Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JJWvOnnd39kG5Hn7eqb-R--dMBQ.roa
File: JJWvOnnd39kG5Hn7eqb-R--dMBQ.roa (raw, json)
Hash identifier: 2sbfs6xG0iidOsDf213+TzyxYB9aXVHn5l6Lo37JAEk=
Subject key identifier: 24:95:AF:3A:79:DD:DF:D9:06:E4:79:FB:7A:A6:FE:47:EF:9D:30:14
Certificate issuer: /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial: 01839BF46A79EE251AE479DF17ABDAF79FFD
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JJWvOnnd39kG5Hn7eqb-R--dMBQ.roa
Signing time: Mon 03 Oct 2022 03:47:09 +0000
ROA not before: Mon 03 Oct 2022 03:47:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209898
IP address blocks: 147.78.192.0/22 maxlen: 24
91.194.139.0/24 maxlen: 24
147.78.194.0/23 maxlen: 24
185.203.114.0/23 maxlen: 23
2a0a:e5c0::/29 maxlen: 48
2a0a:e5c0:2::/48 maxlen: 48
2a09:2940::/29 maxlen: 48
2a0a:e5c1:100::/40 maxlen: 48
2a0a:e5c0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:9b:f4:6a:79:ee:25:1a:e4:79:df:17:ab:da:f7:9f:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Validity
Not Before: Oct 3 03:47:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2495af3a79dddfd906e479fb7aa6fe47ef9d3014
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:18:50:b5:8d:01:31:8b:02:34:ec:58:04:a6:
03:85:f0:03:97:88:97:58:93:8b:65:0f:1f:40:57:
34:0f:c6:ba:ae:25:dc:cc:7d:e6:46:9d:a5:d8:14:
b2:e1:14:c6:f4:56:1d:b0:41:35:b7:c8:50:87:7c:
62:fe:fe:a5:e0:ee:3a:99:7c:f5:1c:88:79:d9:c9:
23:ab:ba:cb:40:73:be:0b:f0:45:00:9c:8e:21:22:
c9:2c:3f:ca:c5:61:b8:1e:9b:d0:df:da:6c:e7:6c:
64:c6:7d:79:cd:5a:a0:35:5b:91:86:9a:b2:5b:84:
b3:6b:86:e9:23:bc:b7:b1:9a:c3:92:01:d4:61:f9:
2b:85:67:b6:7e:1a:ca:99:72:12:ec:e5:b7:61:0b:
f9:0a:56:bf:ab:4f:21:13:d3:08:03:4e:37:ee:f8:
85:6e:e0:9a:5e:17:e4:95:f7:11:34:75:dd:d0:80:
a0:e2:f5:75:b5:da:a9:72:41:6e:77:06:61:28:e1:
53:de:df:e5:fe:86:29:d6:8a:c9:c5:17:89:09:96:
c7:e1:01:55:df:a1:69:d8:f0:78:54:d4:0d:fd:da:
6b:d8:8a:96:83:08:c0:64:1c:a5:59:b6:7f:8a:1f:
35:86:ad:5e:aa:61:89:94:92:83:ea:dd:6a:37:d2:
ff:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:95:AF:3A:79:DD:DF:D9:06:E4:79:FB:7A:A6:FE:47:EF:9D:30:14
X509v3 Authority Key Identifier:
keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JJWvOnnd39kG5Hn7eqb-R--dMBQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.139.0/24
147.78.192.0/22
185.203.114.0/23
IPv6:
2a09:2940::/29
2a0a:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
6f:50:09:5b:21:a6:88:08:7a:42:e9:c7:94:11:84:97:5d:b7:
be:0a:46:50:5e:ff:8b:51:6b:71:7c:7f:3b:17:0b:e8:e8:7d:
26:dc:59:eb:56:45:d9:b3:cc:b4:20:67:90:cb:bb:7a:9e:59:
40:69:44:55:a4:83:de:18:14:4d:26:0f:1a:88:ef:1f:b0:d9:
c1:81:eb:c1:ab:d5:22:20:65:ae:00:58:bd:56:d4:12:02:be:
18:17:c5:e8:19:53:b2:c4:19:4c:08:ff:b5:33:f9:6b:16:c7:
52:ff:28:bc:3b:3d:b4:bc:42:4a:42:7e:5a:ec:43:f7:93:2b:
b1:1b:48:10:54:30:c6:aa:6a:d4:2e:61:4e:66:e4:a5:c8:00:
6d:e8:fd:4c:53:29:af:b5:2d:09:cd:07:2e:c5:90:07:e1:2f:
ca:8c:d2:60:36:8f:ad:e9:1c:a6:39:ef:d5:70:a0:31:37:f7:
a7:fe:e9:52:2f:4a:ed:f7:9b:7c:7b:fd:f9:ea:50:ca:49:1e:
18:64:2b:43:fc:30:62:56:ab:50:7a:7e:54:8b:24:42:13:f5:
0a:20:8f:ba:99:70:56:59:d8:10:0d:b2:17:01:78:60:0c:a8:
2f:2f:3e:bd:4a:c4:7a:63:9a:be:08:03:21:6a:99:c5:69:7c:
27:fd:31:8d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYOb9Gp57iUa5HnfF6va95/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjIxMDAzMDM0NzA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDk1YWYzYTc5ZGRkZmQ5MDZlNDc5ZmI3YWE2ZmU0N2VmOWQzMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRhQtY0BMYsCNOxYBKYDhfADl4iX
WJOLZQ8fQFc0D8a6riXczH3mRp2l2BSy4RTG9FYdsEE1t8hQh3xi/v6l4O46mXz1
HIh52ckjq7rLQHO+C/BFAJyOISLJLD/KxWG4HpvQ39ps52xkxn15zVqgNVuRhpqy
W4Sza4bpI7y3sZrDkgHUYfkrhWe2fhrKmXIS7OW3YQv5Cla/q08hE9MIA0437viF
buCaXhfklfcRNHXd0ICg4vV1tdqpckFudwZhKOFT3t/l/oYp1orJxReJCZbH4QFV
36Fp2PB4VNQN/dpr2IqWgwjAZBylWbZ/ih81hq1eqmGJlJKD6t1qN9L/3QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCSVrzp53d/ZBuR5+3qm/kfvnTAUMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEvSkpXdk9ubmQzOWtHNUhuN2VxYi1SLS1kTUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAW8KLAwQC
k07AAwQBuctyMBQEAgACMA4DBQMqCSlAAwUDKgrlwDANBgkqhkiG9w0BAQsFAAOC
AQEAb1AJWyGmiAh6QunHlBGEl123vgpGUF7/i1FrcXx/OxcL6Oh9JtxZ61ZF2bPM
tCBnkMu7ep5ZQGlEVaSD3hgUTSYPGojvH7DZwYHrwavVIiBlrgBYvVbUEgK+GBfF
6BlTssQZTAj/tTP5axbHUv8ovDs9tLxCSkJ+WuxD95MrsRtIEFQwxqpq1C5hTmbk
pcgAbej9TFMpr7UtCc0HLsWQB+EvyozSYDaPrekcpjnv1XCgMTf3p/7pUi9K7feb
fHv9+epQykkeGGQrQ/wwYlarUHp+VIskQhP1CiCPuplwVlnYEA2yFwF4YAyoLy8+
vUrEemOavggDIWqZxWl8J/0xjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:07 2024 by rpki-client on console-fra.rpki-client.org