Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7GDXGuc0ykPoxtgssXSfzFa_d1Q.roa
File: 7GDXGuc0ykPoxtgssXSfzFa_d1Q.roa (raw, json)
Hash identifier: W3mr243PdHlC/Vo068z+aw34bbmndTBudXdAv2tOspc=
Subject key identifier: EC:60:D7:1A:E7:34:CA:43:E8:C6:D8:2C:B1:74:9F:CC:56:BF:77:54
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 018B7D5DB8D228EC6E7ABB25EEAAEBA1FEB9
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7GDXGuc0ykPoxtgssXSfzFa_d1Q.roa
Signing time: Sun 29 Oct 2023 21:36:16 +0000
ROA not before: Sun 29 Oct 2023 21:36:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 91.238.97.0/24 maxlen: 24
91.240.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:7d:5d:b8:d2:28:ec:6e:7a:bb:25:ee:aa:eb:a1:fe:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Oct 29 21:36:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ec60d71ae734ca43e8c6d82cb1749fcc56bf7754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b5:de:62:5b:c5:f1:e7:c5:95:ec:e5:ed:bb:
56:95:15:eb:ef:48:21:b0:c5:91:45:a3:fe:f4:9b:
09:de:ca:84:15:8b:6d:cf:1d:76:29:d4:04:c5:f2:
9d:1e:8b:c8:95:c5:2a:dd:d2:13:6c:95:79:49:cf:
5e:73:f2:93:f4:c4:8a:ca:54:ba:39:82:2d:1f:fc:
64:c7:fc:19:14:e6:a1:d3:25:49:a8:66:21:bf:88:
ff:e9:4a:52:2e:77:1d:e0:c6:63:76:9a:93:58:72:
30:d7:d5:5a:2f:56:59:1c:61:2a:4c:13:28:7a:06:
9b:50:6a:8e:3f:35:71:a7:f8:55:00:82:a9:1e:7c:
c2:11:55:a2:b4:a5:43:fc:f6:d4:26:75:02:d0:68:
5c:c3:a9:67:b8:20:6b:7e:b3:7c:98:1a:89:07:52:
32:78:4e:ca:b9:15:92:27:63:99:f8:d4:8e:da:02:
53:da:c2:45:15:7c:d4:1a:78:c3:55:b7:9e:32:9f:
65:0e:a4:9e:1f:f5:74:4d:e8:c6:b5:55:1d:f2:73:
60:87:4d:f6:b3:b6:74:8d:35:fd:e7:74:d5:f4:56:
7a:60:db:bf:16:36:8a:15:51:3f:9b:bf:61:72:7a:
09:46:7e:79:2c:c3:4f:18:08:d4:14:de:6b:e5:4d:
54:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:60:D7:1A:E7:34:CA:43:E8:C6:D8:2C:B1:74:9F:CC:56:BF:77:54
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7GDXGuc0ykPoxtgssXSfzFa_d1Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.238.97.0/24
91.240.242.0/24
Signature Algorithm: sha256WithRSAEncryption
38:3e:b2:1a:de:b4:37:d6:f1:bd:b8:24:e0:3b:eb:a0:81:4f:
38:61:2c:da:35:d3:eb:00:02:0d:a9:e8:1e:78:07:47:d4:7e:
57:57:64:c5:2b:86:b3:7b:05:c3:79:2b:a6:8f:e0:fb:2c:32:
4c:eb:6b:2d:12:80:6a:af:71:3e:97:28:14:5c:45:80:09:af:
65:be:cd:a6:43:36:73:10:d3:d2:56:ad:03:07:01:7f:c5:49:
6d:5d:51:86:46:44:2f:48:6e:29:d0:04:08:80:f3:b9:8d:2b:
a5:f0:b8:5a:4c:bd:ac:8f:7a:db:56:09:46:5d:60:c9:fe:19:
1e:1c:25:7b:b5:35:f1:82:a1:c6:b0:16:d2:85:a2:d4:db:af:
c5:c6:1c:e2:b5:e3:5a:be:12:d5:94:dd:2f:2b:03:97:b0:e2:
a0:f9:57:90:01:c3:c6:17:08:1e:2d:b1:28:c2:66:95:99:44:
b3:e7:c8:b7:8c:dd:e6:2b:c1:ba:a8:86:8a:b3:63:bb:ae:c8:
7a:39:a8:e5:d4:c4:2e:a9:18:75:24:e3:77:de:78:46:7b:b6:
62:cf:fd:bb:e8:43:17:11:ce:26:94:bd:63:77:6a:a0:3b:5e:
de:1a:3f:c3:53:c7:e6:2c:de:58:2b:be:cf:ab:73:5d:bd:9a:
15:dc:9d:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYt9XbjSKOxuersl7qrrof65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMxMDI5MjEzNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzYwZDcxYWU3MzRjYTQzZThjNmQ4MmNiMTc0OWZjYzU2YmY3NzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbXeYlvF8efFlezl7btWlRXr70gh
sMWRRaP+9JsJ3sqEFYttzx12KdQExfKdHovIlcUq3dITbJV5Sc9ec/KT9MSKylS6
OYItH/xkx/wZFOah0yVJqGYhv4j/6UpSLncd4MZjdpqTWHIw19VaL1ZZHGEqTBMo
egabUGqOPzVxp/hVAIKpHnzCEVWitKVD/PbUJnUC0Ghcw6lnuCBrfrN8mBqJB1Iy
eE7KuRWSJ2OZ+NSO2gJT2sJFFXzUGnjDVbeeMp9lDqSeH/V0TejGtVUd8nNgh032
s7Z0jTX953TV9FZ6YNu/FjaKFVE/m79hcnoJRn55LMNPGAjUFN5r5U1UnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOxg1xrnNMpD6MbYLLF0n8xWv3dUMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvN0dEWEd1YzB5a1BveHRnc3NYU2Z6RmFfZDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+5hAwQA
W/DyMA0GCSqGSIb3DQEBCwUAA4IBAQA4PrIa3rQ31vG9uCTgO+uggU84YSzaNdPr
AAINqegeeAdH1H5XV2TFK4azewXDeSumj+D7LDJM62stEoBqr3E+lygUXEWACa9l
vs2mQzZzENPSVq0DBwF/xUltXVGGRkQvSG4p0AQIgPO5jSul8LhaTL2sj3rbVglG
XWDJ/hkeHCV7tTXxgqHGsBbShaLU26/FxhziteNavhLVlN0vKwOXsOKg+VeQAcPG
FwgeLbEowmaVmUSz58i3jN3mK8G6qIaKs2O7rsh6Oajl1MQuqRh1JON33nhGe7Zi
z/276EMXEc4mlL1jd2qgO17eGj/DU8fmLN5YK77Pq3NdvZoV3J0u
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org