Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/LDe5jm1VnlKWxIsrQ9V2ehifhqc.roa
File: LDe5jm1VnlKWxIsrQ9V2ehifhqc.roa (raw, json)
Hash identifier: kgiAQQpLWw2x8kOmTSK4Q2aJBPC6hXt8MXZPj+B9ILI=
Subject key identifier: 2C:37:B9:8E:6D:55:9E:52:96:C4:8B:2B:43:D5:76:7A:18:9F:86:A7
Certificate issuer: /CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Certificate serial: 018D8430EF8FCABC209BC4DE1FD727E4AA6F
Authority key identifier: D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/LDe5jm1VnlKWxIsrQ9V2ehifhqc.roa
Signing time: Wed 07 Feb 2024 15:30:16 +0000
ROA not before: Wed 07 Feb 2024 15:30:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61317
IP address blocks: 91.132.226.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:84:30:ef:8f:ca:bc:20:9b:c4:de:1f:d7:27:e4:aa:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Validity
Not Before: Feb 7 15:30:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2c37b98e6d559e5296c48b2b43d5767a189f86a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:b7:d4:c0:56:55:20:b1:3b:0f:41:17:a6:6d:
5a:ea:63:4e:90:5f:ae:3b:f2:a2:c5:be:7c:a5:df:
fc:77:eb:dc:b7:f1:45:7f:4e:fd:dd:ed:07:8b:0e:
ad:30:1e:a8:62:6a:93:fb:c4:d5:40:74:7f:72:75:
78:44:b8:82:a0:44:e6:51:fb:9c:6d:43:fd:2e:c7:
f9:6f:1e:0e:cc:09:32:1f:ed:e0:c8:20:1b:06:13:
f2:db:c8:63:35:41:77:08:40:7f:0e:be:25:16:e3:
35:3b:be:c6:5d:22:57:09:99:37:a4:be:31:09:6a:
4f:ec:a9:ae:3c:04:71:1c:f5:e4:e9:87:6f:3d:0f:
84:9f:ed:d7:20:ad:0f:73:b8:a2:b9:dd:3d:89:b9:
65:bd:f6:ab:db:2d:6a:3a:22:7c:7b:df:45:a9:e0:
80:4c:9d:72:bc:b5:b7:2b:85:b2:a6:3e:6e:ad:12:
10:b0:35:c3:fa:9e:61:21:bf:af:e7:80:74:fe:fe:
69:8f:00:26:d1:ce:33:49:b4:43:67:8a:53:ef:7e:
0a:b1:6d:10:da:c7:b1:e5:e5:03:98:34:be:c7:9b:
ba:c4:21:78:33:ea:3f:ef:17:c2:b4:f2:ff:63:63:
ee:55:6f:24:4f:12:3f:62:7d:5b:41:2c:5f:8a:6d:
97:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:37:B9:8E:6D:55:9E:52:96:C4:8B:2B:43:D5:76:7A:18:9F:86:A7
X509v3 Authority Key Identifier:
keyid:D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/LDe5jm1VnlKWxIsrQ9V2ehifhqc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0D_r_VN-Mgy77CtOImd7muZvYE4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.226.0/24
Signature Algorithm: sha256WithRSAEncryption
45:94:c2:16:f0:49:2a:2a:75:66:4b:18:a7:2d:cd:91:41:77:
d4:1e:64:79:b7:a0:ad:40:ea:2e:53:ac:83:69:fe:cd:75:46:
93:b1:05:6d:fc:8c:8d:a7:28:bb:76:0e:58:8d:d9:c1:30:61:
d0:45:b6:76:94:7e:0c:eb:72:77:98:bb:72:18:c5:8e:fe:b6:
23:3c:78:1b:71:ce:44:f8:a3:61:d3:f3:23:9b:76:71:08:07:
ae:8b:23:2d:ea:42:b0:55:96:a6:c5:e5:dd:96:e1:99:79:2e:
8f:88:3f:32:fb:2c:f9:13:8c:2c:b2:d4:4b:2b:d2:a7:41:8d:
59:a3:d1:80:80:e4:b2:ad:5a:7f:e7:33:53:cb:13:36:5f:e6:
25:bc:14:cc:98:4d:5a:ba:d0:8e:29:16:f2:14:02:c4:bd:dc:
44:10:08:30:d6:75:0b:9a:37:3e:ad:76:2e:86:02:de:dd:be:
d7:58:2f:59:fd:89:bc:f3:1a:f7:2d:3a:7f:f5:54:b1:01:d6:
52:6b:15:f4:3e:7a:b9:84:42:37:34:46:1d:38:80:f5:e2:6f:
63:b2:c0:9e:38:c7:65:b4:e5:45:da:56:cb:03:9e:3d:29:a2:
a5:0a:7e:bb:99:49:17:02:6e:78:c7:99:6d:c8:92:a4:fd:8f:
2d:bd:b0:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2EMO+Pyrwgm8TeH9cn5KpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2ZlYmZkNTM3ZTMyMGNiYmVjMmI0ZTIyNjc3YjlhZTY2
ZjYwNGUwHhcNMjQwMjA3MTUzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzM3Yjk4ZTZkNTU5ZTUyOTZjNDhiMmI0M2Q1NzY3YTE4OWY4NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrfUwFZVILE7D0EXpm1a6mNOkF+u
O/Kixb58pd/8d+vct/FFf0793e0Hiw6tMB6oYmqT+8TVQHR/cnV4RLiCoETmUfuc
bUP9Lsf5bx4OzAkyH+3gyCAbBhPy28hjNUF3CEB/Dr4lFuM1O77GXSJXCZk3pL4x
CWpP7KmuPARxHPXk6YdvPQ+En+3XIK0Pc7iiud09ibllvfar2y1qOiJ8e99FqeCA
TJ1yvLW3K4Wypj5urRIQsDXD+p5hIb+v54B0/v5pjwAm0c4zSbRDZ4pT734KsW0Q
2sex5eUDmDS+x5u6xCF4M+o/7xfCtPL/Y2PuVW8kTxI/Yn1bQSxfim2XbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCw3uY5tVZ5SlsSLK0PVdnoYn4anMB8GA1UdIwQY
MBaAFNA/6/1TfjIMu+wrTiJne5rmb2BOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2It
MjgxZmFkZTI4MzRiLzEvTERlNWptMVZubEtXeElzclE5VjJlaGlmaHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2ItMjgxZmFkZTI4MzRi
LzEvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4TiMA0G
CSqGSIb3DQEBCwUAA4IBAQBFlMIW8EkqKnVmSxinLc2RQXfUHmR5t6CtQOouU6yD
af7NdUaTsQVt/IyNpyi7dg5YjdnBMGHQRbZ2lH4M63J3mLtyGMWO/rYjPHgbcc5E
+KNh0/Mjm3ZxCAeuiyMt6kKwVZamxeXdluGZeS6PiD8y+yz5E4wsstRLK9KnQY1Z
o9GAgOSyrVp/5zNTyxM2X+YlvBTMmE1autCOKRbyFALEvdxEEAgw1nULmjc+rXYu
hgLe3b7XWC9Z/Ym88xr3LTp/9VSxAdZSaxX0Pnq5hEI3NEYdOID14m9jssCeOMdl
tOVF2lbLA549KaKlCn67mUkXAm54x5ltyJKk/Y8tvbBV
-----END CERTIFICATE-----
Generated at Thu Feb 29 16:39:03 2024 by rpki-client on console-ams.rpki-client.org