Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/l_5xyIEycCt7-ETrD_9y6l0nGes.roa
File: l_5xyIEycCt7-ETrD_9y6l0nGes.roa (raw, json)
Hash identifier: qhbRNFuBEIp0iBSAVSQvpQQWm7FNr2HhTJ4NQdMvoA0=
Subject key identifier: 97:FE:71:C8:81:32:70:2B:7B:F8:44:EB:0F:FF:72:EA:5D:27:19:EB
Certificate issuer: /CN=2ebb3624b82f0e1e538b00919f442d200c7e3cd2
Certificate serial: 018A40944B910E1C62EE1E4928A1AA670422
Authority key identifier: 2E:BB:36:24:B8:2F:0E:1E:53:8B:00:91:9F:44:2D:20:0C:7E:3C:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/l_5xyIEycCt7-ETrD_9y6l0nGes.roa
Signing time: Tue 29 Aug 2023 09:16:15 +0000
ROA not before: Tue 29 Aug 2023 09:16:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61060
IP address blocks: 37.44.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:40:94:4b:91:0e:1c:62:ee:1e:49:28:a1:aa:67:04:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ebb3624b82f0e1e538b00919f442d200c7e3cd2
Validity
Not Before: Aug 29 09:16:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=97fe71c88132702b7bf844eb0fff72ea5d2719eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:58:be:6d:bf:c4:70:12:2e:89:7b:ec:47:54:
1b:de:aa:d4:7c:b6:8c:09:54:99:1a:07:f1:d0:4a:
0b:fd:14:75:79:ce:07:96:fd:4f:0c:23:45:7d:31:
32:05:aa:85:31:e2:19:4f:3b:57:73:45:d0:26:68:
5b:6f:fe:7b:38:b1:a1:bf:c0:c9:a7:36:a6:1c:04:
72:91:60:7e:b5:cd:dc:d5:29:de:64:d0:35:45:be:
bd:58:81:67:b0:58:e0:5a:8c:78:81:0a:98:fc:62:
92:ec:6f:fc:82:99:43:d9:f4:70:72:3a:99:4f:d4:
d1:eb:ec:53:fe:d3:0f:cc:de:dc:21:9c:42:66:5b:
8b:c7:f4:82:a5:b7:39:a7:44:32:21:7d:60:51:36:
79:43:2c:4d:67:47:c0:62:4e:c1:b7:41:63:cd:1b:
f9:3b:c5:bb:c1:48:dd:a9:3f:87:9a:ac:65:4e:73:
e8:b4:70:02:c9:1b:99:3b:37:6b:bf:02:e3:0a:38:
d6:ce:13:78:29:72:34:d4:dc:fb:4a:41:a5:9e:90:
d3:2f:8d:12:42:31:fa:3e:83:f8:2b:f7:60:d9:8f:
5d:2b:5e:4c:f4:3a:8c:b8:87:17:88:9a:86:22:75:
9f:87:c0:3e:6a:35:46:f7:04:65:0a:16:a2:c5:2f:
54:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:FE:71:C8:81:32:70:2B:7B:F8:44:EB:0F:FF:72:EA:5D:27:19:EB
X509v3 Authority Key Identifier:
keyid:2E:BB:36:24:B8:2F:0E:1E:53:8B:00:91:9F:44:2D:20:0C:7E:3C:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/l_5xyIEycCt7-ETrD_9y6l0nGes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.44.8.0/21
Signature Algorithm: sha256WithRSAEncryption
bb:1a:c6:3d:6c:55:9e:21:73:95:2f:53:2b:c3:32:d0:d6:d0:
0a:a9:04:a2:46:c5:d9:02:f3:88:6f:4a:59:9d:66:d7:bb:dc:
