Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/J-KiQyhJXna8HN20LdBg0crmWj4.roa
File: J-KiQyhJXna8HN20LdBg0crmWj4.roa (raw, json)
Hash identifier: 8zxyp0BXLLQcnNT0C5TSceq9DXDxbYnnJ3BMYelJFvs=
Subject key identifier: 27:E2:A2:43:28:49:5E:76:BC:1C:DD:B4:2D:D0:60:D1:CA:E6:5A:3E
Certificate issuer: /CN=1045dacc837798c3e6cf31f4d27946a33b0de661
Certificate serial: 29FD1B93
Authority key identifier: 10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/J-KiQyhJXna8HN20LdBg0crmWj4.roa
Signing time: Sat 01 Jan 2022 13:54:33 +0000
ROA not before: Sat 01 Jan 2022 13:54:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 213175
IP address blocks: 93.179.67.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 704453523 (0x29fd1b93)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1045dacc837798c3e6cf31f4d27946a33b0de661
Validity
Not Before: Jan 1 13:54:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=27e2a24328495e76bc1cddb42dd060d1cae65a3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:77:4e:98:65:fe:14:03:53:f8:91:2f:fe:d2:
db:b0:0d:12:56:2f:f1:09:4d:72:8f:dc:bb:92:7e:
7b:73:52:54:f1:d4:0b:a6:06:21:9a:58:6e:43:2c:
74:9c:5a:4c:e9:3a:25:76:15:7c:63:59:fe:cc:89:
43:59:6b:ab:e8:aa:6a:04:42:ef:69:1a:70:4b:13:
98:9a:c4:84:7f:6f:ae:bb:57:41:a6:58:a8:b8:3d:
8b:a3:ac:9d:c9:b9:7f:93:18:e6:29:df:ad:b0:ce:
52:40:bd:e7:1c:ca:78:73:f7:de:a5:04:8d:ed:be:
3d:93:af:c4:b6:0a:73:ed:d4:03:bc:4b:7e:ef:2c:
79:00:55:3a:f7:ee:7e:7b:ac:d0:4f:15:41:9f:f6:
14:10:98:3a:5c:d3:35:2e:68:71:78:f4:c8:ea:0f:
57:ce:a8:26:1b:bd:dc:7d:50:c6:85:a2:fb:c7:c3:
b2:9d:d8:c2:bd:2c:83:0a:0a:fa:37:4e:8b:1b:ab:
00:72:77:5a:5f:23:de:93:43:6d:d9:78:3e:f1:12:
0f:8c:b0:46:4b:b6:be:f5:f1:83:16:34:3c:54:7e:
0a:6b:ed:b3:74:70:0a:e7:71:12:a6:be:b8:41:e3:
aa:85:22:78:7e:67:99:71:f0:a1:a9:73:59:f8:c0:
36:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:E2:A2:43:28:49:5E:76:BC:1C:DD:B4:2D:D0:60:D1:CA:E6:5A:3E
X509v3 Authority Key Identifier:
keyid:10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/J-KiQyhJXna8HN20LdBg0crmWj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/EEXazIN3mMPmzzH00nlGozsN5mE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.179.67.0/24
Signature Algorithm: sha256WithRSAEncryption
00:51:28:54:55:6b:00:54:56:1b:e9:05:1b:e6:6a:74:68:ea:
b8:fa:bd:cf:74:ea:c8:d4:05:0f:66:a6:e5:85:50:c2:99:1b:
f4:9c:3b:0e:55:4b:4d:2a:29:14:2e:73:86:12:08:cb:9a:70:
2d:92:b1:86:5c:88:3a:42:8d:ed:fb:fc:30:5d:4c:5a:9a:01:
61:a4:0d:01:25:ed:40:dd:de:02:db:29:f0:81:d1:6d:98:f9:
f9:59:6f:24:ab:99:56:cc:90:c1:d3:59:e9:70:52:5c:f0:f6:
43:b2:86:29:60:cc:3a:f7:e7:3b:82:40:47:ba:87:49:15:58:
f5:a3:85:5d:97:97:73:a8:b9:85:99:88:2b:47:ec:bb:54:88:
31:e1:a9:15:e2:a3:36:ce:a0:f7:aa:64:bb:ec:7d:f2:4d:ac:
69:eb:b8:28:54:62:53:35:17:20:58:98:9f:f2:fd:47:5e:4f:
44:2f:41:b5:0e:34:56:45:fe:ee:25:01:ed:54:97:8b:8e:9b:
d9:1d:4b:98:f3:3c:67:87:ee:7b:56:cb:8e:3b:27:85:6c:93:
a1:98:ff:11:44:e1:b1:0c:c1:b0:30:38:8f:24:ea:19:e0:09:
95:ff:65:5e:7e:96:38:14:2d:be:19:9e:27:0a:e3:0d:ef:81:
f3:8b:11:09
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEKf0bkzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDQ1ZGFjYzgzNzc5OGMzZTZjZjMxZjRkMjc5NDZhMzNiMGRlNjYxMB4XDTIyMDEw
MTEzNTQzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjdlMmEyNDMyODQ5
NWU3NmJjMWNkZGI0MmRkMDYwZDFjYWU2NWEzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMB3Tphl/hQDU/iRL/7S27ANElYv8QlNco/cu5J+e3NSVPHU
C6YGIZpYbkMsdJxaTOk6JXYVfGNZ/syJQ1lrq+iqagRC72kacEsTmJrEhH9vrrtX
QaZYqLg9i6Osncm5f5MY5infrbDOUkC95xzKeHP33qUEje2+PZOvxLYKc+3UA7xL
fu8seQBVOvfufnus0E8VQZ/2FBCYOlzTNS5ocXj0yOoPV86oJhu93H1QxoWi+8fD
sp3Ywr0sgwoK+jdOixurAHJ3Wl8j3pNDbdl4PvESD4ywRku2vvXxgxY0PFR+Cmvt
s3RwCudxEqa+uEHjqoUieH5nmXHwoalzWfjANm0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQn4qJDKEledrwc3bQt0GDRyuZaPjAfBgNVHSMEGDAWgBQQRdrMg3eYw+bP
MfTSeUajOw3mYTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VFWGF6SU4zbU1QbXp6SDAwbmxHb3pzTjVtRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjIvMjY2Y2FmLTNiNDMtNDllMC1iNmUxLTljMTc0ZTUzZTRmZS8x
L0otS2lReWhKWG5hOEhOMjBMZEJnMGNybVdqNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIv
MjY2Y2FmLTNiNDMtNDllMC1iNmUxLTljMTc0ZTUzZTRmZS8xL0VFWGF6SU4zbU1Q
bXp6SDAwbmxHb3pzTjVtRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF2zQzANBgkqhkiG9w0BAQsFAAOC
AQEAAFEoVFVrAFRWG+kFG+ZqdGjquPq9z3TqyNQFD2am5YVQwpkb9Jw7DlVLTSop
FC5zhhIIy5pwLZKxhlyIOkKN7fv8MF1MWpoBYaQNASXtQN3eAtsp8IHRbZj5+Vlv
JKuZVsyQwdNZ6XBSXPD2Q7KGKWDMOvfnO4JAR7qHSRVY9aOFXZeXc6i5hZmIK0fs
u1SIMeGpFeKjNs6g96pku+x98k2saeu4KFRiUzUXIFiYn/L9R15PRC9BtQ40VkX+
7iUB7VSXi46b2R1LmPM8Z4fue1bLjjsnhWyToZj/EUThsQzBsDA4jyTqGeAJlf9l
Xn6WOBQtvhmeJwrjDe+B84sRCQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:45 2025 by rpki-client