Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7j_6Q0dzXMSHYZPkmZM4CpnioPY.roa
File: 7j_6Q0dzXMSHYZPkmZM4CpnioPY.roa (raw, json)
Hash identifier: 7OFHQIK/Ube26RD7GJmSftqe16SyIKiGX51cTZpuL/k=
Subject key identifier: EE:3F:FA:43:47:73:5C:C4:87:61:93:E4:99:93:38:0A:99:E2:A0:F6
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 0187C77624F4B27A87E00D9E88D9E3F4F27A
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7j_6Q0dzXMSHYZPkmZM4CpnioPY.roa
Signing time: Fri 28 Apr 2023 10:43:41 +0000
ROA not before: Fri 28 Apr 2023 10:43:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 193.200.161.0/24 maxlen: 24
91.240.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:c7:76:24:f4:b2:7a:87:e0:0d:9e:88:d9:e3:f4:f2:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Apr 28 10:43:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ee3ffa4347735cc4876193e49993380a99e2a0f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:bd:e9:f4:d4:38:e9:12:5a:29:a0:cf:58:fa:
73:e8:02:b4:fb:22:29:04:59:59:f1:1e:fb:e7:fc:
19:3f:a7:42:33:1c:73:61:cb:e3:c3:ee:39:e4:a7:
6d:e8:15:4b:3f:4d:71:35:86:78:c0:7e:cd:b9:b6:
53:f1:a7:d6:21:a1:ba:13:75:3f:71:15:70:79:42:
c1:b5:f4:e4:a6:c3:de:87:18:a8:61:1f:ca:7d:2a:
b7:6c:00:4f:22:f9:a0:b0:10:33:71:c5:76:79:26:
89:86:55:08:2c:1e:be:8a:93:84:49:db:78:42:9d:
46:85:ed:34:64:fd:76:49:0f:6e:69:4a:b9:46:3f:
0e:96:8c:fb:cc:2e:7c:1f:13:e0:b4:2d:29:fe:1b:
b9:a8:03:ab:9d:f1:af:34:a9:d5:93:27:6f:c2:e4:
fd:54:d8:4b:d1:13:fd:05:2f:b0:aa:6f:93:6c:a8:
34:07:5a:ac:79:09:d9:88:f6:fe:eb:a1:12:99:70:
c1:64:5a:1e:27:ae:10:20:0b:13:1e:1c:fc:d1:17:
12:1d:21:1c:d2:bd:92:b1:77:a4:46:8a:41:36:0e:
21:7e:94:ea:60:77:33:fc:69:f1:50:e8:d3:ac:fe:
80:0a:6b:e4:f7:c8:86:1d:38:41:b7:c1:33:9a:01:
ac:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:3F:FA:43:47:73:5C:C4:87:61:93:E4:99:93:38:0A:99:E2:A0:F6
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/7j_6Q0dzXMSHYZPkmZM4CpnioPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.240.243.0/24
193.200.161.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:f1:54:a2:3b:9d:1f:91:e2:90:7e:9f:01:5d:c2:60:24:1a:
14:77:c1:9d:57:10:09:d8:84:d2:86:94:4f:8a:25:f3:96:fd:
3f:5f:eb:38:cc:a2:33:ee:3b:64:d8:e5:de:ec:0d:98:58:1c:
30:cf:0b:7d:99:41:b3:1f:75:24:cc:b7:5c:71:db:f9:2e:7b:
2f:a2:29:a9:bc:f3:24:b2:a9:0d:0b:82:f9:3f:ed:46:10:52:
34:25:3a:e2:7f:31:26:f6:2c:59:9b:90:07:36:07:98:0d:9d:
84:2e:26:ee:d9:60:55:54:f4:cf:9f:8e:32:bb:c4:e1:dc:29:
ba:cf:dc:73:21:9b:ca:88:4e:78:7f:37:48:2a:1c:c9:16:c3:
d6:ba:b3:d5:82:9b:5b:03:39:9f:8a:8e:e6:99:a8:97:a7:5e:
41:11:12:6a:d3:48:83:c5:fd:4a:cc:7e:77:4e:45:cc:35:b7:
0e:c9:30:6e:2b:d5:86:17:ae:53:3b:cf:3e:25:b2:2f:af:81:
4d:57:cd:0a:aa:81:9c:f2:a4:05:69:e6:47:97:79:a0:a3:ef:
10:93:9b:ff:66:c4:0c:0a:c4:c6:9a:37:7d:89:e6:e4:b1:cc:
ae:4e:59:eb:3d:cf:e1:a7:9b:58:8f:be:a1:8e:3b:82:24:cf:
b6:0a:3f:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYfHdiT0snqH4A2eiNnj9PJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwNDI4MTA0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTNmZmE0MzQ3NzM1Y2M0ODc2MTkzZTQ5OTkzMzgwYTk5ZTJhMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl73p9NQ46RJaKaDPWPpz6AK0+yIp
BFlZ8R775/wZP6dCMxxzYcvjw+455Kdt6BVLP01xNYZ4wH7NubZT8afWIaG6E3U/
cRVweULBtfTkpsPehxioYR/KfSq3bABPIvmgsBAzccV2eSaJhlUILB6+ipOESdt4
Qp1Ghe00ZP12SQ9uaUq5Rj8Oloz7zC58HxPgtC0p/hu5qAOrnfGvNKnVkydvwuT9
VNhL0RP9BS+wqm+TbKg0B1qseQnZiPb+66ESmXDBZFoeJ64QIAsTHhz80RcSHSEc
0r2SsXekRopBNg4hfpTqYHcz/GnxUOjTrP6ACmvk98iGHThBt8EzmgGsvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO4/+kNHc1zEh2GT5JmTOAqZ4qD2MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvN2pfNlEwZHpYTVNIWVpQa21aTTRDcG5pb1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/DzAwQA
wcihMA0GCSqGSIb3DQEBCwUAA4IBAQA78VSiO50fkeKQfp8BXcJgJBoUd8GdVxAJ
2ITShpRPiiXzlv0/X+s4zKIz7jtk2OXe7A2YWBwwzwt9mUGzH3UkzLdccdv5Lnsv
oimpvPMksqkNC4L5P+1GEFI0JTrifzEm9ixZm5AHNgeYDZ2ELibu2WBVVPTPn44y
u8Th3Cm6z9xzIZvKiE54fzdIKhzJFsPWurPVgptbAzmfio7mmaiXp15BERJq00iD
xf1KzH53TkXMNbcOyTBuK9WGF65TO88+JbIvr4FNV80KqoGc8qQFaeZHl3mgo+8Q
k5v/ZsQMCsTGmjd9iebkscyuTlnrPc/hp5tYj76hjjuCJM+2Cj9q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org