Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/d_XczNvR9Tlc8I27gAnkYjQ5xug.roa
File: d_XczNvR9Tlc8I27gAnkYjQ5xug.roa (raw, json)
Hash identifier: oftvMzpE0k1q1HNbvm81UGnhLjP6lf8WwZb045pfDSQ=
Subject key identifier: 77:F5:DC:CC:DB:D1:F5:39:5C:F0:8D:BB:80:09:E4:62:34:39:C6:E8
Certificate issuer: /CN=cfea8dbf21588b5f0c96471cea33b54ed10917e8
Certificate serial: 018B42264635010D380D471C034AE4F157FC
Authority key identifier: CF:EA:8D:BF:21:58:8B:5F:0C:96:47:1C:EA:33:B5:4E:D1:09:17:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z-qNvyFYi18Mlkcc6jO1TtEJF-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/d_XczNvR9Tlc8I27gAnkYjQ5xug.roa
Signing time: Wed 18 Oct 2023 09:38:06 +0000
ROA not before: Wed 18 Oct 2023 09:38:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 185.80.42.0/24 maxlen: 24
185.80.43.0/24 maxlen: 24
185.80.40.0/24 maxlen: 24
185.80.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:42:26:46:35:01:0d:38:0d:47:1c:03:4a:e4:f1:57:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfea8dbf21588b5f0c96471cea33b54ed10917e8
Validity
Not Before: Oct 18 09:38:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=77f5dcccdbd1f5395cf08dbb8009e4623439c6e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6e:9b:a9:73:44:7c:20:ca:25:5c:57:16:f2:
db:b8:2b:ed:ce:a1:5c:59:ef:f6:06:4f:12:58:48:
f1:8e:19:b0:cf:56:18:40:09:33:9f:69:a6:a8:63:
d5:18:28:cb:7d:e0:0a:af:39:0d:ef:62:42:cb:c1:
5d:ba:09:68:ab:f9:e2:a7:6b:16:1e:e5:e9:2c:70:
6b:f5:1e:ef:09:7b:c0:f9:7f:62:4b:6b:60:4d:04:
5d:42:eb:57:bf:fd:1d:cc:2d:e2:d4:1b:93:ca:5f:
62:51:30:26:7e:d0:67:4f:83:63:07:8f:12:c4:71:
44:7f:47:f9:c8:cf:67:ab:bc:b2:a6:84:49:94:d9:
19:02:b1:73:df:aa:de:60:04:1d:9b:59:70:c1:b1:
fd:25:04:2e:99:8f:25:56:7e:8a:e7:5c:6e:b6:e3:
26:00:be:f2:fa:a6:4b:b7:d7:33:85:17:50:7d:4b:
a5:1f:de:33:d3:14:cc:f0:58:b4:30:d1:f2:bf:7c:
f9:82:53:d2:9e:32:18:9a:9a:d3:58:be:95:17:59:
fb:71:95:e9:e2:1d:fc:63:a6:c6:10:11:a1:51:02:
ec:5e:f9:0e:f4:93:ae:e0:b0:a1:b8:e8:a5:00:48:
71:89:ce:0a:12:ef:4c:08:a4:d7:2c:b3:88:10:47:
7a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:F5:DC:CC:DB:D1:F5:39:5C:F0:8D:BB:80:09:E4:62:34:39:C6:E8
X509v3 Authority Key Identifier:
keyid:CF:EA:8D:BF:21:58:8B:5F:0C:96:47:1C:EA:33:B5:4E:D1:09:17:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-qNvyFYi18Mlkcc6jO1TtEJF-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/d_XczNvR9Tlc8I27gAnkYjQ5xug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/z-qNvyFYi18Mlkcc6jO1TtEJF-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.80.40.0/22
