Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/immIhQUlJoecA0exrGiXSiwHgP8.roa
File: immIhQUlJoecA0exrGiXSiwHgP8.roa (raw, json)
Hash identifier: lBG5Acm5cAM1K+QXivEgrvEc8NkbqJz41lku8RBa2sQ=
Subject key identifier: 8A:69:88:85:05:25:26:87:9C:03:47:B1:AC:68:97:4A:2C:07:80:FF
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 095080BA
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/immIhQUlJoecA0exrGiXSiwHgP8.roa
Signing time: Mon 28 Mar 2022 09:48:00 +0000
ROA not before: Mon 28 Mar 2022 09:48:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205516
IP address blocks: 193.106.99.0/24 maxlen: 24
45.8.116.0/22 maxlen: 24
91.198.101.0/24 maxlen: 24
2a0e:6600::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 156270778 (0x95080ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Mar 28 09:48:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8a698885052526879c0347b1ac68974a2c0780ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:7d:4f:4e:8c:b4:a5:b5:36:69:33:21:44:26:
26:3b:67:cb:1a:2a:63:a7:e6:91:63:55:7c:32:2c:
1b:d9:5e:a2:eb:e4:2e:87:51:40:27:4e:61:f1:1e:
87:f1:2f:95:7f:cf:c8:11:db:81:64:84:52:95:03:
39:84:97:80:29:cc:a3:c0:c1:22:ca:75:45:13:66:
78:ad:ce:4b:2d:15:39:35:c4:71:f0:c8:ac:a2:55:
f8:8f:a0:f1:34:f5:79:34:b8:fc:62:9d:3b:09:3f:
c4:00:08:d1:62:66:b3:52:b4:ba:0b:87:8e:63:22:
6a:8a:61:21:9b:27:01:d4:06:fb:c2:0f:74:51:47:
c0:4b:17:36:63:7a:10:97:86:a3:eb:1d:d7:d5:88:
4b:db:8e:a7:93:cf:32:17:33:3a:94:c9:46:82:da:
3b:98:2a:9e:3e:eb:41:f6:44:8b:2d:8c:83:e5:65:
dd:41:74:91:b6:38:fb:5d:92:6b:99:f9:9d:95:dc:
7f:a5:b6:13:35:7a:93:b5:5d:03:de:e1:48:22:b5:
b9:0f:fe:18:48:2f:e0:22:84:87:16:43:a3:31:81:
70:7b:7f:5a:b4:51:62:c9:c2:e4:e6:a3:57:5b:e9:
e3:04:e6:e3:72:af:4a:86:94:c1:f9:49:b1:2e:cf:
bc:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:69:88:85:05:25:26:87:9C:03:47:B1:AC:68:97:4A:2C:07:80:FF
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/immIhQUlJoecA0exrGiXSiwHgP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.116.0/22
91.198.101.0/24
193.106.99.0/24
IPv6:
2a0e:6600::/29
Signature Algorithm: sha256WithRSAEncryption
46:01:72:96:da:6c:e0:b7:ad:3c:f4:98:2e:01:bc:72:21:77:
17:7d:a0:64:b7:04:b7:68:8d:e0:b1:de:1d:3f:96:fe:30:49:
24:04:c3:fb:ef:d4:8d:66:97:75:e9:d0:1d:c6:30:01:e5:00:
eb:84:9b:af:9b:7f:b5:e0:bd:9e:0f:26:ff:d1:55:96:4d:e1:
be:12:b5:d6:c2:1d:c8:8c:a3:6a:65:98:c1:16:12:93:6a:ff:
c3:dc:37:b5:4b:7b:03:e9:36:25:c4:fd:d5:2d:5c:f0:35:5b:
af:36:f4:cd:67:50:34:2b:3b:8e:39:9b:e3:47:7e:9f:d5:d8:
df:17:43:c1:61:0c:db:0d:1f:84:0d:93:8c:d9:fe:77:3f:87:
10:06:05:19:39:81:1d:36:45:59:78:6b:47:6d:fa:f6:e1:d2:
71:39:e9:bc:7e:ab:45:89:61:e3:4c:a5:96:14:7d:8a:17:82:
ad:02:84:32:07:9a:0c:cb:49:c0:a5:82:c0:bb:96:23:89:e4:
2b:bb:a4:45:34:01:ef:b5:9f:a1:e3:0a:4f:2b:39:4f:cb:80:
07:c2:2e:ae:7e:0a:fe:df:95:d6:0c:ca:78:f6:2d:ad:e7:3e:
b9:d7:b9:15:88:33:3d:3e:ac:22:52:3e:3f:b7:ff:3b:e0:ca:
9f:37:40:23
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIECVCAujANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTczMjc4MDVkZjIwZmI1YzFkNmY0ZTg5MDc0NzQzY2FlYjI0YWY3MB4XDTIyMDMy
ODA5NDgwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGE2OTg4ODUwNTI1
MjY4NzljMDM0N2IxYWM2ODk3NGEyYzA3ODBmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMB9T06MtKW1NmkzIUQmJjtnyxoqY6fmkWNVfDIsG9leouvk
LodRQCdOYfEeh/EvlX/PyBHbgWSEUpUDOYSXgCnMo8DBIsp1RRNmeK3OSy0VOTXE
cfDIrKJV+I+g8TT1eTS4/GKdOwk/xAAI0WJms1K0uguHjmMiaophIZsnAdQG+8IP
dFFHwEsXNmN6EJeGo+sd19WIS9uOp5PPMhczOpTJRoLaO5gqnj7rQfZEiy2Mg+Vl
3UF0kbY4+12Sa5n5nZXcf6W2EzV6k7VdA97hSCK1uQ/+GEgv4CKEhxZDozGBcHt/
WrRRYsnC5OajV1vp4wTm43KvSoaUwflJsS7PvOECAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBSKaYiFBSUmh5wDR7GsaJdKLAeA/zAfBgNVHSMEGDAWgBQKcyeAXfIPtcHW
9OiQdHQ8rrJK9zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NuTW5nRjN5RDdYQjF2VG9rSFIwUEs2eVN2Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvOGIxZmFjLTVhMjEtNDg0OC1hNjZhLTEwYmI0NTc5ZDUyOC8x
L2ltbUloUVVsSm9lY0EwZXhyR2lYU2l3SGdQOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
OGIxZmFjLTVhMjEtNDg0OC1hNjZhLTEwYmI0NTc5ZDUyOC8xL0NuTW5nRjN5RDdY
QjF2VG9rSFIwUEs2eVN2Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAi0IdAMEAFvGZQMEAMFqYzANBAIA
AjAHAwUDKg5mADANBgkqhkiG9w0BAQsFAAOCAQEARgFyltps4LetPPSYLgG8ciF3
F32gZLcEt2iN4LHeHT+W/jBJJATD++/UjWaXdenQHcYwAeUA64Sbr5t/teC9ng8m
/9FVlk3hvhK11sIdyIyjamWYwRYSk2r/w9w3tUt7A+k2JcT91S1c8DVbrzb0zWdQ
NCs7jjmb40d+n9XY3xdDwWEM2w0fhA2TjNn+dz+HEAYFGTmBHTZFWXhrR2369uHS
cTnpvH6rRYlh40yllhR9iheCrQKEMgeaDMtJwKWCwLuWI4nkK7ukRTQB77WfoeMK
Tys5T8uAB8Iurn4K/t+V1gzKePYtrec+ude5FYgzPT6sIlI+P7f/O+DKnzdAIw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:15 2024 by rpki-client on console-fra.rpki-client.org