Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/sEmHXgS_a5-qgF8MRimdYZVPUkk.roa
File: sEmHXgS_a5-qgF8MRimdYZVPUkk.roa (raw, json)
Hash identifier: VBxtpD5claGzwGigsKKMnV/3zSYavRdppxpnselrN1Q=
Subject key identifier: B0:49:87:5E:04:BF:6B:9F:AA:80:5F:0C:46:29:9D:61:95:4F:52:49
Certificate issuer: /CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
Certificate serial: 01856F66DE0391215E2E850E2D688BB7017B
Authority key identifier: 35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/sEmHXgS_a5-qgF8MRimdYZVPUkk.roa
Signing time: Sun 01 Jan 2023 22:14:50 +0000
ROA not before: Sun 01 Jan 2023 22:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47298
IP address blocks: 185.1.202.0/24 maxlen: 24
2001:7f8:10e::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:66:de:03:91:21:5e:2e:85:0e:2d:68:8b:b7:01:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
Validity
Not Before: Jan 1 22:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b049875e04bf6b9faa805f0c46299d61954f5249
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:ba:0c:4e:fd:bd:3e:ac:a1:93:a7:d9:50:8c:
fd:75:7f:31:fc:2c:76:0c:c7:c0:b5:4b:24:1f:17:
65:28:db:f8:d2:01:df:00:37:90:bc:48:f5:81:fd:
4e:f0:27:5a:1d:75:80:70:bd:a2:b5:1e:51:1c:d0:
e2:57:6e:8d:d2:7e:a9:83:b4:cb:b5:0b:ea:5a:38:
26:f2:7f:e8:68:25:2a:bc:14:36:b0:c8:f9:15:0d:
4d:7d:97:dd:38:c5:44:69:a0:b0:9c:cc:52:94:96:
27:e9:55:25:d2:e3:28:46:f1:91:e0:c1:ae:95:00:
6d:83:fa:15:ba:98:04:1b:0b:35:36:ed:33:b3:4c:
4d:23:91:9a:ac:ae:21:fb:fd:4d:dc:47:45:f4:6f:
50:5a:47:5c:73:a7:c5:d9:45:5e:cc:a2:bf:8e:30:
40:57:fa:79:86:18:d6:5a:52:13:c2:77:9b:90:61:
ab:48:19:96:a7:71:27:3d:c3:f5:99:ea:87:a8:15:
4e:be:50:31:ef:fc:7a:18:7b:2c:71:9d:f2:e4:2a:
1f:68:59:39:94:52:33:f1:68:9a:b7:fb:e5:c9:63:
06:4c:86:a2:51:69:c6:d8:25:73:86:31:3e:9d:5c:
7c:1d:37:67:52:75:1e:c2:15:40:31:aa:b5:e8:a2:
c0:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:49:87:5E:04:BF:6B:9F:AA:80:5F:0C:46:29:9D:61:95:4F:52:49
X509v3 Authority Key Identifier:
keyid:35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/sEmHXgS_a5-qgF8MRimdYZVPUkk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.1.202.0/24
IPv6:
2001:7f8:10e::/48
Signature Algorithm: sha256WithRSAEncryption
4e:3e:5d:97:f4:ff:8a:0d:37:de:5e:90:09:6d:5d:c2:ae:3f:
6a:f8:4d:c3:64:60:db:bf:42:ed:98:9e:bf:04:33:f3:e1:31:
d8:07:5e:2c:5d:ef:92:01:c4:75:56:77:67:2e:dc:ea:a8:dc:
01:fd:50:93:b0:04:24:e3:82:2a:8e:e0:d1:33:23:83:b2:07:
42:51:d2:c6:2e:9a:f8:49:ab:31:78:a2:4c:e2:97:a3:af:c5:
4c:87:ca:50:b6:51:37:5d:f4:34:e8:3c:b6:73:1b:21:85:15:
c0:2c:50:47:ae:ad:bb:14:74:4b:20:fe:3c:e7:00:cb:fe:cc:
09:f6:e0:23:29:38:78:a0:60:13:f5:5c:c1:6e:f1:64:4f:59:
af:cf:c4:94:57:f1:7a:5d:6c:84:a6:15:04:64:3f:40:cc:de:
bc:63:b4:8d:97:e2:ec:74:c3:eb:18:47:e6:88:e9:40:2b:53:
d5:80:e2:fa:2e:83:3f:7f:d2:e4:82:87:81:10:90:c8:93:1f:
9d:f8:a9:df:56:5e:42:92:98:42:46:53:86:56:ca:6a:2c:47:
8a:f5:37:48:bc:e5:81:3d:6b:70:df:a1:7c:2d:a9:e6:29:79:
9b:21:e5:a1:a0:b3:0d:52:a1:bc:12:f4:6d:7b:44:26:17:03:
77:39:c0:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVvZt4DkSFeLoUOLWiLtwF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NTZlN2ZiNTc3MmY5NzllZGQ1ZTVjNWFhNjNlYjJiOWMw
ZGRjOGUwHhcNMjMwMTAxMjIxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ5ODc1ZTA0YmY2YjlmYWE4MDVmMGM0NjI5OWQ2MTk1NGY1MjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLoMTv29Pqyhk6fZUIz9dX8x/Cx2
DMfAtUskHxdlKNv40gHfADeQvEj1gf1O8CdaHXWAcL2itR5RHNDiV26N0n6pg7TL
tQvqWjgm8n/oaCUqvBQ2sMj5FQ1NfZfdOMVEaaCwnMxSlJYn6VUl0uMoRvGR4MGu
lQBtg/oVupgEGws1Nu0zs0xNI5GarK4h+/1N3EdF9G9QWkdcc6fF2UVezKK/jjBA
V/p5hhjWWlITwnebkGGrSBmWp3EnPcP1meqHqBVOvlAx7/x6GHsscZ3y5CofaFk5
lFIz8Wiat/vlyWMGTIaiUWnG2CVzhjE+nVx8HTdnUnUewhVAMaq16KLAUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLBJh14Ev2ufqoBfDEYpnWGVT1JJMB8GA1UdIwQY
MBaAFDVW5/tXcvl57dXlxapj6yucDdyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUt
NmJiMzBhODczMGVkLzEvc0VtSFhnU19hNS1xZ0Y4TVJpbWRZWlZQVWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kY2ZhMmEtNzZmNy00NDQzLWE0OTUtNmJiMzBhODczMGVk
LzEvTlZibi0xZHktWG50MWVYRnFtUHJLNXdOM0k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHKMA8E
AgACMAkDBwAgAQf4AQ4wDQYJKoZIhvcNAQELBQADggEBAE4+XZf0/4oNN95ekAlt
XcKuP2r4TcNkYNu/Qu2Ynr8EM/PhMdgHXixd75IBxHVWd2cu3Oqo3AH9UJOwBCTj
giqO4NEzI4OyB0JR0sYumvhJqzF4okzil6OvxUyHylC2UTdd9DToPLZzGyGFFcAs
UEeurbsUdEsg/jznAMv+zAn24CMpOHigYBP1XMFu8WRPWa/PxJRX8XpdbISmFQRk
P0DM3rxjtI2X4ux0w+sYR+aI6UArU9WA4vougz9/0uSCh4EQkMiTH534qd9WXkKS
mEJGU4ZWymosR4r1N0i85YE9a3DfoXwtqeYpeZsh5aGgsw1SobwS9G17RCYXA3c5
wNM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:46 2024 by rpki-client on console-ams.rpki-client.org