Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/0_0tQ6Ii6LUws__zI2ImbrygtS4.roa
File: 0_0tQ6Ii6LUws__zI2ImbrygtS4.roa (raw, json)
Hash identifier: PhzIUZzUPykCN3ZkZHlPw7xMVT/IX2Wt1nu7aEFAXTA=
Subject key identifier: D3:FD:2D:43:A2:22:E8:B5:30:B3:FF:F3:23:62:26:6E:BC:A0:B5:2E
Certificate issuer: /CN=ea1219292d86ca96397b8a8bd24e08b1a897c1a3
Certificate serial: 01841FD9B083FF32FA58E6E6B557E97CB034
Authority key identifier: EA:12:19:29:2D:86:CA:96:39:7B:8A:8B:D2:4E:08:B1:A8:97:C1:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6hIZKS2GypY5e4qL0k4IsaiXwaM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/0_0tQ6Ii6LUws__zI2ImbrygtS4.roa
Signing time: Fri 28 Oct 2022 18:27:50 +0000
ROA not before: Fri 28 Oct 2022 18:27:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15763
IP address blocks: 149.232.160.0/20 maxlen: 20
149.232.0.0/17 maxlen: 17
149.232.128.0/18 maxlen: 18
149.232.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:1f:d9:b0:83:ff:32:fa:58:e6:e6:b5:57:e9:7c:b0:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ea1219292d86ca96397b8a8bd24e08b1a897c1a3
Validity
Not Before: Oct 28 18:27:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d3fd2d43a222e8b530b3fff32362266ebca0b52e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:31:96:99:93:f6:2a:74:ad:94:72:8f:33:a0:
fa:a8:21:25:63:88:29:94:84:38:bf:95:9e:51:f0:
93:a8:20:14:cb:b2:67:fb:7a:68:36:d5:3a:d8:39:
67:67:e1:29:d3:1e:2a:a5:d6:5b:c5:d2:5e:60:f9:
88:a8:81:d1:6d:97:dc:3c:de:c5:d9:bf:b0:dd:05:
a4:09:b8:fe:ba:ed:07:d4:ee:63:5d:8b:10:db:c6:
76:89:84:6e:f3:ff:21:3f:20:5e:bb:f3:34:ec:86:
96:d3:83:5b:b9:ef:04:50:0b:8b:bd:02:01:16:03:
c0:9b:1b:e0:de:79:3d:44:50:63:65:92:96:4d:df:
14:54:b0:c6:69:28:2c:88:01:c6:1d:0a:b2:02:d9:
ed:2d:13:3e:63:f3:06:58:62:62:b8:7f:ba:56:3e:
e4:c7:40:5f:3c:f5:1b:a8:83:1f:07:bc:50:ab:d8:
55:62:1b:bb:5e:cc:54:e7:f2:5c:03:81:45:30:93:
dd:eb:6b:0b:11:99:19:f7:c0:6f:85:29:c6:b1:45:
83:4c:f2:c6:89:7e:4c:97:c1:82:ef:83:67:97:12:
7a:cc:16:25:b0:38:6f:60:39:5d:78:ca:2f:77:76:
bd:51:47:5e:c7:fb:23:76:c4:f6:e3:ea:15:ac:60:
02:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:FD:2D:43:A2:22:E8:B5:30:B3:FF:F3:23:62:26:6E:BC:A0:B5:2E
X509v3 Authority Key Identifier:
keyid:EA:12:19:29:2D:86:CA:96:39:7B:8A:8B:D2:4E:08:B1:A8:97:C1:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6hIZKS2GypY5e4qL0k4IsaiXwaM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/0_0tQ6Ii6LUws__zI2ImbrygtS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/6hIZKS2GypY5e4qL0k4IsaiXwaM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.232.0.0-149.232.191.255
