Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BOhw6M71GRlP0z__47Rt5wzAUEc.roa
File: BOhw6M71GRlP0z__47Rt5wzAUEc.roa (raw, json)
Hash identifier: QfjK2uMRfSp1OS1UuJTfe2jT8G8MG/pe8Qfj8FUcc3k=
Subject key identifier: 04:E8:70:E8:CE:F5:19:19:4F:D3:3F:FF:E3:B4:6D:E7:0C:C0:50:47
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018A99901142BA1E34A4C206C9A038993322
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BOhw6M71GRlP0z__47Rt5wzAUEc.roa
Signing time: Fri 15 Sep 2023 15:57:50 +0000
ROA not before: Fri 15 Sep 2023 15:57:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 82.115.0.0/21 maxlen: 24
89.251.8.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:99:90:11:42:ba:1e:34:a4:c2:06:c9:a0:38:99:33:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 15 15:57:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=04e870e8cef519194fd33fffe3b46de70cc05047
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3e:89:24:70:e0:1b:4b:a7:7d:d6:95:9e:34:
2e:4b:54:8e:68:14:49:68:31:9f:03:14:7a:90:a9:
78:28:30:7f:d2:50:fd:2c:f2:0a:5e:ff:d7:90:0a:
bd:d6:a3:ce:1e:69:c5:eb:83:fd:6d:6b:92:fc:0d:
a1:9d:31:df:b8:d2:ea:bf:2d:55:d0:63:f4:d7:2f:
00:ef:0c:81:7c:96:81:9d:67:7e:3c:53:00:6b:1d:
8f:39:67:93:aa:fa:0c:21:f4:f4:2d:02:3c:4a:8f:
e2:9b:c4:e1:8d:86:2f:60:89:60:5d:4a:08:e8:a5:
d9:07:40:3f:18:e3:be:e6:02:a4:cd:63:1e:48:33:
d7:e3:45:72:e3:90:ac:1c:c8:c1:b6:83:e5:26:72:
44:f3:95:3d:59:8a:09:45:d0:14:74:40:0a:cc:2e:
6e:b2:a4:7e:46:de:51:b5:9a:ec:50:7a:eb:9d:97:
25:c5:43:eb:60:dc:82:93:ef:30:5b:97:9e:67:c4:
cc:49:65:47:01:71:99:6d:e2:f7:4f:2c:76:92:90:
bd:44:3a:5f:a6:a9:f1:26:87:9e:4b:b4:c5:25:fe:
9d:5c:f7:c0:6a:7c:2b:70:36:98:b8:78:ce:69:5f:
27:1b:eb:db:5d:b0:bb:09:1f:8f:f0:6f:e6:e8:f2:
ad:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:E8:70:E8:CE:F5:19:19:4F:D3:3F:FF:E3:B4:6D:E7:0C:C0:50:47
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BOhw6M71GRlP0z__47Rt5wzAUEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.0.0/21
89.251.8.0/22
185.129.108.0/23
Signature Algorithm: sha256WithRSAEncryption
c4:b8:2f:7a:a4:2e:6c:1a:7e:ca:76:b3:09:8f:60:03:f5:64:
bf:9e:08:28:33:87:9e:89:9b:4b:c1:d4:a9:c2:c8:59:8e:ed:
84:2a:e2:a8:1d:a7:ab:c5:d9:bd:75:c2:8d:67:56:05:77:6f:
68:fe:55:9d:db:d3:32:04:fe:48:fd:d4:cb:a2:7e:e4:6a:7d:
dd:41:0f:00:c7:d1:b1:d8:17:71:69:c8:08:25:aa:9c:dd:16:
f0:13:de:3b:8f:85:59:91:23:9f:9c:ef:61:83:13:63:f8:c5:
6b:24:6e:54:06:09:10:1f:be:f6:1a:68:66:29:f0:39:11:ac:
d6:b4:95:37:da:33:8b:9d:59:a6:88:aa:37:49:f8:55:3f:6d:
d0:30:7b:26:2b:38:ae:7a:26:bf:bb:aa:5c:f5:79:d6:ec:cb:
a1:e7:d4:e8:6e:43:ed:28:47:3f:93:28:83:cc:01:c3:c4:fe:
f5:dd:60:c9:8d:01:23:ed:ee:34:ea:bb:61:68:a4:4b:e0:b2:
be:0d:d6:d7:22:a0:cb:84:d2:60:a4:e7:2e:3a:67:bb:01:b6:
e7:93:7c:12:ac:c0:c9:62:e9:47:5d:29:07:eb:62:08:f6:c8:
0c:98:c2:3c:80:db:7c:7a:db:d5:a6:10:e8:43:7b:b3:aa:10:
ec:06:53:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYqZkBFCuh40pMIGyaA4mTMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwOTE1MTU1NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGU4NzBlOGNlZjUxOTE5NGZkMzNmZmZlM2I0NmRlNzBjYzA1MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkD6JJHDgG0unfdaVnjQuS1SOaBRJ
aDGfAxR6kKl4KDB/0lD9LPIKXv/XkAq91qPOHmnF64P9bWuS/A2hnTHfuNLqvy1V
0GP01y8A7wyBfJaBnWd+PFMAax2POWeTqvoMIfT0LQI8So/im8ThjYYvYIlgXUoI
6KXZB0A/GOO+5gKkzWMeSDPX40Vy45CsHMjBtoPlJnJE85U9WYoJRdAUdEAKzC5u
sqR+Rt5RtZrsUHrrnZclxUPrYNyCk+8wW5eeZ8TMSWVHAXGZbeL3Tyx2kpC9RDpf
pqnxJoeeS7TFJf6dXPfAanwrcDaYuHjOaV8nG+vbXbC7CR+P8G/m6PKtZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFATocOjO9RkZT9M//+O0becMwFBHMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQk9odzZNNzFHUmxQMHpfXzQ3UnQ1d3pBVUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDUnMAAwQC
WfsIAwQBuYFsMA0GCSqGSIb3DQEBCwUAA4IBAQDEuC96pC5sGn7KdrMJj2AD9WS/
nggoM4eeiZtLwdSpwshZju2EKuKoHaerxdm9dcKNZ1YFd29o/lWd29MyBP5I/dTL
on7kan3dQQ8Ax9Gx2BdxacgIJaqc3RbwE947j4VZkSOfnO9hgxNj+MVrJG5UBgkQ
H772GmhmKfA5EazWtJU32jOLnVmmiKo3SfhVP23QMHsmKziueia/u6pc9XnW7Muh
59TobkPtKEc/kyiDzAHDxP713WDJjQEj7e406rthaKRL4LK+DdbXIqDLhNJgpOcu
Ome7Abbnk3wSrMDJYulHXSkH62II9sgMmMI8gNt8etvVphDoQ3uzqhDsBlPn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org