Signature Algorithm: sha256WithRSAEncryption
54:3a:61:79:03:9b:eb:ef:45:35:fb:12:1c:d7:0f:21:34:4f:
bb:77:fa:60:2f:96:c4:30:d7:39:84:72:3e:59:96:7d:3f:4f:
6b:53:09:2e:eb:87:5b:0a:5b:56:0e:d8:38:b3:bc:3d:e6:f4:
ff:4d:f7:b6:b0:b5:38:9e:41:42:2a:9d:dc:bf:39:01:41:67:
b7:a2:42:a6:05:f2:37:f1:cf:ec:2c:f8:32:e5:56:17:c3:a8:
12:16:f9:67:56:1a:82:43:91:97:b7:80:13:ec:e9:97:b5:c0:
90:0f:7e:37:ac:9e:77:75:26:30:2d:94:37:7c:8f:7f:ca:e3:
87:63:a5:5a:4a:8a:65:45:1f:76:c7:3b:fe:76:ee:66:bf:4f:
0f:64:36:69:18:4d:cc:63:34:22:4b:4a:5a:ac:f5:a6:06:d9:
37:88:13:fc:a2:19:2d:ff:cc:57:98:0c:7e:a6:0d:86:9c:7c:
21:24:44:7a:c6:b6:d8:80:de:5b:4e:33:a2:c6:c4:e2:df:a9:
c4:6d:c8:a0:65:a4:78:df:c5:e2:49:f4:ef:2c:d8:bd:f3:e9:
7e:fe:5b:fb:89:68:90:b8:55:2e:92:cc:72:3e:b8:4d:cd:76:
b6:7d:d3:06:36:ee:d0:2a:3c:f2:46:f9:ee:39:a1:c7:97:7d:
be:f3:11:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtCJkY1AQ04DUccA0rk8Vf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWE4ZGJmMjE1ODhiNWYwYzk2NDcxY2VhMzNiNTRlZDEw
OTE3ZTgwHhcNMjMxMDE4MDkzODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Y1ZGNjY2RiZDFmNTM5NWNmMDhkYmI4MDA5ZTQ2MjM0MzljNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW6bqXNEfCDKJVxXFvLbuCvtzqFc
We/2Bk8SWEjxjhmwz1YYQAkzn2mmqGPVGCjLfeAKrzkN72JCy8Fdugloq/nip2sW
HuXpLHBr9R7vCXvA+X9iS2tgTQRdQutXv/0dzC3i1BuTyl9iUTAmftBnT4NjB48S
xHFEf0f5yM9nq7yypoRJlNkZArFz36reYAQdm1lwwbH9JQQumY8lVn6K51xutuMm
AL7y+qZLt9czhRdQfUulH94z0xTM8Fi0MNHyv3z5glPSnjIYmprTWL6VF1n7cZXp
4h38Y6bGEBGhUQLsXvkO9JOu4LChuOilAEhxic4KEu9MCKTXLLOIEEd6xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHf13Mzb0fU5XPCNu4AJ5GI0OcboMB8GA1UdIwQY
MBaAFM/qjb8hWItfDJZHHOoztU7RCRfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1xTnZ5RllpMThNbGtjYzZqTzFUdEVKRi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wMzI2ODYtMGQyNC00NjYwLWFlNzIt
NzM5MTIwN2VhYzMzLzEvZF9YY3pOdlI5VGxjOEkyN2dBbmtZalE1eHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wMzI2ODYtMGQyNC00NjYwLWFlNzItNzM5MTIwN2VhYzMz
LzEvei1xTnZ5RllpMThNbGtjYzZqTzFUdEVKRi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVAoMA0G
CSqGSIb3DQEBCwUAA4IBAQBUOmF5A5vr70U1+xIc1w8hNE+7d/pgL5bEMNc5hHI+
WZZ9P09rUwku64dbCltWDtg4s7w95vT/Tfe2sLU4nkFCKp3cvzkBQWe3okKmBfI3
8c/sLPgy5VYXw6gSFvlnVhqCQ5GXt4AT7OmXtcCQD343rJ53dSYwLZQ3fI9/yuOH
Y6VaSoplRR92xzv+du5mv08PZDZpGE3MYzQiS0parPWmBtk3iBP8ohkt/8xXmAx+
pg2GnHwhJER6xrbYgN5bTjOixsTi36nEbcigZaR438XiSfTvLNi98+l+/lv7iWiQ
uFUuksxyPrhNzXa2fdMGNu7QKjzyRvnuOaHHl32+8xFu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:08 2024 by rpki-client on console-ams.rpki-client.org