Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/xeAdBAnrDOItJX_rkdJIbxcnIf4.roa
File: xeAdBAnrDOItJX_rkdJIbxcnIf4.roa (raw, json)
Hash identifier: Y42rFkDC5QlRo+C2xma6RcIOPfd7JvO8KOjw/jLM7nI=
Subject key identifier: C5:E0:1D:04:09:EB:0C:E2:2D:25:7F:EB:91:D2:48:6F:17:27:21:FE
Certificate issuer: /CN=cfea8dbf21588b5f0c96471cea33b54ed10917e8
Certificate serial: 01838BC63D72548BC423DF68E29AADD1F864
Authority key identifier: CF:EA:8D:BF:21:58:8B:5F:0C:96:47:1C:EA:33:B5:4E:D1:09:17:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z-qNvyFYi18Mlkcc6jO1TtEJF-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/xeAdBAnrDOItJX_rkdJIbxcnIf4.roa
Signing time: Fri 30 Sep 2022 00:22:48 +0000
ROA not before: Fri 30 Sep 2022 00:22:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201272
IP address blocks: 185.80.42.0/24 maxlen: 24
185.80.41.0/24 maxlen: 24
185.80.40.0/24 maxlen: 24
185.80.40.0/23 maxlen: 23
185.80.43.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:8b:c6:3d:72:54:8b:c4:23:df:68:e2:9a:ad:d1:f8:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfea8dbf21588b5f0c96471cea33b54ed10917e8
Validity
Not Before: Sep 30 00:22:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c5e01d0409eb0ce22d257feb91d2486f172721fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:1b:f6:07:c9:d7:78:3f:f3:fe:b3:63:d7:c4:
65:49:3d:4d:71:77:58:cb:cf:37:41:04:92:a2:cd:
2e:3d:1d:ee:5d:2d:31:f1:55:86:2e:5f:c4:0b:da:
9a:58:f4:cf:4b:ab:00:fe:f9:b6:07:78:fc:96:2c:
70:cf:6f:64:8e:5c:93:16:17:12:51:8e:2c:5b:3b:
24:2c:f9:99:5b:a1:6e:1e:c2:82:e4:dd:7b:fc:92:
83:cc:fe:7d:61:f7:59:bf:47:7a:c3:c1:e2:44:99:
eb:95:62:34:c6:a9:5e:37:83:07:b6:28:40:bf:55:
0d:a0:43:5c:ba:3f:fa:17:5e:73:99:98:d2:85:7c:
cb:f3:a2:bb:2b:37:fe:3b:df:8d:0a:97:c2:13:31:
9e:2a:22:e2:8a:4f:45:dd:b2:27:22:61:9a:11:ab:
5f:67:c3:5b:58:5d:dd:9a:b6:bf:6c:ad:87:9a:8c:
1b:cc:39:03:b1:99:63:8f:82:0b:36:78:5f:05:1a:
fd:5c:0b:9d:33:37:e2:bc:4d:a5:01:e4:7b:0c:bb:
1a:2a:ec:0a:6a:38:1a:4f:63:a2:51:68:1d:ec:e6:
a7:b4:f8:d0:a0:30:a8:c9:59:e3:c7:3e:ee:fd:4f:
9a:2c:3d:41:b2:22:9f:46:48:53:9a:a9:43:1b:91:
89:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:E0:1D:04:09:EB:0C:E2:2D:25:7F:EB:91:D2:48:6F:17:27:21:FE
X509v3 Authority Key Identifier:
keyid:CF:EA:8D:BF:21:58:8B:5F:0C:96:47:1C:EA:33:B5:4E:D1:09:17:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-qNvyFYi18Mlkcc6jO1TtEJF-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/xeAdBAnrDOItJX_rkdJIbxcnIf4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/032686-0d24-4660-ae72-7391207eac33/1/z-qNvyFYi18Mlkcc6jO1TtEJF-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.80.40.0/22
