Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/873--wuknZKqGzekAF7UHl7rI58.roa
File: 873--wuknZKqGzekAF7UHl7rI58.roa (raw, json)
Hash identifier: eKid+kT62jnR+J5sH2JukWjaJFfTOPt+KEyyONPBkoA=
Subject key identifier: F3:BD:FE:FB:0B:A4:9D:92:AA:1B:37:A4:00:5E:D4:1E:5E:EB:23:9F
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 0189B3272EFAB436382C5CD31D0C4D12D104
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/873--wuknZKqGzekAF7UHl7rI58.roa
Signing time: Tue 01 Aug 2023 22:10:36 +0000
ROA not before: Tue 01 Aug 2023 22:10:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 194.46.32.0/19 maxlen: 19
91.84.0.0/16 maxlen: 16
91.84.0.0/15 maxlen: 15
194.46.64.0/19 maxlen: 19
91.85.0.0/16 maxlen: 16
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b3:27:2e:fa:b4:36:38:2c:5c:d3:1d:0c:4d:12:d1:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Aug 1 22:10:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f3bdfefb0ba49d92aa1b37a4005ed41e5eeb239f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4b:57:bf:3c:1f:ed:87:11:09:d3:b9:31:05:
1a:a2:fa:af:ba:f2:3c:d1:85:a7:16:b1:32:72:e7:
30:c8:2a:8d:bd:92:80:86:4e:53:64:24:34:00:a8:
c1:ac:f9:4a:9c:28:76:e9:a2:a9:9f:99:69:3e:53:
ba:46:0d:2d:02:56:21:5f:8f:93:81:44:f0:a7:62:
b2:38:94:33:f4:8b:57:28:6b:01:56:e7:74:e6:5d:
d8:41:49:75:8a:4b:cd:7b:2f:4c:1d:f5:32:9b:87:
af:dd:e6:79:9b:bf:bd:ce:8f:3e:09:5b:3a:62:e9:
8b:ce:57:08:9b:68:62:3b:51:30:6a:f6:85:4f:8f:
de:fa:0a:44:69:ec:4c:96:36:5f:52:a1:13:dd:2d:
5e:b7:c4:b1:a9:75:5f:e1:39:61:34:db:4e:00:5e:
a7:82:f5:99:9f:72:c4:e4:cf:90:4a:2c:1d:67:f3:
ac:65:9e:81:7a:cc:ba:7b:a9:a9:ab:e4:3a:0b:3c:
3d:99:58:7a:07:85:47:20:fa:ed:cd:10:ce:6d:da:
34:2a:36:98:74:87:5a:c1:58:bb:d7:ba:a1:44:0b:
5e:f1:51:8c:9c:08:d0:09:cc:c9:9c:f5:50:9b:27:
b7:74:a6:17:23:9c:27:38:97:45:d1:60:ca:89:e6:
dc:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:BD:FE:FB:0B:A4:9D:92:AA:1B:37:A4:00:5E:D4:1E:5E:EB:23:9F
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/873--wuknZKqGzekAF7UHl7rI58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/15
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
Signature Algorithm: sha256WithRSAEncryption
37:09:80:72:2c:06:22:19:74:ef:72:2e:6d:d3:4b:79:c5:b6:
01:8d:f9:38:98:33:01:21:d2:e6:d4:9a:5c:87:43:cc:8b:c0:
a3:5e:10:24:9e:18:05:88:81:af:dd:67:16:96:6c:f2:c4:48:
a5:a5:aa:10:9e:f0:e4:58:4f:e2:65:79:7b:4b:06:84:ea:99:
e4:0e:d2:3f:ee:9c:5b:3e:fd:83:7a:ed:e1:88:c8:2b:8e:30:
c8:af:6b:ea:e4:89:d9:80:18:7d:6d:3d:a9:36:c5:5c:35:d8:
93:ef:7a:8b:c6:2c:17:00:04:e5:50:49:24:7b:d9:8b:06:d8:
4e:13:3e:e4:bf:23:0d:0b:ed:54:5d:58:26:bf:57:af:9a:79:
49:58:71:b6:e8:73:f0:49:68:5d:39:a9:84:28:c9:1e:1d:39:
14:e8:98:55:3d:46:9a:e1:09:a9:38:22:11:0d:d7:6a:b6:ed:
df:2c:d3:b5:8f:ce:02:1a:d2:16:8b:bb:b3:dc:f2:99:51:c5:
e3:9b:8b:a8:16:96:fa:fa:64:94:48:25:b2:8f:df:ea:6c:97:
bc:7b:6b:f7:09:5f:84:de:6d:f0:0b:e9:ef:7a:bb:85:3c:11:
89:75:c7:01:f5:8d:00:4a:70:98:ee:4a:02:b1:f5:ef:77:35:
d3:4a:0b:be
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYmzJy76tDY4LFzTHQxNEtEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMwODAxMjIxMDM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2JkZmVmYjBiYTQ5ZDkyYWExYjM3YTQwMDVlZDQxZTVlZWIyMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkktXvzwf7YcRCdO5MQUaovqvuvI8
0YWnFrEycucwyCqNvZKAhk5TZCQ0AKjBrPlKnCh26aKpn5lpPlO6Rg0tAlYhX4+T
gUTwp2KyOJQz9ItXKGsBVud05l3YQUl1ikvNey9MHfUym4ev3eZ5m7+9zo8+CVs6
YumLzlcIm2hiO1EwavaFT4/e+gpEaexMljZfUqET3S1et8SxqXVf4TlhNNtOAF6n
gvWZn3LE5M+QSiwdZ/OsZZ6Besy6e6mpq+Q6Czw9mVh6B4VHIPrtzRDObdo0KjaY
dIdawVi717qhRAte8VGMnAjQCczJnPVQmye3dKYXI5wnOJdF0WDKiebcxwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFPO9/vsLpJ2Sqhs3pABe1B5e6yOfMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvODczLS13dWtuWktxR3pla0FGN1VIbDdySTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwMBW1QwDAME
BcIuIAMEBcIuQAMEBdRogDAMAwQE1GxQAwQC1GxYMA0GCSqGSIb3DQEBCwUAA4IB
AQA3CYByLAYiGXTvci5t00t5xbYBjfk4mDMBIdLm1Jpch0PMi8CjXhAknhgFiIGv
3WcWlmzyxEilpaoQnvDkWE/iZXl7SwaE6pnkDtI/7pxbPv2Deu3hiMgrjjDIr2vq
5InZgBh9bT2pNsVcNdiT73qLxiwXAATlUEkke9mLBthOEz7kvyMNC+1UXVgmv1ev
mnlJWHG26HPwSWhdOamEKMkeHTkU6JhVPUaa4QmpOCIRDddqtu3fLNO1j84CGtIW
i7uz3PKZUcXjm4uoFpb6+mSUSCWyj9/qbJe8e2v3CV+E3m3wC+nveruFPBGJdccB
9Y0ASnCY7koCsfXvdzXTSgu+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:37 2024 by rpki-client on console-ams.rpki-client.org