Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JXW-QCaxW5nMeayPHjpxcTupnT0.roa
File: JXW-QCaxW5nMeayPHjpxcTupnT0.roa (raw, json)
Hash identifier: QQ5DMVlWQ4iU5hEdTqTjYaTvXngT7W2sHpL4UDDU45Q=
Subject key identifier: 25:75:BE:40:26:B1:5B:99:CC:79:AC:8F:1E:3A:71:71:3B:A9:9D:3D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187EA487F9C3A321056D7F9C8DA170F2DDF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JXW-QCaxW5nMeayPHjpxcTupnT0.roa
Signing time: Fri 05 May 2023 05:00:32 +0000
ROA not before: Fri 05 May 2023 05:00:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35409
IP address blocks: 185.230.250.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ea:48:7f:9c:3a:32:10:56:d7:f9:c8:da:17:0f:2d:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 5 05:00:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2575be4026b15b99cc79ac8f1e3a71713ba99d3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:02:cc:ae:44:94:15:1a:2d:15:43:60:77:6f:
6f:5a:73:8e:49:a0:e0:9a:3d:8b:68:06:6a:ef:23:
ed:bd:81:82:6b:48:87:8b:e9:05:e5:a7:13:57:dc:
09:fe:86:4c:20:82:0f:24:71:04:d0:a1:c9:a0:be:
f9:92:f3:61:2a:17:04:5f:d6:f8:4f:1d:35:a1:90:
84:99:87:a6:48:0a:43:8f:70:c2:a5:30:91:a5:dc:
43:85:38:46:63:d7:eb:0f:59:15:8b:38:6d:31:a4:
2b:a4:9f:a8:6e:6d:75:8e:83:64:24:e9:55:31:a8:
c9:49:a4:40:8c:68:37:cf:93:23:fe:1f:56:7a:f9:
e8:82:3c:98:22:e5:3b:e0:40:77:14:14:5c:61:c5:
61:8c:3c:0a:38:2c:a0:c9:97:33:73:53:15:17:31:
ba:ed:85:0e:32:e1:1d:a5:0a:58:3d:36:41:bf:b1:
7c:90:9e:11:11:0f:e7:d2:43:63:d3:e4:d9:85:33:
ac:75:73:c0:3d:20:0d:39:96:2b:18:11:d1:1e:6d:
69:69:e8:0b:d2:85:5f:d3:97:b4:d9:96:d2:cf:eb:
f4:2e:73:f4:9d:51:0f:09:eb:45:c1:ad:63:26:b4:
fb:1f:ce:79:6a:44:82:2f:2c:4d:49:5a:fa:44:42:
35:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:75:BE:40:26:B1:5B:99:CC:79:AC:8F:1E:3A:71:71:3B:A9:9D:3D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JXW-QCaxW5nMeayPHjpxcTupnT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.47.89.0/24
185.230.250.0/24
Signature Algorithm: sha256WithRSAEncryption
66:2a:62:b8:ab:a5:ad:9f:c9:40:97:2c:5e:f9:2b:0d:6e:8f:
4e:88:6c:71:5a:d0:90:1c:30:e4:75:c1:d7:50:04:c6:d8:36:
49:26:2b:9c:33:3b:1a:38:a8:ca:dc:32:a2:b8:3a:1c:05:c5:
81:55:5b:ee:1a:ae:8d:28:77:b8:fa:f4:38:c7:7e:8c:4b:96:
f9:aa:40:56:97:69:26:c2:4f:6b:67:70:04:ff:eb:ea:16:b3:
9d:59:6c:ab:c3:23:d4:21:86:dc:2e:93:29:ca:2f:3f:94:b2:
aa:43:02:fa:a2:b8:9b:12:63:66:83:40:31:0b:73:81:73:dd:
2d:de:04:a3:52:95:8f:ea:ba:b0:b1:5e:e7:d3:c3:47:07:df:
d4:1e:b8:87:85:cb:71:27:bf:93:87:a0:35:53:36:4a:a5:d7:
0a:24:fd:b8:b0:e3:48:29:1f:0f:48:56:60:e4:38:85:a3:61:
fd:6e:6a:55:9d:99:07:36:4a:6e:38:f5:5a:83:d3:ff:e8:45:
7c:00:b5:87:b7:ab:50:6d:94:f1:30:a3:b8:a3:e1:30:a9:d5:
e9:7f:de:9c:f6:74:95:99:20:c5:22:08:31:cf:59:80:fb:98:
03:f1:d6:1a:0e:b2:e4:4a:a7:62:e7:01:6f:73:63:f0:cf:f6:
75:61:8a:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYfqSH+cOjIQVtf5yNoXDy3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTA1MDUwMDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc1YmU0MDI2YjE1Yjk5Y2M3OWFjOGYxZTNhNzE3MTNiYTk5ZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArALMrkSUFRotFUNgd29vWnOOSaDg
mj2LaAZq7yPtvYGCa0iHi+kF5acTV9wJ/oZMIIIPJHEE0KHJoL75kvNhKhcEX9b4
Tx01oZCEmYemSApDj3DCpTCRpdxDhThGY9frD1kVizhtMaQrpJ+obm11joNkJOlV
MajJSaRAjGg3z5Mj/h9WevnogjyYIuU74EB3FBRcYcVhjDwKOCygyZczc1MVFzG6
7YUOMuEdpQpYPTZBv7F8kJ4REQ/n0kNj0+TZhTOsdXPAPSANOZYrGBHRHm1paegL
0oVf05e02ZbSz+v0LnP0nVEPCetFwa1jJrT7H855akSCLyxNSVr6REI1lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCV1vkAmsVuZzHmsjx46cXE7qZ09MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSlhXLVFDYXhXNW5NZWF5UEhqcHhjVHVwblQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9ZAwQA
ueb6MA0GCSqGSIb3DQEBCwUAA4IBAQBmKmK4q6Wtn8lAlyxe+SsNbo9OiGxxWtCQ
HDDkdcHXUATG2DZJJiucMzsaOKjK3DKiuDocBcWBVVvuGq6NKHe4+vQ4x36MS5b5
qkBWl2kmwk9rZ3AE/+vqFrOdWWyrwyPUIYbcLpMpyi8/lLKqQwL6oribEmNmg0Ax
C3OBc90t3gSjUpWP6rqwsV7n08NHB9/UHriHhctxJ7+Th6A1UzZKpdcKJP24sONI
KR8PSFZg5DiFo2H9bmpVnZkHNkpuOPVag9P/6EV8ALWHt6tQbZTxMKO4o+EwqdXp
f96c9nSVmSDFIggxz1mA+5gD8dYaDrLkSqdi5wFvc2Pwz/Z1YYpX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org