Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/4dFs79qfVextAiqWefRXmJI7b-8.roa
File: 4dFs79qfVextAiqWefRXmJI7b-8.roa (raw, json)
Hash identifier: M/uYSiFjGrCOuNv6cFb6eOrQTMXIGgexHRq4Fvdgitk=
Subject key identifier: E1:D1:6C:EF:DA:9F:55:EC:6D:02:2A:96:79:F4:57:98:92:3B:6F:EF
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018CC7958F5F677EB6B0F31203126FC0B20A
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/4dFs79qfVextAiqWefRXmJI7b-8.roa
Signing time: Tue 02 Jan 2024 00:31:56 +0000
ROA not before: Tue 02 Jan 2024 00:31:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203377
IP address blocks: 91.151.85.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:8f:5f:67:7e:b6:b0:f3:12:03:12:6f:c0:b2:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 2 00:31:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e1d16cefda9f55ec6d022a9679f45798923b6fef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:1c:10:7d:0c:11:e0:d2:f8:8d:d3:a7:74:cf:
01:cc:66:e2:a4:10:ba:4e:cf:cd:c8:2e:f0:ad:c9:
7a:2d:c1:14:e5:07:61:49:ac:04:c8:29:50:06:5c:
b1:fa:5a:ef:ce:e5:dd:9f:98:3b:6a:77:fe:90:e5:
63:62:f6:7d:ff:d4:b2:f4:dd:6d:1b:8d:28:f0:4c:
49:61:18:5c:34:99:e7:31:b5:88:96:16:47:a6:a9:
eb:7e:8a:cd:e4:d5:6a:db:44:ca:32:b0:a7:51:10:
dc:f4:b8:1c:f2:93:01:2b:9d:5a:dd:85:97:b0:1b:
f2:72:9e:cb:48:d0:92:57:5f:a2:46:39:7a:a1:09:
20:8d:0b:5e:01:a7:89:4b:4d:d1:c3:e4:a5:4b:4f:
54:12:b7:2b:a3:c8:72:a5:17:fb:3e:47:fc:66:75:
a7:05:8e:a8:ac:42:93:7f:a3:12:b3:14:91:dd:5d:
80:90:e1:1e:4e:93:87:34:39:04:37:23:2c:0b:f5:
bd:b7:bf:97:58:e0:62:90:5c:b9:7f:4c:7b:cf:ab:
0f:de:cd:c3:b4:6e:38:61:24:c9:68:dd:b6:e3:9c:
3e:93:77:8a:03:5b:47:d1:de:d6:ae:56:2d:04:63:
30:77:54:d1:35:eb:18:0d:45:2b:e5:96:18:f6:9f:
95:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:D1:6C:EF:DA:9F:55:EC:6D:02:2A:96:79:F4:57:98:92:3B:6F:EF
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/4dFs79qfVextAiqWefRXmJI7b-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.85.0/24
Signature Algorithm: sha256WithRSAEncryption
d5:1f:2f:fc:46:ac:66:0d:a9:87:93:6f:79:fb:50:0b:4e:42:
a7:9f:0d:4b:d0:42:3d:44:6a:c2:c6:54:10:2b:e5:cb:8c:19:
ba:99:43:77:28:5d:e0:ba:89:7b:33:e9:29:19:38:28:94:19:
c4:28:fa:58:52:3a:c2:80:cb:f5:ff:64:00:ca:32:91:81:d2:
22:fa:26:0e:f2:e8:2f:a0:be:6a:02:a1:e4:9b:50:00:67:45:
e8:53:cf:43:f7:ae:76:08:a1:60:ec:1e:79:87:d1:f8:5c:29:
2d:0d:a3:42:27:cf:2d:4e:c6:27:fd:1e:8b:42:d1:aa:aa:a1:
b2:ee:68:fd:f5:cb:81:c5:26:5e:4c:ab:2f:c6:e1:12:fd:c8:
3a:64:e6:2e:91:86:a2:73:94:30:96:1c:75:22:c2:0f:23:fd:
8e:e1:d6:4f:41:e9:0f:3f:84:29:45:b6:cd:fa:53:6e:d7:5c:
0f:8c:a8:85:05:90:3a:86:bf:fd:4e:4c:67:a9:fc:64:6b:64:
76:1e:8a:22:c1:10:b5:74:1b:c0:a8:3f:d6:7d:8c:7e:72:48:
63:c5:fc:73:01:28:0b:d9:97:24:f9:f4:9c:a9:d4:84:57:76:
d0:8e:44:c4:93:b1:75:e9:a2:77:11:41:51:f7:44:ff:c0:0e:
0e:b2:f7:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY9fZ362sPMSAxJvwLIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQxNmNlZmRhOWY1NWVjNmQwMjJhOTY3OWY0NTc5ODkyM2I2ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhwQfQwR4NL4jdOndM8BzGbipBC6
Ts/NyC7wrcl6LcEU5QdhSawEyClQBlyx+lrvzuXdn5g7anf+kOVjYvZ9/9Sy9N1t
G40o8ExJYRhcNJnnMbWIlhZHpqnrforN5NVq20TKMrCnURDc9Lgc8pMBK51a3YWX
sBvycp7LSNCSV1+iRjl6oQkgjQteAaeJS03Rw+SlS09UErcro8hypRf7Pkf8ZnWn
BY6orEKTf6MSsxSR3V2AkOEeTpOHNDkENyMsC/W9t7+XWOBikFy5f0x7z6sP3s3D
tG44YSTJaN2245w+k3eKA1tH0d7WrlYtBGMwd1TRNesYDUUr5ZYY9p+VnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHRbO/an1XsbQIqlnn0V5iSO2/vMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvNGRGczc5cWZWZXh0QWlxV2VmUlhtSkk3Yi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5dVMA0G
CSqGSIb3DQEBCwUAA4IBAQDVHy/8RqxmDamHk295+1ALTkKnnw1L0EI9RGrCxlQQ
K+XLjBm6mUN3KF3guol7M+kpGTgolBnEKPpYUjrCgMv1/2QAyjKRgdIi+iYO8ugv
oL5qAqHkm1AAZ0XoU89D9652CKFg7B55h9H4XCktDaNCJ88tTsYn/R6LQtGqqqGy
7mj99cuBxSZeTKsvxuES/cg6ZOYukYaic5Qwlhx1IsIPI/2O4dZPQekPP4QpRbbN
+lNu11wPjKiFBZA6hr/9Tkxnqfxka2R2HooiwRC1dBvAqD/WfYx+ckhjxfxzASgL
2Zck+fScqdSEV3bQjkTEk7F16aJ3EUFR90T/wA4OsveS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org