Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa
File: Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa (raw, json)
Hash identifier: JZk2EIkKiG5cbIULxzcQXQk9/Sf+YkU4t1M81G80p00=
Subject key identifier: 63:47:98:E8:8D:BF:2A:04:0D:54:59:52:23:EA:03:A6:45:4E:DE:9C
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 018CC7275DDB7D4114D215B48C9AB1B264C3
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa
Signing time: Mon 01 Jan 2024 22:31:35 +0000
ROA not before: Mon 01 Jan 2024 22:31:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39465
IP address blocks: 91.231.136.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:5d:db:7d:41:14:d2:15:b4:8c:9a:b1:b2:64:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Jan 1 22:31:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=634798e88dbf2a040d54595223ea03a6454ede9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:57:44:9d:75:9b:69:65:28:09:27:5a:00:43:
f9:7e:6b:8c:81:ee:eb:3c:b2:28:07:6a:ff:50:cf:
b6:cd:e4:35:ee:47:ad:b3:36:e5:58:bb:b0:c8:d5:
cd:d3:7d:88:89:9e:d4:34:94:20:9e:43:5e:03:8d:
a7:2b:92:34:b3:40:fb:eb:d6:3d:d1:d8:65:6f:6d:
e7:fe:b3:a0:e1:2a:22:ab:dd:47:48:6f:39:8b:9d:
8e:65:fd:da:1a:19:40:74:2c:8e:23:6e:71:81:c7:
54:79:d6:c3:c6:6f:16:a5:63:5f:2b:25:b8:a2:db:
aa:8c:0d:64:cc:62:9e:c2:19:5a:e0:6f:cf:a3:14:
d1:c5:4b:99:49:f2:ea:89:16:5e:57:0e:21:73:fa:
47:2e:68:c1:ad:66:08:ad:aa:0f:b4:01:8e:81:25:
34:8b:1e:74:68:c5:0c:c6:fb:bf:88:d9:d2:15:9e:
32:c1:3a:ce:15:ab:cc:6f:f3:47:f6:e3:92:af:a8:
24:37:a6:61:b7:39:5c:92:88:b6:fa:e7:8d:1b:b6:
c2:41:82:86:0f:c6:f2:ab:b7:50:4d:f7:a1:1b:34:
32:21:f3:61:b4:08:a7:ef:9b:bd:84:7a:c6:b1:ad:
70:53:f5:91:e4:63:34:28:e0:21:87:59:d2:f1:6c:
33:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:47:98:E8:8D:BF:2A:04:0D:54:59:52:23:EA:03:A6:45:4E:DE:9C
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.136.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:47:63:cb:39:c0:97:b6:cc:c0:18:b8:56:76:ff:b9:69:d3:
06:dd:95:d1:58:4e:28:56:2b:33:1f:33:0d:3e:9e:1a:20:74:
ce:74:94:16:5b:9b:86:36:be:61:ed:cf:f2:15:4d:cf:2d:aa:
f0:83:09:c2:88:31:ac:e9:16:57:a3:c8:c1:e0:7a:60:61:ea:
b3:3e:9e:d7:bb:ee:ff:06:93:5e:b8:73:08:08:58:ac:a1:fe:
ac:28:54:a4:54:19:c2:a8:6f:87:57:66:1d:9b:51:13:0f:24:
5f:ef:fa:b1:82:40:ea:f9:6f:40:03:65:d3:f2:ca:4d:2f:e6:
e9:4d:8a:a3:bb:2f:8b:c8:29:17:d8:f4:58:b1:c5:23:42:81:
71:99:20:0c:62:14:31:e3:2a:39:45:b4:4a:2c:54:4d:b3:fb:
24:a2:d3:63:47:7a:f4:df:62:de:d5:7f:81:43:98:67:48:5c:
23:a8:70:76:da:9a:b8:3f:bc:45:df:b8:f7:58:b5:2d:b7:31:
60:9a:d0:a7:95:1e:22:5e:82:ea:90:ef:cf:97:2a:68:3e:a8:
ee:a1:fe:39:62:a4:06:d2:0f:fc:de:d9:99:c1:41:db:03:82:
81:a5:7e:21:fb:39:4f:d5:75:8d:fc:85:89:a8:15:2b:ad:2a:
12:26:78:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ13bfUEU0hW0jJqxsmTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQ3OThlODhkYmYyYTA0MGQ1NDU5NTIyM2VhMDNhNjQ1NGVkZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFdEnXWbaWUoCSdaAEP5fmuMge7r
PLIoB2r/UM+2zeQ17ketszblWLuwyNXN032IiZ7UNJQgnkNeA42nK5I0s0D769Y9
0dhlb23n/rOg4Soiq91HSG85i52OZf3aGhlAdCyOI25xgcdUedbDxm8WpWNfKyW4
otuqjA1kzGKewhla4G/PoxTRxUuZSfLqiRZeVw4hc/pHLmjBrWYIraoPtAGOgSU0
ix50aMUMxvu/iNnSFZ4ywTrOFavMb/NH9uOSr6gkN6Zhtzlckoi2+ueNG7bCQYKG
D8byq7dQTfehGzQyIfNhtAin75u9hHrGsa1wU/WR5GM0KOAhh1nS8WwznQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNHmOiNvyoEDVRZUiPqA6ZFTt6cMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWTBlWTZJMl9LZ1FOVkZsU0ktb0Rwa1ZPM3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+eIMA0G
CSqGSIb3DQEBCwUAA4IBAQBfR2PLOcCXtszAGLhWdv+5adMG3ZXRWE4oViszHzMN
Pp4aIHTOdJQWW5uGNr5h7c/yFU3PLarwgwnCiDGs6RZXo8jB4HpgYeqzPp7Xu+7/
BpNeuHMICFisof6sKFSkVBnCqG+HV2Ydm1ETDyRf7/qxgkDq+W9AA2XT8spNL+bp
TYqjuy+LyCkX2PRYscUjQoFxmSAMYhQx4yo5RbRKLFRNs/skotNjR3r032Le1X+B
Q5hnSFwjqHB22pq4P7xF37j3WLUttzFgmtCnlR4iXoLqkO/PlypoPqjuof45YqQG
0g/83tmZwUHbA4KBpX4h+zlP1XWN/IWJqBUrrSoSJnh4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org