fa:c6:79:7a:a0:79:1c:8a:d9:9d:12:5e:dc:64:7f:47:9f:6f:
f0:7e:21:2e:81:30:a7:d7:51:a4:55:0f:ab:d0:7e:17:df:f9:
a6:62:79:58:30:51:1d:b6:ca:69:ea:43:c0:05:33:4e:be:c3:
fd:e3:b9:9e:4c:13:9a:64:2c:f3:42:3e:e2:07:1b:43:d1:58:
83:9a:cf:8f:f9:d1:7f:8f:5a:e6:4d:db:a1:64:e6:13:e4:fb:
5c:4f:c8:30:69:67:fb:dd:0d:25:82:5a:46:60:c0:df:fa:da:
36:88:b1:ed:38:eb:55:60:36:79:3c:e1:9b:de:15:a0:6e:3c:
89:67:71:b6:9e:6d:7e:ad:05:47:01:c2:e5:38:ea:54:67:9d:
23:f8:8f:9b:e0:e5:fa:e8:79:ab:a3:1f:98:b7:78:83:5b:46:
c7:fc:62:87:e9:72:4e:f6:a4:17:6f:5f:e4:68:e0:bf:a5:ca:
0e:65:28:b3:2b:82:db:61:10:13:2a:a6:73:27:22:82:12:90:
cb:4e:27:2f:61:8b:63:b8:a3:13:a9:33:09:59:a4:7f:a0:06:
e3:d8:e4:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYpAlEuRDhxi7h5JKKGqZwQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYmIzNjI0YjgyZjBlMWU1MzhiMDA5MTlmNDQyZDIwMGM3
ZTNjZDIwHhcNMjMwODI5MDkxNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZlNzFjODgxMzI3MDJiN2JmODQ0ZWIwZmZmNzJlYTVkMjcxOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFi+bb/EcBIuiXvsR1Qb3qrUfLaM
CVSZGgfx0EoL/RR1ec4Hlv1PDCNFfTEyBaqFMeIZTztXc0XQJmhbb/57OLGhv8DJ
pzamHARykWB+tc3c1SneZNA1Rb69WIFnsFjgWox4gQqY/GKS7G/8gplD2fRwcjqZ
T9TR6+xT/tMPzN7cIZxCZluLx/SCpbc5p0QyIX1gUTZ5QyxNZ0fAYk7Bt0FjzRv5
O8W7wUjdqT+HmqxlTnPotHACyRuZOzdrvwLjCjjWzhN4KXI01Nz7SkGlnpDTL40S
QjH6PoP4K/dg2Y9dK15M9DqMuIcXiJqGInWfh8A+ajVG9wRlChaixS9U3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf+cciBMnAre/hE6w//cupdJxnrMB8GA1UdIwQY
MBaAFC67NiS4Lw4eU4sAkZ9ELSAMfjzSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJzMkpMZ3ZEaDVUaXdDUm4wUXRJQXgtUE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC80OWJlZjEtNDAxYS00OGQyLTg3NDYt
MjY3Mjc1ZTkyNTcwLzEvbF81eHlJRXljQ3Q3LUVUckRfOXk2bDBuR2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC80OWJlZjEtNDAxYS00OGQyLTg3NDYtMjY3Mjc1ZTkyNTcw
LzEvTHJzMkpMZ3ZEaDVUaXdDUm4wUXRJQXgtUE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJSwIMA0G
CSqGSIb3DQEBCwUAA4IBAQC7GsY9bFWeIXOVL1MrwzLQ1tAKqQSiRsXZAvOIb0pZ
nWbXu9z6xnl6oHkcitmdEl7cZH9Hn2/wfiEugTCn11GkVQ+r0H4X3/mmYnlYMFEd
tspp6kPABTNOvsP947meTBOaZCzzQj7iBxtD0ViDms+P+dF/j1rmTduhZOYT5Ptc
T8gwaWf73Q0lglpGYMDf+to2iLHtOOtVYDZ5POGb3hWgbjyJZ3G2nm1+rQVHAcLl
OOpUZ50j+I+b4OX66Hmrox+Yt3iDW0bH/GKH6XJO9qQXb1/kaOC/pcoOZSizK4Lb
YRATKqZzJyKCEpDLTicvYYtjuKMTqTMJWaR/oAbj2OR9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:44 2024 by rpki-client on console-ams.rpki-client.org