Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/XTqECFlnIjsxJC_LnQ_34Ddk3k0.roa
File: XTqECFlnIjsxJC_LnQ_34Ddk3k0.roa (raw, json)
Hash identifier: y2Q54n9GShT4B+ERfAPbp8QXZ6ilJP69RbQqx8TSMnM=
Subject key identifier: 5D:3A:84:08:59:67:22:3B:31:24:2F:CB:9D:0F:F7:E0:37:64:DE:4D
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01856DAF6311870DE3013D0050A4A8C14B6E
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/XTqECFlnIjsxJC_LnQ_34Ddk3k0.roa
Signing time: Sun 01 Jan 2023 14:14:48 +0000
ROA not before: Sun 01 Jan 2023 14:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51540
IP address blocks: 91.151.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:af:63:11:87:0d:e3:01:3d:00:50:a4:a8:c1:4b:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 1 14:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d3a84085967223b31242fcb9d0ff7e03764de4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:66:07:a9:0c:2e:39:4f:96:dc:5e:bf:78:89:
d1:9b:eb:d9:7b:2a:28:52:03:33:fa:09:34:08:3c:
14:a3:69:75:30:9f:1e:3b:12:56:f1:54:3f:a5:3a:
71:06:37:60:1b:bd:4a:8b:92:1d:15:5c:e2:08:25:
2c:79:85:cb:91:28:4f:16:c9:87:5c:62:22:54:a4:
17:6b:b3:66:a3:6b:78:af:35:e1:66:52:29:35:28:
9d:d1:b3:00:81:fb:e8:3e:23:f2:ce:d1:05:42:14:
eb:8a:ab:b1:55:0a:0a:d6:dc:d9:8b:a9:ff:4b:6b:
87:f7:09:3e:fd:ca:70:5b:f6:5e:f1:a1:55:27:66:
f9:05:89:ab:4f:1d:05:d7:98:73:52:ba:ab:49:b6:
d2:f6:fb:e7:b5:e5:98:e2:43:b0:95:97:77:0c:53:
44:00:50:35:3e:ac:7f:c1:77:d7:15:67:f6:14:c8:
f1:b3:a5:45:c2:4d:77:a2:0b:f4:79:a1:ca:eb:8e:
38:aa:c3:4e:08:ba:c0:dd:0a:9c:69:19:af:7b:97:
73:13:13:7a:e1:f1:5b:17:1c:99:de:16:1b:1a:00:
f8:78:ea:0a:52:d7:3f:57:5a:05:9d:8c:ac:1e:e9:
fe:5c:ea:85:8b:16:84:8d:ff:83:15:67:bb:67:c6:
a2:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:3A:84:08:59:67:22:3B:31:24:2F:CB:9D:0F:F7:E0:37:64:DE:4D
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/XTqECFlnIjsxJC_LnQ_34Ddk3k0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.95.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:63:3e:fb:11:fa:4c:a5:4f:bf:04:b4:bf:3b:12:27:c0:19:
08:5f:97:e9:f1:23:54:a0:2b:18:65:c6:9a:fb:07:8d:a6:3a:
72:02:a6:ac:1c:68:12:0b:82:56:89:af:36:72:f0:8d:6b:9f:
ea:06:d6:5d:78:77:0b:57:ce:12:6d:0a:19:b6:15:65:31:6f:
88:b4:fa:74:38:40:96:ab:2e:e5:76:15:eb:95:17:28:ac:35:
34:7f:da:59:18:79:ba:fa:7e:ac:3e:99:3e:24:d2:39:4f:92:
b8:35:ca:b4:d2:fe:af:47:5c:be:c0:e6:d2:df:d5:40:9d:0c:
35:58:fe:a9:f7:06:62:bc:a3:1e:99:43:c3:77:38:93:bd:9c:
85:a1:d4:d7:42:6b:84:1c:09:01:e2:eb:cf:85:90:f6:ab:39:
9c:00:7c:e9:e6:c5:d4:13:37:44:c5:73:b7:69:77:23:b1:60:
ba:52:68:7c:45:d5:6b:88:99:18:6e:62:fb:23:b4:48:1d:3d:
07:45:7a:41:c3:88:f3:d3:e2:ba:5c:96:b3:d4:eb:b8:48:da:
ee:70:03:e5:fb:f2:f9:6d:da:31:fe:1e:c9:d5:5c:00:ce:b1:
0b:43:d4:3b:47:74:f9:f3:f6:ff:26:ab:57:6d:6f:cb:6d:be:
84:c9:db:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr2MRhw3jAT0AUKSowUtuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwMTAxMTQxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNhODQwODU5NjcyMjNiMzEyNDJmY2I5ZDBmZjdlMDM3NjRkZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2YHqQwuOU+W3F6/eInRm+vZeyoo
UgMz+gk0CDwUo2l1MJ8eOxJW8VQ/pTpxBjdgG71Ki5IdFVziCCUseYXLkShPFsmH
XGIiVKQXa7Nmo2t4rzXhZlIpNSid0bMAgfvoPiPyztEFQhTriquxVQoK1tzZi6n/
S2uH9wk+/cpwW/Ze8aFVJ2b5BYmrTx0F15hzUrqrSbbS9vvnteWY4kOwlZd3DFNE
AFA1Pqx/wXfXFWf2FMjxs6VFwk13ogv0eaHK6444qsNOCLrA3QqcaRmve5dzExN6
4fFbFxyZ3hYbGgD4eOoKUtc/V1oFnYysHun+XOqFixaEjf+DFWe7Z8aigQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF06hAhZZyI7MSQvy50P9+A3ZN5NMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvWFRxRUNGbG5JanN4SkNfTG5RXzM0RGRrM2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5dfMA0G
CSqGSIb3DQEBCwUAA4IBAQArYz77EfpMpU+/BLS/OxInwBkIX5fp8SNUoCsYZcaa
+weNpjpyAqasHGgSC4JWia82cvCNa5/qBtZdeHcLV84SbQoZthVlMW+ItPp0OECW
qy7ldhXrlRcorDU0f9pZGHm6+n6sPpk+JNI5T5K4Ncq00v6vR1y+wObS39VAnQw1
WP6p9wZivKMemUPDdziTvZyFodTXQmuEHAkB4uvPhZD2qzmcAHzp5sXUEzdExXO3
aXcjsWC6Umh8RdVriJkYbmL7I7RIHT0HRXpBw4jz0+K6XJaz1Ou4SNrucAPl+/L5
bdox/h7J1VwAzrELQ9Q7R3T58/b/JqtXbW/Lbb6EyduS
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:18:32 2025 by rpki-client