Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/uU7X_6RbWsXcoupBWuF6fMy9J98.roa
File: uU7X_6RbWsXcoupBWuF6fMy9J98.roa (raw, json)
Hash identifier: Rj4gIZeLHgRCBjXjWk1eXCMNKMFXsy8WnhxHDVIn5wA=
Subject key identifier: B9:4E:D7:FF:A4:5B:5A:C5:DC:A2:EA:41:5A:E1:7A:7C:CC:BD:27:DF
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018AB2267A1B58699E671888BA7D3E89E742
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/uU7X_6RbWsXcoupBWuF6fMy9J98.roa
Signing time: Wed 20 Sep 2023 10:33:00 +0000
ROA not before: Wed 20 Sep 2023 10:33:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 82.115.0.0/21 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b2:26:7a:1b:58:69:9e:67:18:88:ba:7d:3e:89:e7:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 20 10:33:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b94ed7ffa45b5ac5dca2ea415ae17a7cccbd27df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b5:e6:07:77:88:01:5a:77:58:c9:c3:b4:bc:
1f:05:03:be:f4:da:9c:0d:f3:c2:15:e5:25:48:74:
c4:f7:3c:ea:b2:70:97:7a:0b:f0:71:c8:b9:e5:7c:
6b:f4:a4:c5:83:b7:7f:6b:6f:e8:20:9e:cb:70:52:
fc:e3:b7:d3:11:5c:21:29:40:ac:7c:1b:86:8c:56:
c9:3e:b0:9f:94:dc:35:16:4d:68:97:02:b5:3d:7f:
b9:8c:3d:ca:96:cd:f9:cf:7a:d7:cc:5c:da:ed:db:
ea:9c:b0:58:a6:17:aa:5d:00:86:38:80:38:90:78:
e8:d7:09:b8:7c:bb:65:c8:5c:d0:ff:31:36:45:90:
bb:bb:37:bb:a4:76:61:6c:60:85:34:84:14:70:60:
d0:d1:77:54:cd:db:a2:46:a8:68:39:28:3b:2a:01:
31:6d:ab:59:59:09:b3:37:91:cb:40:41:3e:17:32:
0a:8f:d7:07:d5:e2:00:df:be:1f:3b:8f:ce:49:6b:
e4:fc:11:d4:99:59:75:39:44:52:c7:ab:b2:4b:ae:
50:9c:60:af:a3:93:20:79:23:06:8f:9a:d3:f7:a8:
64:4e:3e:da:1c:97:e2:93:9d:d4:bd:07:3d:3c:4d:
c0:c9:9c:95:65:90:71:0c:05:f1:13:a9:88:8a:f8:
03:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:4E:D7:FF:A4:5B:5A:C5:DC:A2:EA:41:5A:E1:7A:7C:CC:BD:27:DF
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/uU7X_6RbWsXcoupBWuF6fMy9J98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.0.0/21
185.129.108.0/23
Signature Algorithm: sha256WithRSAEncryption
a2:d9:04:b4:cc:3d:7b:ff:c4:47:5d:60:b5:05:bb:3e:b6:cd:
74:a4:6a:f3:0e:aa:1c:e6:2c:4c:47:d9:11:1c:02:cb:7d:7e:
5f:f8:12:bd:7b:e5:09:c0:9b:3a:9b:97:3f:f1:e6:d6:75:82:
69:fa:dc:07:a9:26:c3:d0:03:ce:b2:4a:d4:88:38:59:4b:31:
ad:0f:a4:eb:9c:65:76:5b:8a:1e:8c:24:6e:6a:6c:50:be:45:
47:e5:f2:3d:9c:a0:78:7d:7a:76:9e:c3:bd:f5:65:cb:5f:36:
c7:87:a2:32:ae:2b:3d:95:bb:2f:69:f3:5e:81:c1:de:89:74:
27:26:8a:bd:53:a8:16:77:a2:44:97:eb:f4:6d:d0:38:cc:e2:
dc:1d:50:37:2c:28:77:3a:0e:4f:2c:31:d9:9a:68:5b:9a:52:
4e:e1:6b:a8:16:d1:e8:16:d3:38:ae:95:ff:0d:89:d3:3f:b7:
7f:22:b3:f5:1a:1c:11:02:56:13:03:30:99:6e:30:0d:0e:da:
d4:95:7e:3f:27:35:a3:19:45:cf:d2:ba:28:a9:37:cf:4e:74:
6a:9a:6c:8d:ab:07:eb:0b:db:76:dc:90:26:2c:b5:fe:c5:84:
89:23:57:68:64:52:85:1e:92:11:8e:81:70:9b:09:9f:0b:19:
30:9b:3b:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYqyJnobWGmeZxiIun0+iedCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwOTIwMTAzMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRlZDdmZmE0NWI1YWM1ZGNhMmVhNDE1YWUxN2E3Y2NjYmQyN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7XmB3eIAVp3WMnDtLwfBQO+9Nqc
DfPCFeUlSHTE9zzqsnCXegvwcci55Xxr9KTFg7d/a2/oIJ7LcFL847fTEVwhKUCs
fBuGjFbJPrCflNw1Fk1olwK1PX+5jD3Kls35z3rXzFza7dvqnLBYpheqXQCGOIA4
kHjo1wm4fLtlyFzQ/zE2RZC7uze7pHZhbGCFNIQUcGDQ0XdUzduiRqhoOSg7KgEx
batZWQmzN5HLQEE+FzIKj9cH1eIA374fO4/OSWvk/BHUmVl1OURSx6uyS65QnGCv
o5MgeSMGj5rT96hkTj7aHJfik53UvQc9PE3AyZyVZZBxDAXxE6mIivgDmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLlO1/+kW1rF3KLqQVrhenzMvSffMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvdVU3WF82UmJXc1hjb3VwQld1RjZmTXk5Sjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUnMAAwQB
uYFsMA0GCSqGSIb3DQEBCwUAA4IBAQCi2QS0zD17/8RHXWC1Bbs+ts10pGrzDqoc
5ixMR9kRHALLfX5f+BK9e+UJwJs6m5c/8ebWdYJp+twHqSbD0APOskrUiDhZSzGt
D6TrnGV2W4oejCRuamxQvkVH5fI9nKB4fXp2nsO99WXLXzbHh6Iyris9lbsvafNe
gcHeiXQnJoq9U6gWd6JEl+v0bdA4zOLcHVA3LCh3Og5PLDHZmmhbmlJO4WuoFtHo
FtM4rpX/DYnTP7d/IrP1GhwRAlYTAzCZbjANDtrUlX4/JzWjGUXP0rooqTfPTnRq
mmyNqwfrC9t23JAmLLX+xYSJI1doZFKFHpIRjoFwmwmfCxkwmzvw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org