Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/hKDLL5OYqG5yXkwsikRXFGBzoLM.roa
File: hKDLL5OYqG5yXkwsikRXFGBzoLM.roa (raw, json)
Hash identifier: L+KGzMwgJIhSzDhERCjG3dtZyGCmSj18jLccknU5s2k=
Subject key identifier: 84:A0:CB:2F:93:98:A8:6E:72:5E:4C:2C:8A:44:57:14:60:73:A0:B3
Certificate issuer: /CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
Certificate serial: 01856CE61D7D5395D044B72804B0266C08C5
Authority key identifier: 92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/hKDLL5OYqG5yXkwsikRXFGBzoLM.roa
Signing time: Sun 01 Jan 2023 10:34:58 +0000
ROA not before: Sun 01 Jan 2023 10:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206119
IP address blocks: 194.1.244.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:e6:1d:7d:53:95:d0:44:b7:28:04:b0:26:6c:08:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
Validity
Not Before: Jan 1 10:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84a0cb2f9398a86e725e4c2c8a4457146073a0b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:ba:1b:23:68:dd:fb:db:1c:e8:5e:29:4e:42:
ce:d2:8f:51:2b:b1:f6:d1:7e:bc:e9:3a:ac:ea:fe:
dd:a2:b7:fe:54:7c:12:22:30:e8:88:a7:c1:e7:2e:
52:a8:36:29:8e:ba:68:85:85:f3:c5:b7:7b:db:ee:
85:d8:b3:5a:45:aa:79:18:42:76:87:66:b7:f0:63:
57:a1:a8:db:58:14:f2:b1:ee:31:89:d0:55:59:17:
bd:56:51:74:75:5d:e9:d3:11:4b:93:0b:ae:8a:c5:
ae:79:0b:e4:76:68:80:23:c7:67:c0:c9:c2:1d:83:
ed:4a:9a:fb:e1:cf:72:24:54:3e:ad:b1:f1:68:34:
4c:78:52:39:d9:c5:09:a4:31:14:40:b0:bc:69:93:
6e:02:81:32:a4:12:40:4c:9a:b2:3c:15:7e:23:30:
de:94:02:b9:c0:3e:07:f2:ea:bb:e9:cf:3f:54:90:
d9:bc:6f:74:ae:ac:1e:ab:bb:8f:0b:ce:7d:e4:df:
a9:c3:2f:85:4c:1d:68:6e:6f:57:65:ca:eb:9e:61:
04:f1:e4:bb:87:00:8a:f3:59:16:73:94:35:43:24:
83:96:6d:93:a3:1a:ad:7d:0d:19:09:bf:89:e6:e3:
91:c8:8d:0a:87:9e:f7:b9:df:67:51:8c:2d:70:37:
5f:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:A0:CB:2F:93:98:A8:6E:72:5E:4C:2C:8A:44:57:14:60:73:A0:B3
X509v3 Authority Key Identifier:
keyid:92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/hKDLL5OYqG5yXkwsikRXFGBzoLM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.1.244.0/24
Signature Algorithm: sha256WithRSAEncryption
bf:7e:93:ad:4c:38:fb:43:bb:84:77:ea:06:14:6b:10:83:16:
21:c1:8c:0f:f0:92:b6:16:30:a4:ae:91:ee:82:70:08:e9:a6:
be:60:d1:55:93:68:68:26:81:3a:7c:31:31:82:f0:f4:80:f9:
31:53:c1:85:73:0d:41:77:69:fa:7d:5e:64:fc:5f:25:e0:40:
bc:a0:5c:b8:2d:af:70:e9:9a:f7:63:a9:63:e1:e4:e4:b7:fd:
aa:8f:3a:4a:dd:e9:57:0a:6e:a0:e7:9b:60:4e:eb:af:71:a5:
76:c6:a0:e7:de:c2:f1:6e:c7:9e:3f:b6:69:c8:f4:6f:bc:eb:
49:2a:3b:47:4a:91:43:a5:19:3d:c3:69:c2:8c:d2:58:98:a0:
62:ed:3a:29:db:cb:fd:f8:80:8e:cd:f7:ea:5b:47:fa:b3:c3:
a8:57:76:19:90:7a:47:bf:1f:19:e8:1f:40:2a:00:50:b3:cf:
93:48:cd:e2:bd:d8:56:fe:cf:25:52:72:47:a6:c5:ac:d9:28:
78:03:cf:50:39:51:00:74:a7:39:a3:b8:2b:57:58:74:86:c4:
71:49:59:dc:be:4f:09:42:0b:c0:b7:90:47:01:3d:ce:f0:97:
85:32:0b:ea:1b:de:88:8a:b2:8f:d6:d8:d0:ee:0c:7f:b7:e1:
38:dc:6a:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs5h19U5XQRLcoBLAmbAjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMTNmMmMyZDA2YzY0Yjg5NTQ1N2FiNTBmYzQ5MjAyODNh
NDljYzcwHhcNMjMwMTAxMTAzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGEwY2IyZjkzOThhODZlNzI1ZTRjMmM4YTQ0NTcxNDYwNzNhMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7obI2jd+9sc6F4pTkLO0o9RK7H2
0X686Tqs6v7dorf+VHwSIjDoiKfB5y5SqDYpjrpohYXzxbd72+6F2LNaRap5GEJ2
h2a38GNXoajbWBTyse4xidBVWRe9VlF0dV3p0xFLkwuuisWueQvkdmiAI8dnwMnC
HYPtSpr74c9yJFQ+rbHxaDRMeFI52cUJpDEUQLC8aZNuAoEypBJATJqyPBV+IzDe
lAK5wD4H8uq76c8/VJDZvG90rqweq7uPC8595N+pwy+FTB1obm9XZcrrnmEE8eS7
hwCK81kWc5Q1QySDlm2ToxqtfQ0ZCb+J5uORyI0Kh573ud9nUYwtcDdfNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISgyy+TmKhucl5MLIpEVxRgc6CzMB8GA1UdIwQY
MBaAFJIT8sLQbGS4lUV6tQ/EkgKDpJzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmIt
YjlkZmYzZTdhMzJlLzEvaEtETEw1T1lxRzV5WGt3c2lrUlhGR0J6b0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmItYjlkZmYzZTdhMzJl
LzEva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgH0MA0G
CSqGSIb3DQEBCwUAA4IBAQC/fpOtTDj7Q7uEd+oGFGsQgxYhwYwP8JK2FjCkrpHu
gnAI6aa+YNFVk2hoJoE6fDExgvD0gPkxU8GFcw1Bd2n6fV5k/F8l4EC8oFy4La9w
6Zr3Y6lj4eTkt/2qjzpK3elXCm6g55tgTuuvcaV2xqDn3sLxbseeP7ZpyPRvvOtJ
KjtHSpFDpRk9w2nCjNJYmKBi7Top28v9+ICOzffqW0f6s8OoV3YZkHpHvx8Z6B9A
KgBQs8+TSM3ivdhW/s8lUnJHpsWs2Sh4A89QOVEAdKc5o7grV1h0hsRxSVncvk8J
QgvAt5BHAT3O8JeFMgvqG96IirKP1tjQ7gx/t+E43Gpk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:01 2024 by rpki-client on console-ams.rpki-client.org