Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/xBbKWqDkgC1dNrXsAEogsgAKDxY.roa
File: xBbKWqDkgC1dNrXsAEogsgAKDxY.roa (raw, json)
Hash identifier: Gvbcdop3iV9iHsgWy/Oym89xSjufsJxmaDA8gvi6TX4=
Subject key identifier: C4:16:CA:5A:A0:E4:80:2D:5D:36:B5:EC:00:4A:20:B2:00:0A:0F:16
Certificate issuer: /CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Certificate serial: 018CC49340882394A79C472A2054446BD029
Authority key identifier: 55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/xBbKWqDkgC1dNrXsAEogsgAKDxY.roa
Signing time: Mon 01 Jan 2024 10:30:33 +0000
ROA not before: Mon 01 Jan 2024 10:30:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48687
IP address blocks: 151.0.52.0/22 maxlen: 24
91.240.190.0/23 maxlen: 24
91.221.136.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:40:88:23:94:a7:9c:47:2a:20:54:44:6b:d0:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Validity
Not Before: Jan 1 10:30:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c416ca5aa0e4802d5d36b5ec004a20b2000a0f16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:f8:91:11:9b:f6:68:87:a6:d6:92:62:07:86:
8b:f9:d2:57:23:92:37:f8:bc:ec:fc:74:aa:36:ef:
84:93:b7:90:6f:da:b8:1e:29:43:da:c6:ef:21:11:
a1:e0:1f:26:11:62:2c:11:43:6f:9f:c5:c6:89:1d:
be:72:aa:5a:dd:6f:6f:a8:31:cb:ad:81:a8:9c:16:
d6:79:be:14:0d:5d:78:58:d4:06:19:ed:bd:5f:67:
2c:ae:14:83:3e:01:1b:85:77:42:6f:8a:ec:17:87:
a0:3c:64:42:fe:45:1d:c4:d9:d8:df:03:fd:0e:ec:
ca:6a:fd:3c:1f:cf:05:a7:96:eb:0e:43:1b:ab:fa:
d4:88:51:a6:80:c3:b6:f6:2c:5c:16:89:e3:60:19:
0f:97:72:74:3c:97:22:48:1a:81:47:c1:cd:d9:48:
9b:56:85:10:07:ec:27:66:e4:86:6a:e6:52:64:ab:
3f:dd:36:af:15:d1:7f:c2:b5:c9:65:ab:38:fa:36:
33:dc:4f:bf:da:58:31:0d:71:45:80:fc:7f:8a:e9:
6c:95:dc:15:a6:aa:1a:cc:00:26:ef:10:d1:d6:94:
65:89:71:b9:dd:69:c4:7d:7b:09:35:00:05:d4:0c:
ed:d1:56:17:a9:40:b5:7a:f0:9c:f8:e8:cc:08:39:
94:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:16:CA:5A:A0:E4:80:2D:5D:36:B5:EC:00:4A:20:B2:00:0A:0F:16
X509v3 Authority Key Identifier:
keyid:55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/xBbKWqDkgC1dNrXsAEogsgAKDxY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.221.136.0/23
91.240.190.0/23
151.0.52.0/22
Signature Algorithm: sha256WithRSAEncryption
e8:21:2a:ed:51:ca:cc:ac:b8:40:94:4d:54:40:8f:ee:b7:bd:
ab:17:96:8c:aa:34:06:53:10:31:09:e2:62:5d:1e:60:b0:61:
7e:95:e7:72:ab:95:4f:bf:8f:f8:06:ef:ab:fe:ae:ce:9b:20:
4f:91:86:e4:5c:14:85:bd:ec:ff:e9:e5:4c:59:d9:27:64:7d:
d1:e1:ba:8f:93:4f:28:f4:a3:19:37:33:5e:af:2c:c8:78:c7:
98:59:a9:c6:f6:b7:5e:9d:c3:86:e0:5c:da:4d:b7:9c:a9:9f:
c5:4d:83:29:91:d6:34:17:5c:61:01:00:08:f2:d8:b4:7a:5b:
1a:c6:d9:ae:dc:ac:aa:9a:b6:49:82:34:92:c5:49:05:8e:c9:
cc:66:c3:86:72:aa:28:81:29:c0:f5:f5:9f:ca:45:00:3e:fc:
df:69:fb:f9:0e:d0:a1:42:75:3e:8f:60:44:6d:69:a5:a8:19:
3f:4f:7b:69:8c:0e:57:28:fa:71:f2:08:5a:69:b6:17:b5:e1:
6c:f2:7e:99:26:e5:c3:c3:ae:6c:45:36:7b:ad:1c:05:20:b9:
9f:69:62:80:ab:a6:e6:f1:9e:18:76:7d:2d:12:41:95:ca:55:
87:d9:36:b8:17:b0:37:c5:d5:e6:82:b8:4e:60:51:30:5f:45:
20:95:a6:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk0CII5SnnEcqIFREa9ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmE1ZmEwZGNmYjM0NDMzZjliODYwZDk1ZTJjNDQyNTQ3
YzVmOWMwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDE2Y2E1YWEwZTQ4MDJkNWQzNmI1ZWMwMDRhMjBiMjAwMGEwZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfiREZv2aIem1pJiB4aL+dJXI5I3
+Lzs/HSqNu+Ek7eQb9q4HilD2sbvIRGh4B8mEWIsEUNvn8XGiR2+cqpa3W9vqDHL
rYGonBbWeb4UDV14WNQGGe29X2csrhSDPgEbhXdCb4rsF4egPGRC/kUdxNnY3wP9
DuzKav08H88Fp5brDkMbq/rUiFGmgMO29ixcFonjYBkPl3J0PJciSBqBR8HN2Uib
VoUQB+wnZuSGauZSZKs/3TavFdF/wrXJZas4+jYz3E+/2lgxDXFFgPx/iulsldwV
pqoazAAm7xDR1pRliXG53WnEfXsJNQAF1Azt0VYXqUC1evCc+OjMCDmUPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMQWylqg5IAtXTa17ABKILIACg8WMB8GA1UdIwQY
MBaAFFVqX6Dc+zRDP5uGDZXixEJUfF+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUt
MmZkYTRjMjczYTQ4LzEveEJiS1dxRGtnQzFkTnJYc0FFb2dzZ0FLRHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUtMmZkYTRjMjczYTQ4
LzEvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW92IAwQB
W/C+AwQClwA0MA0GCSqGSIb3DQEBCwUAA4IBAQDoISrtUcrMrLhAlE1UQI/ut72r
F5aMqjQGUxAxCeJiXR5gsGF+ledyq5VPv4/4Bu+r/q7OmyBPkYbkXBSFvez/6eVM
WdknZH3R4bqPk08o9KMZNzNeryzIeMeYWanG9rdencOG4FzaTbecqZ/FTYMpkdY0
F1xhAQAI8ti0elsaxtmu3KyqmrZJgjSSxUkFjsnMZsOGcqoogSnA9fWfykUAPvzf
afv5DtChQnU+j2BEbWmlqBk/T3tpjA5XKPpx8ghaabYXteFs8n6ZJuXDw65sRTZ7
rRwFILmfaWKAq6bm8Z4Ydn0tEkGVylWH2Ta4F7A3xdXmgrhOYFEwX0Uglaaf
-----END CERTIFICATE-----
Generated at Fri Feb 2 09:25:01 2024 by rpki-client on console-fra.rpki-client.org