Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MQQfhpNs7ujB1unzPmOL30UCveA.roa
File: MQQfhpNs7ujB1unzPmOL30UCveA.roa (raw, json)
Hash identifier: CWrRfFwCvqTiAI4cRBx5CdGvhy5azobWQyFlYUjk3JY=
Subject key identifier: 31:04:1F:86:93:6C:EE:E8:C1:D6:E9:F3:3E:63:8B:DF:45:02:BD:E0
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 0187801522C147E950969F26E318B4C0B2ED
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MQQfhpNs7ujB1unzPmOL30UCveA.roa
Signing time: Fri 14 Apr 2023 14:04:41 +0000
ROA not before: Fri 14 Apr 2023 14:04:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207967
IP address blocks: 176.114.88.0/24 maxlen: 24
176.114.90.0/24 maxlen: 24
176.114.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:80:15:22:c1:47:e9:50:96:9f:26:e3:18:b4:c0:b2:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 14 14:04:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=31041f86936ceee8c1d6e9f33e638bdf4502bde0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:85:81:54:2a:86:da:a9:c3:ba:b0:8d:51:54:
84:76:89:73:0a:bd:cf:c2:98:6d:37:21:0f:85:9b:
0d:75:b0:44:e2:b1:bc:09:7e:09:26:02:2d:be:93:
fc:da:3c:30:24:c4:62:84:b8:92:48:43:51:e8:dc:
7f:68:f4:7e:04:56:e0:98:69:62:95:76:b2:51:4f:
ef:59:4c:8b:62:10:73:2f:f8:a2:27:f3:62:f2:b1:
d4:d2:5f:3b:43:82:6b:c1:32:1f:ed:cb:c6:69:62:
19:f5:f2:99:80:1d:a6:30:2e:39:ff:b6:6b:09:42:
0b:51:ac:66:93:7e:b6:98:a5:91:28:db:36:da:cf:
2c:a2:c5:28:53:83:50:b8:c7:8b:5d:cd:32:97:8f:
51:66:31:e3:52:30:3b:01:53:32:bd:a3:ec:18:c0:
b5:f6:11:f4:e5:42:a2:1b:de:de:cf:26:68:07:ea:
f7:41:8c:73:85:45:80:00:9f:01:c8:85:67:0e:bd:
74:16:24:03:65:d6:ed:67:c0:62:d5:a5:b6:73:c6:
97:24:f4:11:c1:3d:e7:88:9c:86:53:9d:3e:f5:cb:
a4:9b:f2:73:e9:d6:b1:1b:48:2b:04:1b:6a:57:bf:
d0:6a:78:61:be:95:71:07:f6:74:09:af:9e:7d:17:
a9:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:04:1F:86:93:6C:EE:E8:C1:D6:E9:F3:3E:63:8B:DF:45:02:BD:E0
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MQQfhpNs7ujB1unzPmOL30UCveA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0-176.114.90.255
Signature Algorithm: sha256WithRSAEncryption
56:69:d2:dd:bc:7c:03:8a:89:ee:73:53:fa:71:08:38:4a:ba:
38:ba:b7:72:d3:3d:44:50:e8:e1:ad:a3:52:f5:19:8f:ed:81:
a0:bf:43:f4:95:b0:b5:74:56:db:45:c0:4b:39:46:fb:76:9c:
c9:96:68:c7:c2:da:44:f9:6c:cc:82:ea:e5:76:73:d7:73:95:
7a:a2:34:6a:46:6b:7a:f7:f4:b3:eb:70:ea:8d:25:ad:27:d3:
ea:b5:6a:a0:fb:67:a8:90:04:f6:e5:2d:82:1f:7a:02:47:0a:
ce:95:d2:20:7e:da:bc:d8:28:78:a1:3b:b9:a4:46:c8:17:f4:
02:b1:bf:1d:29:0f:0c:ef:9b:38:29:b5:45:82:a1:ac:2f:5b:
64:49:19:44:da:58:1a:db:a5:94:40:48:03:f0:46:1a:04:5c:
44:4d:9a:2b:82:1d:7a:c6:0e:20:95:1c:36:e4:e0:65:ce:17:
73:fb:06:e3:3a:ab:70:3b:c7:4e:f6:aa:10:7b:3a:18:b1:0e:
1c:34:37:97:35:79:96:1f:65:d7:a0:1a:a2:b8:51:0c:bb:d6:
f0:3c:1e:6d:43:d4:16:9f:53:16:ac:60:81:36:d2:2c:c7:8e:
c5:ed:c1:c8:be:df:04:17:33:1e:ba:78:65:2b:1d:3d:1c:a6:
cd:49:d0:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYeAFSLBR+lQlp8m4xi0wLLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwNDE0MTQwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA0MWY4NjkzNmNlZWU4YzFkNmU5ZjMzZTYzOGJkZjQ1MDJiZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoWBVCqG2qnDurCNUVSEdolzCr3P
wphtNyEPhZsNdbBE4rG8CX4JJgItvpP82jwwJMRihLiSSENR6Nx/aPR+BFbgmGli
lXayUU/vWUyLYhBzL/iiJ/Ni8rHU0l87Q4JrwTIf7cvGaWIZ9fKZgB2mMC45/7Zr
CUILUaxmk362mKWRKNs22s8sosUoU4NQuMeLXc0yl49RZjHjUjA7AVMyvaPsGMC1
9hH05UKiG97ezyZoB+r3QYxzhUWAAJ8ByIVnDr10FiQDZdbtZ8Bi1aW2c8aXJPQR
wT3niJyGU50+9cukm/Jz6daxG0grBBtqV7/QanhhvpVxB/Z0Ca+efRepmQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDEEH4aTbO7owdbp8z5ji99FAr3gMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvTVFRZmhwTnM3dWpCMXVuelBtT0wzMFVDdmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAOwclgD
BACwclowDQYJKoZIhvcNAQELBQADggEBAFZp0t28fAOKie5zU/pxCDhKuji6t3LT
PURQ6OGto1L1GY/tgaC/Q/SVsLV0VttFwEs5Rvt2nMmWaMfC2kT5bMyC6uV2c9dz
lXqiNGpGa3r39LPrcOqNJa0n0+q1aqD7Z6iQBPblLYIfegJHCs6V0iB+2rzYKHih
O7mkRsgX9AKxvx0pDwzvmzgptUWCoawvW2RJGUTaWBrbpZRASAPwRhoEXERNmiuC
HXrGDiCVHDbk4GXOF3P7BuM6q3A7x072qhB7OhixDhw0N5c1eZYfZdegGqK4UQy7
1vA8Hm1D1BafUxasYIE20izHjsXtwci+3wQXMx66eGUrHT0cps1J0Gg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:49 2024 by rpki-client on console-ams.rpki-client.org