Signature Algorithm: sha256WithRSAEncryption
71:98:f7:66:a0:20:c2:7c:8a:4d:a5:f4:3c:7b:83:a5:41:1a:
af:18:f7:07:ba:0a:62:86:ea:a8:22:61:00:10:7c:a5:c3:47:
18:0b:b6:bd:9a:f6:fe:97:29:a6:f0:fe:cf:97:bc:71:3a:a5:
80:8b:5a:75:3d:84:8d:23:69:ab:e4:c9:96:3c:7f:a4:ef:43:
47:20:da:1d:15:f2:2a:9b:fd:ee:a6:81:f6:d2:2b:f7:8b:9d:
9a:26:55:37:b9:b6:62:cf:9c:82:8a:e1:86:52:60:1f:44:ba:
6c:59:66:05:bc:00:f0:7a:96:ec:20:c7:ab:2e:52:d5:19:68:
09:34:b5:9b:51:93:a5:8c:8c:0f:86:88:b4:fb:4a:0a:40:c6:
98:14:2d:7f:b5:40:9d:f3:07:bb:5d:95:b5:55:42:7d:08:69:
40:57:aa:4f:d5:cf:e7:b1:15:aa:57:dd:07:c3:bc:93:8d:51:
cb:ad:29:98:5f:7c:a7:e9:89:93:9e:c8:74:90:75:90:f7:c7:
ce:0c:26:b4:4d:d0:54:85:ca:f2:d2:a8:bc:a9:e4:c8:df:64:
eb:0a:8b:e8:83:02:c4:42:f5:68:16:53:48:d9:2b:a4:e7:94:
28:8a:b2:72:bf:f0:ed:d8:e9:ca:3a:a5:e6:f7:73:a3:ca:9d:
4f:13:e8:3e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYQf2bCD/zL6WObmtVfpfLA0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMTIxOTI5MmQ4NmNhOTYzOTdiOGE4YmQyNGUwOGIxYTg5
N2MxYTMwHhcNMjIxMDI4MTgyNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZkMmQ0M2EyMjJlOGI1MzBiM2ZmZjMyMzYyMjY2ZWJjYTBiNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTGWmZP2KnStlHKPM6D6qCElY4gp
lIQ4v5WeUfCTqCAUy7Jn+3poNtU62DlnZ+Ep0x4qpdZbxdJeYPmIqIHRbZfcPN7F
2b+w3QWkCbj+uu0H1O5jXYsQ28Z2iYRu8/8hPyBeu/M07IaW04Nbue8EUAuLvQIB
FgPAmxvg3nk9RFBjZZKWTd8UVLDGaSgsiAHGHQqyAtntLRM+Y/MGWGJiuH+6Vj7k
x0BfPPUbqIMfB7xQq9hVYhu7XsxU5/JcA4FFMJPd62sLEZkZ98BvhSnGsUWDTPLG
iX5Ml8GC74NnlxJ6zBYlsDhvYDldeMovd3a9UUdex/sjdsT24+oVrGACaQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFNP9LUOiIui1MLP/8yNiJm68oLUuMB8GA1UdIwQY
MBaAFOoSGSkthsqWOXuKi9JOCLGol8GjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmhJWktTMkd5cFk1ZTRxTDBrNElzYWlYd2FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUt
Yzk4YTFiZGU2NDc2LzEvMF8wdFE2SWk2TFV3c19fekkySW1icnlndFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUtYzk4YTFiZGU2NDc2
LzEvNmhJWktTMkd5cFk1ZTRxTDBrNElzYWlYd2FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwOV6AME
BpXogDANBgkqhkiG9w0BAQsFAAOCAQEAcZj3ZqAgwnyKTaX0PHuDpUEarxj3B7oK
YobqqCJhABB8pcNHGAu2vZr2/pcppvD+z5e8cTqlgItadT2EjSNpq+TJljx/pO9D
RyDaHRXyKpv97qaB9tIr94udmiZVN7m2Ys+cgorhhlJgH0S6bFlmBbwA8HqW7CDH
qy5S1RloCTS1m1GTpYyMD4aItPtKCkDGmBQtf7VAnfMHu12VtVVCfQhpQFeqT9XP
57EVqlfdB8O8k41Ry60pmF98p+mJk57IdJB1kPfHzgwmtE3QVIXK8tKovKnkyN9k
6wqL6IMCxEL1aBZTSNkrpOeUKIqycr/w7djpyjql5vdzo8qdTxPoPg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:12 2024 by rpki-client on console-ams.rpki-client.org