raw, json)
Hash identifier: vOPkCsN6jjQNc7c12PCJ3+vJkKnn3CUaus+h+RQcYBI=
Subject key identifier: 51:2F:C9:F5:05:C6:BC:1F:69:8B:D6:91:0F:14:5C:22:C8:9D:8B:30
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 062726BD
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/US_J9QXGvB9pi9aRDxRcIsidizA.roa
Signing time: Mon 21 Mar 2022 02:15:01 +0000
ROA not before: Mon 21 Mar 2022 02:15:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 89.43.48.0/24 maxlen: 24
86.106.89.0/24 maxlen: 24
89.35.25.0/24 maxlen: 24
86.107.241.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 103229117 (0x62726bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Mar 21 02:15:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=512fc9f505c6bc1f698bd6910f145c22c89d8b30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:32:9f:0e:f1:dc:4f:d9:b8:2c:5e:35:16:d5:
9f:c3:ab:46:d8:75:c0:4c:24:f7:ba:55:f1:a5:72:
8c:61:4c:71:7a:82:91:a3:36:c0:6f:d8:fc:68:63:
7e:52:ae:45:99:57:44:a2:09:ce:47:91:a7:59:c2:
80:76:58:c3:71:2e:87:45:f2:f5:d2:22:3a:b2:43:
ef:d9:24:34:49:a4:42:a1:63:eb:3a:3b:86:d1:e5:
dc:f4:06:8e:69:72:80:e3:d3:00:d6:39:ba:59:4b:
1a:1f:16:da:09:20:d0:00:4d:78:58:18:0b:35:cf:
b3:e5:00:02:82:8f:6d:88:1a:35:a9:19:46:be:3a:
b9:b3:ec:d9:d1:2b:df:c8:23:8b:04:81:b3:67:4b:
46:f8:e7:18:8f:d7:b2:2c:22:a6:4c:68:f8:f7:f5:
5e:2e:f7:70:52:0a:3a:19:b3:fd:85:e4:86:ef:fc:
f0:e2:42:15:01:72:58:96:0e:45:33:8c:26:8d:a9:
d4:2e:22:11:81:4e:86:f5:35:63:4f:60:e9:27:fa:
67:d1:8e:e6:67:7e:b5:14:a9:b7:87:35:76:7c:5b:
7e:71:fb:65:9e:ac:f5:15:a1:6c:50:ff:d5:5c:a6:
b7:57:2c:22:a3:16:c4:34:bc:cd:75:94:4c:f1:d9:
2f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:2F:C9:F5:05:C6:BC:1F:69:8B:D6:91:0F:14:5C:22:C8:9D:8B:30
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/US_J9QXGvB9pi9aRDxRcIsidizA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.106.89.0/24
86.107.241.0/24
89.35.25.0/24
89.43.48.0/24
Signature Algorithm: sha256WithRSAEncryption
35:41:eb:7c:bc:45:31:21:50:8e:24:86:48:80:c0:7c:e4:f7:
ff:e0:ae:90:f7:08:ed:c3:e6:7d:f8:02:8b:03:9a:99:3b:1d:
f0:84:f9:d7:51:40:de:db:03:be:e7:c3:c0:05:b9:5c:72:1f:
f7:80:2c:a6:0a:84:8b:ea:b9:36:d5:48:ec:ec:c7:d1:82:df:
d3:da:2a:be:16:c3:08:b4:6c:d4:61:49:03:e7:74:f5:f2:91:
08:da:ec:7a:44:36:72:42:b4:16:fd:26:e9:20:3e:5b:90:59:
55:e0:45:56:37:f1:f0:8e:a6:8f:8a:5a:c5:95:2b:67:6d:b9:
f0:ad:ca:b1:c1:09:97:83:bc:23:00:79:89:85:3c:3b:c9:33:
e3:47:29:33:55:35:24:81:33:7c:92:46:44:da:e4:3f:2a:12:
54:6f:4a:02:2d:b5:93:ba:91:17:35:82:69:42:54:28:65:8a:
ec:72:2c:97:84:f6:14:c3:57:09:da:d3:4a:4a:42:7a:7e:f0:
0c:b3:ea:c4:a1:e2:59:9e:f2:00:5a:78:00:eb:6f:a2:d9:28:
ae:37:bf:db:cd:ce:b6:61:bc:bd:80:e2:80:a5:a1:bc:d7:e3:
67:ef:00:6c:54:66:f6:61:04:8d:59:e8:fe:2e:ac:b4:38:a0:
65:88:e4:15
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEBicmvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzlhNzVkZWJkNjUzNTlhNDUzMTdmMjAzZjExYTMyMWUxNGIyZjJjMB4XDTIyMDMy
MTAyMTUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTEyZmM5ZjUwNWM2
YmMxZjY5OGJkNjkxMGYxNDVjMjJjODlkOGIzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOcynw7x3E/ZuCxeNRbVn8OrRth1wEwk97pV8aVyjGFMcXqC
kaM2wG/Y/GhjflKuRZlXRKIJzkeRp1nCgHZYw3Euh0Xy9dIiOrJD79kkNEmkQqFj
6zo7htHl3PQGjmlygOPTANY5ullLGh8W2gkg0ABNeFgYCzXPs+UAAoKPbYgaNakZ
Rr46ubPs2dEr38gjiwSBs2dLRvjnGI/Xsiwipkxo+Pf1Xi73cFIKOhmz/YXkhu/8
8OJCFQFyWJYORTOMJo2p1C4iEYFOhvU1Y09g6Sf6Z9GO5md+tRSpt4c1dnxbfnH7
ZZ6s9RWhbFD/1Vymt1csIqMWxDS8zXWUTPHZL4sCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBRRL8n1Bca8H2mL1pEPFFwiyJ2LMDAfBgNVHSMEGDAWgBRnmnXevWU1mkUx
fyA/EaMh4UsvLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1cDEzcjFsTlpwRk1YOGdQeEdqSWVGTEx5dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvN2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8x
L1VTX0o5UVhHdkI5cGk5YVJEeFJjSXNpZGl6QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
N2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8xL1o1cDEzcjFsTlpw
Rk1YOGdQeEdqSWVGTEx5dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFZqWQMEAFZr8QMEAFkjGQMEAFkr
MDANBgkqhkiG9w0BAQsFAAOCAQEANUHrfLxFMSFQjiSGSIDAfOT3/+CukPcI7cPm
ffgCiwOamTsd8IT511FA3tsDvufDwAW5XHIf94AspgqEi+q5NtVI7OzH0YLf09oq
vhbDCLRs1GFJA+d09fKRCNrsekQ2ckK0Fv0m6SA+W5BZVeBFVjfx8I6mj4paxZUr
Z2258K3KscEJl4O8IwB5iYU8O8kz40cpM1U1JIEzfJJGRNrkPyoSVG9KAi21k7qR
FzWCaUJUKGWK7HIsl4T2FMNXCdrTSkpCen7wDLPqxKHiWZ7yAFp4AOtvotkorje/
283OtmG8vYDigKWhvNfjZ+8AbFRm9mEEjVno/i6stDigZYjkFQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:36 2023 by rpki-client on console-fra.rpki-client.org