Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3f2003-9210-44bb-8a27-db3ec75fa20c/1/gbCVuC3XoJtx5pN39B-mSmS6IzY.roa
File: gbCVuC3XoJtx5pN39B-mSmS6IzY.roa (raw, json)
Hash identifier: WxYOGQmgb3aYXQw6ZVhpKOK3VT850vYNIGtWx7U3eG4=
Subject key identifier: 81:B0:95:B8:2D:D7:A0:9B:71:E6:93:77:F4:1F:A6:4A:64:BA:23:36
Certificate issuer: /CN=a9cad9a977bf8b6b40f0b8e998e5787c6ae641c0
Certificate serial: 018B000E10F52830AC0F22C5D8D66D42ADF7
Authority key identifier: A9:CA:D9:A9:77:BF:8B:6B:40:F0:B8:E9:98:E5:78:7C:6A:E6:41:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qcrZqXe_i2tA8LjpmOV4fGrmQcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/3f2003-9210-44bb-8a27-db3ec75fa20c/1/gbCVuC3XoJtx5pN39B-mSmS6IzY.roa
Signing time: Thu 05 Oct 2023 13:36:43 +0000
ROA not before: Thu 05 Oct 2023 13:36:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9080
IP address blocks: 213.168.160.0/20 maxlen: 24
85.132.140.0/22 maxlen: 24
79.127.128.0/18 maxlen: 24
212.71.128.0/18 maxlen: 24
85.132.160.0/19 maxlen: 24
2001:ae8::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:00:0e:10:f5:28:30:ac:0f:22:c5:d8:d6:6d:42:ad:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9cad9a977bf8b6b40f0b8e998e5787c6ae641c0
Validity
Not Before: Oct 5 13:36:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=81b095b82dd7a09b71e69377f41fa64a64ba2336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:15:8d:8e:ae:13:ac:e5:56:cf:64:62:fe:9d:
e8:5c:1d:cf:db:fa:64:61:2e:dd:7b:82:17:fe:fd:
51:ff:34:50:52:2e:dc:cf:72:69:dc:b6:4a:c6:09:
c0:be:5a:59:9f:76:e0:64:73:a0:1b:11:9a:24:ad:
fc:32:f1:26:8d:b4:84:38:3c:07:70:9d:b8:3e:a3:
9c:42:ca:34:67:bc:09:87:74:56:4f:2f:07:5d:62:
6f:b6:e9:9e:98:81:85:53:16:0e:57:7b:27:f7:c8:
4c:ce:c7:06:bd:3f:38:18:0e:72:07:63:dd:d9:3e:
c1:73:93:3e:82:34:8e:ac:d5:10:ac:15:4d:72:05:
9c:f9:75:20:29:d3:56:75:ce:80:78:73:47:f4:9f:
dd:4a:b3:6a:9e:23:9c:0d:b7:56:a9:1e:2f:1c:99:
cc:80:d4:ed:91:24:4f:62:29:6b:df:a8:be:5b:bc:
13:36:af:a5:e4:7c:c4:27:10:16:97:a2:bb:4b:f4:
72:39:f4:f1:62:19:67:2e:f2:d9:79:5b:b1:e8:31:
85:75:6a:eb:5c:4c:de:14:c8:98:73:53:05:6a:02:
2f:ad:b0:39:73:a3:6e:f8:44:23:e8:b9:b4:98:73:
2f:9b:40:47:2f:54:dc:a0:e6:bc:ad:a7:b1:c2:7c:
3d:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:B0:95:B8:2D:D7:A0:9B:71:E6:93:77:F4:1F:A6:4A:64:BA:23:36
X509v3 Authority Key Identifier:
keyid:A9:CA:D9:A9:77:BF:8B:6B:40:F0:B8:E9:98:E5:78:7C:6A:E6:41:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcrZqXe_i2tA8LjpmOV4fGrmQcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f2003-9210-44bb-8a27-db3ec75fa20c/1/gbCVuC3XoJtx5pN39B-mSmS6IzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f2003-9210-44bb-8a27-db3ec75fa20c/1/qcrZqXe_i2tA8LjpmOV4fGrmQcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.127.128.0/18
