Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JNB7WsEBEl-B08Q8rsnl4MO9LCo.roa
File: JNB7WsEBEl-B08Q8rsnl4MO9LCo.roa (raw, json)
Hash identifier: DOmefxpU3u76kp13IMEpn7HUiyQWAZeAa5h8AqQUCCU=
Subject key identifier: 24:D0:7B:5A:C1:01:12:5F:81:D3:C4:3C:AE:C9:E5:E0:C3:BD:2C:2A
Certificate issuer: /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial: 018CC6B7AE2811FA24111A2E8681277627F9
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JNB7WsEBEl-B08Q8rsnl4MO9LCo.roa
Signing time: Mon 01 Jan 2024 20:29:35 +0000
ROA not before: Mon 01 Jan 2024 20:29:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51658
IP address blocks: 185.202.133.0/24 maxlen: 24
2a0a:d6c0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:ae:28:11:fa:24:11:1a:2e:86:81:27:76:27:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Validity
Not Before: Jan 1 20:29:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=24d07b5ac101125f81d3c43caec9e5e0c3bd2c2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:a2:29:ad:11:eb:71:8c:d4:f1:9d:34:35:5e:
3d:ee:f3:b5:bf:2e:d6:5b:f7:47:c5:42:8f:5d:3b:
ab:f1:da:9e:ae:71:15:0e:94:15:45:10:f7:00:ca:
0e:c6:a6:48:1a:39:d4:90:25:33:05:88:72:3f:56:
e1:95:c1:d8:b0:94:5c:e9:4c:2b:d0:0e:10:1f:81:
01:68:73:05:2a:e7:21:2b:80:07:89:52:02:c4:78:
af:b7:03:c0:52:00:01:df:67:1b:5b:b3:06:57:05:
8d:df:89:10:14:e4:9c:24:06:00:50:f1:53:4d:6a:
df:9f:d6:33:14:ee:b6:3c:10:07:ce:ee:19:f2:2e:
c4:c4:91:d4:8d:8f:41:d0:4d:ca:98:81:04:ea:1d:
23:63:05:ad:2e:6f:5a:28:87:82:c8:90:32:74:48:
2f:6d:90:6c:42:28:6d:85:32:b3:18:6f:dd:16:bf:
37:cc:47:e2:4a:d2:46:59:3c:07:00:ff:2b:d8:13:
e5:fe:33:1f:05:25:0c:10:3c:15:e8:b0:44:36:e2:
19:aa:00:b8:f6:74:58:58:c4:18:76:be:ad:a3:31:
35:11:02:c7:58:0c:26:db:3a:b2:d7:ec:4b:f0:59:
51:d8:d3:91:c8:b1:e1:3c:8a:e4:6b:9d:be:1f:73:
80:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:D0:7B:5A:C1:01:12:5F:81:D3:C4:3C:AE:C9:E5:E0:C3:BD:2C:2A
X509v3 Authority Key Identifier:
keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/JNB7WsEBEl-B08Q8rsnl4MO9LCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.202.133.0/24
IPv6:
2a0a:d6c0:1::/48
Signature Algorithm: sha256WithRSAEncryption
89:7b:6f:80:1b:c6:b0:1e:10:31:bf:3b:9b:cc:d3:ea:c8:bd:
84:f8:3f:d0:3f:dc:93:45:bd:bc:43:70:06:fc:0c:28:0b:dd:
87:6b:95:14:1c:c1:d9:0e:18:d0:45:2c:df:4d:fc:da:dc:9d:
c5:4b:d6:26:c4:8a:83:1c:ef:ca:c1:74:ff:67:3b:b3:78:c6:
95:00:83:71:10:cc:21:ba:d1:da:d7:4c:ab:ff:2d:b8:11:ac:
4b:af:9b:e8:89:d8:d4:86:24:01:a7:b2:d5:c9:57:d8:7a:fe:
bb:79:4b:4b:6a:16:f3:ea:fc:8f:84:2c:d5:09:80:49:82:97:
ad:9b:53:8c:6b:39:63:57:02:ca:e4:06:30:8c:95:a4:da:60:
da:e1:c1:05:fe:cf:ed:c3:e2:8d:b1:df:d6:71:28:73:a0:00:
27:af:cc:6b:31:ef:48:9b:60:1b:10:c5:d2:75:62:6f:bc:d9:
aa:3e:f9:5f:03:f1:de:e6:58:e5:fe:32:64:60:dc:65:c8:92:
d7:0b:d7:90:43:4d:e8:f3:4e:e3:07:d2:f1:fc:fe:07:f6:8f:
09:b6:5d:f8:89:f8:a8:eb:84:83:4d:46:87:65:ed:11:7b:83:
0a:56:39:cb:4b:d6:52:07:76:17:55:58:89:e1:f3:ff:b0:75:
d1:51:15:63
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt64oEfokERouhoEndif5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQwN2I1YWMxMDExMjVmODFkM2M0M2NhZWM5ZTVlMGMzYmQyYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6IprRHrcYzU8Z00NV497vO1vy7W
W/dHxUKPXTur8dqernEVDpQVRRD3AMoOxqZIGjnUkCUzBYhyP1bhlcHYsJRc6Uwr
0A4QH4EBaHMFKuchK4AHiVICxHivtwPAUgAB32cbW7MGVwWN34kQFOScJAYAUPFT
TWrfn9YzFO62PBAHzu4Z8i7ExJHUjY9B0E3KmIEE6h0jYwWtLm9aKIeCyJAydEgv
bZBsQihthTKzGG/dFr83zEfiStJGWTwHAP8r2BPl/jMfBSUMEDwV6LBENuIZqgC4
9nRYWMQYdr6tozE1EQLHWAwm2zqy1+xL8FlR2NORyLHhPIrka52+H3OAnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCTQe1rBARJfgdPEPK7J5eDDvSwqMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvSk5CN1dzRUJFbC1CMDhROHJzbmw0TU85TENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucqFMA8E
AgACMAkDBwAqCtbAAAEwDQYJKoZIhvcNAQELBQADggEBAIl7b4AbxrAeEDG/O5vM
0+rIvYT4P9A/3JNFvbxDcAb8DCgL3YdrlRQcwdkOGNBFLN9N/NrcncVL1ibEioMc
78rBdP9nO7N4xpUAg3EQzCG60drXTKv/LbgRrEuvm+iJ2NSGJAGnstXJV9h6/rt5
S0tqFvPq/I+ELNUJgEmCl62bU4xrOWNXAsrkBjCMlaTaYNrhwQX+z+3D4o2x39Zx
KHOgACevzGsx70ibYBsQxdJ1Ym+82ao++V8D8d7mWOX+MmRg3GXIktcL15BDTejz
TuMH0vH8/gf2jwm2XfiJ+KjrhINNRodl7RF7gwpWOctL1lIHdhdVWInh8/+wddFR
FWM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:38 2024 by rpki-client on console-fra.rpki-client.org