Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DOJofi7zL_ngfO4onG2740vBRmU.roa
File: DOJofi7zL_ngfO4onG2740vBRmU.roa (raw, json)
Hash identifier: 8bure5z/kbKsLeTak1xxhe6+vP8rbyPsRv5krcOR8mw=
Subject key identifier: 0C:E2:68:7E:2E:F3:2F:F9:E0:7C:EE:28:9C:6D:BB:E3:4B:C1:46:65
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0189836C680FF2B697C9EF55F225C25736E4
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DOJofi7zL_ngfO4onG2740vBRmU.roa
Signing time: Sun 23 Jul 2023 15:44:27 +0000
ROA not before: Sun 23 Jul 2023 15:44:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 188.209.155.0/24 maxlen: 24
185.151.236.0/22 maxlen: 24
188.253.8.0/21 maxlen: 24
103.25.84.0/22 maxlen: 24
82.115.8.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:83:6c:68:0f:f2:b6:97:c9:ef:55:f2:25:c2:57:36:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 23 15:44:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ce2687e2ef32ff9e07cee289c6dbbe34bc14665
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:77:1a:20:56:c7:11:59:78:71:91:56:55:f1:
13:c5:ff:42:08:4d:b7:51:ab:03:3c:d6:76:18:83:
e9:a1:2f:1c:0a:ed:f7:69:69:40:36:a3:0d:00:e4:
c3:25:06:d0:87:7b:d6:b8:3d:e4:4f:84:cd:57:4c:
f5:8a:03:23:e9:29:29:1e:ed:23:51:2d:4e:9d:98:
0f:14:2a:49:d8:f8:ef:e3:57:6b:42:ab:be:9c:b8:
cc:0b:ee:ed:df:8d:3a:fa:be:e0:60:86:39:37:ed:
44:47:c0:b0:3d:67:c0:73:ef:74:1f:2f:66:ea:8b:
14:7d:9d:5e:ed:d4:bd:67:b1:78:20:b2:d1:c7:64:
05:4c:36:24:23:96:ef:db:30:9e:2d:ff:b4:0e:d8:
0a:e1:82:08:30:f3:d9:b9:ad:11:9b:25:d9:df:42:
98:80:93:bf:a6:07:50:cb:9b:53:e6:2d:11:9f:d4:
2f:74:ad:26:31:20:bf:37:bd:d8:62:ea:6e:55:99:
d3:e4:de:58:b8:05:06:af:fa:d9:8f:00:e0:af:1c:
a9:05:eb:c1:d2:1f:14:89:0b:15:b9:02:ae:f4:6b:
b3:54:ae:19:f9:cb:e8:b3:83:e3:c4:7d:fb:3e:6c:
fe:1e:35:62:12:c6:8c:82:7e:7c:e8:a8:7b:5c:df:
33:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:E2:68:7E:2E:F3:2F:F9:E0:7C:EE:28:9C:6D:BB:E3:4B:C1:46:65
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DOJofi7zL_ngfO4onG2740vBRmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.8.0/22
103.25.84.0/22
185.151.236.0/22
188.209.155.0/24
188.253.8.0/21
Signature Algorithm: sha256WithRSAEncryption
c0:25:4a:c4:db:87:1f:e6:65:59:c3:87:86:65:51:ea:27:68:
b3:9a:27:13:9a:62:57:13:6a:a4:59:54:5d:3c:c8:ab:82:64:
5c:11:37:21:cc:bc:41:0d:9b:3f:bf:26:54:27:13:51:73:d3:
2c:d2:e3:a6:30:3c:bc:4e:ef:01:d8:52:a6:ec:00:b1:38:e8:
ac:ff:c6:7d:39:77:f1:26:72:6b:ec:8e:a7:41:c4:d3:7a:a7:
03:1d:d1:00:6f:b7:2b:e2:15:ca:66:8c:2d:1d:1e:48:e5:12:
75:3d:da:3c:1f:66:52:b2:34:db:7d:7c:17:e4:e7:e9:a0:26:
41:06:da:da:89:a0:a3:59:65:7e:c6:6e:89:29:91:93:f7:6e:
24:a3:46:e7:6e:b8:0a:aa:01:28:f6:32:ab:df:23:5d:86:54:
bb:b0:0d:1f:d4:46:57:24:1a:c3:c0:1a:32:17:cc:04:85:19:
0f:f0:95:ac:ec:93:57:42:4b:92:1c:15:77:8c:3e:7e:f2:dc:
18:76:5c:d9:be:c1:60:27:8e:0e:f7:b5:01:04:d4:da:26:a3:
48:75:cb:d9:1a:ad:23:8f:9b:e9:28:8e:4f:31:03:c5:d7:f4:
e7:db:77:dd:2a:44:a8:be:2c:41:b5:87:e1:5b:d1:0c:6f:da:
d2:0b:0c:ef
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYmDbGgP8raXye9V8iXCVzbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNzIzMTU0NDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2UyNjg3ZTJlZjMyZmY5ZTA3Y2VlMjg5YzZkYmJlMzRiYzE0NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXcaIFbHEVl4cZFWVfETxf9CCE23
UasDPNZ2GIPpoS8cCu33aWlANqMNAOTDJQbQh3vWuD3kT4TNV0z1igMj6SkpHu0j
US1OnZgPFCpJ2Pjv41drQqu+nLjMC+7t3406+r7gYIY5N+1ER8CwPWfAc+90Hy9m
6osUfZ1e7dS9Z7F4ILLRx2QFTDYkI5bv2zCeLf+0DtgK4YIIMPPZua0RmyXZ30KY
gJO/pgdQy5tT5i0Rn9QvdK0mMSC/N73YYupuVZnT5N5YuAUGr/rZjwDgrxypBevB
0h8UiQsVuQKu9GuzVK4Z+cvos4PjxH37Pmz+HjViEsaMgn586Kh7XN8zrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAziaH4u8y/54HzuKJxtu+NLwUZlMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRE9Kb2ZpN3pMX25nZk80b25HMjc0MHZCUm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCUnMIAwQC
ZxlUAwQCuZfsAwQAvNGbAwQDvP0IMA0GCSqGSIb3DQEBCwUAA4IBAQDAJUrE24cf
5mVZw4eGZVHqJ2izmicTmmJXE2qkWVRdPMirgmRcETchzLxBDZs/vyZUJxNRc9Ms
0uOmMDy8Tu8B2FKm7ACxOOis/8Z9OXfxJnJr7I6nQcTTeqcDHdEAb7cr4hXKZowt
HR5I5RJ1Pdo8H2ZSsjTbfXwX5OfpoCZBBtraiaCjWWV+xm6JKZGT924ko0bnbrgK
qgEo9jKr3yNdhlS7sA0f1EZXJBrDwBoyF8wEhRkP8JWs7JNXQkuSHBV3jD5+8twY
dlzZvsFgJ44O97UBBNTaJqNIdcvZGq0jj5vpKI5PMQPF1/Tn23fdKkSovixBtYfh
W9EMb9rSCwzv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org