85.132.140.0/22
85.132.160.0/19
212.71.128.0/18
213.168.160.0/20
IPv6:
2001:ae8::/32
Signature Algorithm: sha256WithRSAEncryption
20:57:dd:f7:7a:9e:55:bd:7b:27:70:21:6d:c2:36:e5:c1:94:
f6:ae:a2:b9:36:f5:77:cd:31:78:c3:f2:d0:a1:69:08:8e:b9:
2f:48:66:89:7a:e6:a9:a5:6d:e3:3d:7d:d9:30:e3:8b:1a:06:
8b:11:56:20:6d:48:ab:52:02:63:38:cd:e5:a3:21:ef:74:cb:
cb:6e:08:44:c7:8e:af:6a:06:02:e9:50:1c:40:34:bb:91:ca:
55:82:12:f2:43:78:0d:24:35:79:20:31:97:2f:7d:3e:4b:cb:
42:1f:d1:4f:85:42:4b:46:24:00:93:f7:f2:8a:f7:7b:eb:3b:
ec:73:44:7c:c6:ab:83:59:5a:ee:83:b8:f9:fc:39:73:31:04:
8f:04:cf:58:3a:b1:be:f2:e7:5e:1a:72:79:90:55:0b:74:7a:
f1:c3:dc:f3:e3:e9:c7:00:d7:c1:51:e1:b6:58:22:f2:d5:e8:
d5:66:22:05:b2:61:54:93:4e:90:2b:e9:85:cb:b5:29:06:8f:
7b:2a:15:62:da:eb:57:23:77:53:b3:1c:c0:42:0f:c9:6a:b4:
cb:e3:a3:7c:75:7b:fa:12:e9:2d:ec:38:a7:5e:d5:42:5a:b6:
44:d9:2d:b4:49:00:4d:cb:5e:c2:50:d2:02:3f:e8:50:4d:bb:
f6:0c:0d:12
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYsADhD1KDCsDyLF2NZtQq33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Y2FkOWE5NzdiZjhiNmI0MGYwYjhlOTk4ZTU3ODdjNmFl
NjQxYzAwHhcNMjMxMDA1MTMzNjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWIwOTViODJkZDdhMDliNzFlNjkzNzdmNDFmYTY0YTY0YmEyMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBWNjq4TrOVWz2Ri/p3oXB3P2/pk
YS7de4IX/v1R/zRQUi7cz3Jp3LZKxgnAvlpZn3bgZHOgGxGaJK38MvEmjbSEODwH
cJ24PqOcQso0Z7wJh3RWTy8HXWJvtumemIGFUxYOV3sn98hMzscGvT84GA5yB2Pd
2T7Bc5M+gjSOrNUQrBVNcgWc+XUgKdNWdc6AeHNH9J/dSrNqniOcDbdWqR4vHJnM
gNTtkSRPYilr36i+W7wTNq+l5HzEJxAWl6K7S/RyOfTxYhlnLvLZeVux6DGFdWrr
XEzeFMiYc1MFagIvrbA5c6Nu+EQj6Lm0mHMvm0BHL1TcoOa8raexwnw98wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIGwlbgt16CbceaTd/QfpkpkuiM2MB8GA1UdIwQY
MBaAFKnK2al3v4trQPC46ZjleHxq5kHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWNyWnFYZV9pMnRBOExqcG1PVjRmR3JtUWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zZjIwMDMtOTIxMC00NGJiLThhMjct
ZGIzZWM3NWZhMjBjLzEvZ2JDVnVDM1hvSnR4NXBOMzlCLW1TbVM2SXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zZjIwMDMtOTIxMC00NGJiLThhMjctZGIzZWM3NWZhMjBj
LzEvcWNyWnFYZV9pMnRBOExqcG1PVjRmR3JtUWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGT3+AAwQC
VYSMAwQFVYSgAwQG1EeAAwQE1aigMA0EAgACMAcDBQAgAQroMA0GCSqGSIb3DQEB
CwUAA4IBAQAgV933ep5VvXsncCFtwjblwZT2rqK5NvV3zTF4w/LQoWkIjrkvSGaJ
euappW3jPX3ZMOOLGgaLEVYgbUirUgJjOM3loyHvdMvLbghEx46vagYC6VAcQDS7
kcpVghLyQ3gNJDV5IDGXL30+S8tCH9FPhUJLRiQAk/fyivd76zvsc0R8xquDWVru
g7j5/DlzMQSPBM9YOrG+8udeGnJ5kFULdHrxw9zz4+nHANfBUeG2WCLy1ejVZiIF
smFUk06QK+mFy7UpBo97KhVi2utXI3dTsxzAQg/JarTL46N8dXv6Eukt7DinXtVC
WrZE2S20SQBNy17CUNICP+hQTbv2DA0S
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:38 2024 by rpki-client on console-ams.rpki-client.org