Signature Algorithm: sha256WithRSAEncryption
8f:6c:73:9b:1f:b1:11:f2:08:b2:17:1a:25:52:12:84:bc:db:
12:de:d2:23:0f:4c:99:ae:35:93:74:63:33:aa:3e:a6:52:b7:
a4:11:98:9a:77:1d:8a:37:31:d1:2e:2c:23:ac:73:2d:4f:7d:
83:22:56:06:a3:b8:5f:18:f7:9f:23:86:8f:62:e3:8a:d4:15:
bb:d6:9c:c9:76:03:83:ea:6f:52:2e:1d:f3:17:ab:0b:b8:21:
ac:50:4c:94:a4:44:01:86:ed:0f:78:44:32:59:31:74:4b:32:
09:3a:c4:ef:4d:57:fe:e8:50:b4:ae:40:2c:5f:bd:a6:e3:a2:
34:db:ab:02:49:57:1f:3b:29:cd:07:57:a9:f6:40:be:80:29:
52:84:15:2e:4e:67:c2:d3:29:68:95:c1:02:ec:6f:a4:5c:a3:
9d:ad:dd:d0:ee:f4:d2:68:45:4c:d0:c3:ec:61:2d:8d:14:99:
9c:dd:73:d6:5a:51:9f:ca:b3:de:98:f8:06:eb:8c:03:58:73:
8f:42:3e:98:35:44:f0:c9:43:fc:f3:9d:ae:85:9f:5e:b8:28:
9a:a6:28:a1:1d:b9:12:50:0a:53:9e:c1:c5:6e:2f:a6:cd:17:
cb:ff:ea:9f:7f:17:69:74:47:e7:00:fd:28:ee:96:77:cb:17:
60:17:04:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYOLxj1yVIvEI99o4pqt0fhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWE4ZGJmMjE1ODhiNWYwYzk2NDcxY2VhMzNiNTRlZDEw
OTE3ZTgwHhcNMjIwOTMwMDAyMjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWUwMWQwNDA5ZWIwY2UyMmQyNTdmZWI5MWQyNDg2ZjE3MjcyMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRv2B8nXeD/z/rNj18RlST1NcXdY
y883QQSSos0uPR3uXS0x8VWGLl/EC9qaWPTPS6sA/vm2B3j8lixwz29kjlyTFhcS
UY4sWzskLPmZW6FuHsKC5N17/JKDzP59YfdZv0d6w8HiRJnrlWI0xqleN4MHtihA
v1UNoENcuj/6F15zmZjShXzL86K7Kzf+O9+NCpfCEzGeKiLiik9F3bInImGaEatf
Z8NbWF3dmra/bK2HmowbzDkDsZljj4ILNnhfBRr9XAudMzfivE2lAeR7DLsaKuwK
ajgaT2OiUWgd7OantPjQoDCoyVnjxz7u/U+aLD1BsiKfRkhTmqlDG5GJkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXgHQQJ6wziLSV/65HSSG8XJyH+MB8GA1UdIwQY
MBaAFM/qjb8hWItfDJZHHOoztU7RCRfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1xTnZ5RllpMThNbGtjYzZqTzFUdEVKRi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wMzI2ODYtMGQyNC00NjYwLWFlNzIt
NzM5MTIwN2VhYzMzLzEveGVBZEJBbnJET0l0SlhfcmtkSklieGNuSWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wMzI2ODYtMGQyNC00NjYwLWFlNzItNzM5MTIwN2VhYzMz
LzEvei1xTnZ5RllpMThNbGtjYzZqTzFUdEVKRi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVAoMA0G
CSqGSIb3DQEBCwUAA4IBAQCPbHObH7ER8giyFxolUhKEvNsS3tIjD0yZrjWTdGMz
qj6mUrekEZiadx2KNzHRLiwjrHMtT32DIlYGo7hfGPefI4aPYuOK1BW71pzJdgOD
6m9SLh3zF6sLuCGsUEyUpEQBhu0PeEQyWTF0SzIJOsTvTVf+6FC0rkAsX72m46I0
26sCSVcfOynNB1ep9kC+gClShBUuTmfC0ylolcEC7G+kXKOdrd3Q7vTSaEVM0MPs
YS2NFJmc3XPWWlGfyrPemPgG64wDWHOPQj6YNUTwyUP8852uhZ9euCiapiihHbkS
UApTnsHFbi+mzRfL/+qffxdpdEfnAP0o7pZ3yxdgFwRZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:11 2024 by rpki-client on console-fra.rpki-client.org