Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/oGCA0uWVjdRuMNxz7YJjksooogA.roa
File: oGCA0uWVjdRuMNxz7YJjksooogA.roa (raw, json)
Hash identifier: aaF81ZKyuKHBTh69+++JklyxvwJ49+qe8tyqC5fG5YI=
Subject key identifier: A0:60:80:D2:E5:95:8D:D4:6E:30:DC:73:ED:82:63:92:CA:28:A2:00
Certificate issuer: /CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Certificate serial: 0184ECFF3DDE479D9F593F02C14B8EC06FA9
Authority key identifier: 84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/oGCA0uWVjdRuMNxz7YJjksooogA.roa
Signing time: Wed 07 Dec 2022 14:31:01 +0000
ROA not before: Wed 07 Dec 2022 14:31:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50627
IP address blocks: 46.227.152.0/21 maxlen: 22
178.20.32.0/21 maxlen: 22
5.42.144.0/21 maxlen: 24
178.132.104.0/21 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ec:ff:3d:de:47:9d:9f:59:3f:02:c1:4b:8e:c0:6f:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Validity
Not Before: Dec 7 14:31:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a06080d2e5958dd46e30dc73ed826392ca28a200
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:b3:6e:58:0b:d7:74:1c:d0:a3:6e:f2:d6:94:
f4:52:2f:67:6c:db:69:f1:79:4d:b6:e1:be:7a:86:
bc:a5:b6:b1:62:66:96:72:24:06:be:76:f4:4a:4d:
f4:ea:f4:ac:3b:4b:0b:67:5a:9a:87:4f:f0:c8:28:
d1:c5:d2:a3:7b:27:85:0e:9d:ad:93:07:f4:0b:eb:
bb:bf:68:93:36:c2:f2:da:18:a1:b9:44:2f:c1:3d:
d0:cb:3f:2d:ef:6b:9f:a4:72:ac:25:ca:cf:2f:a6:
45:3a:62:fd:44:70:67:f6:7e:37:d5:c8:e2:69:7e:
0a:79:85:14:47:03:8d:c6:66:f5:41:0c:17:f5:d8:
3d:65:38:f7:f8:53:0c:e2:38:7e:cb:6b:42:ac:07:
9d:27:2a:41:36:a1:5d:a2:fb:15:35:e1:07:fc:7e:
a1:c0:4b:51:fa:14:4d:e5:2c:d7:3b:a1:b5:ea:82:
ba:a3:9b:df:79:1f:3e:7b:a6:31:a7:0d:db:82:24:
5c:d2:d4:79:4b:8c:3a:07:0c:82:26:1b:c8:ca:7a:
e7:6d:fb:d0:8d:8b:eb:7f:00:95:22:7f:f3:3c:3f:
13:10:c0:d3:73:18:be:d5:70:5d:1b:b1:2d:4d:6a:
9a:db:60:8b:37:de:1b:4e:49:6e:69:07:e9:f8:44:
74:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:60:80:D2:E5:95:8D:D4:6E:30:DC:73:ED:82:63:92:CA:28:A2:00
X509v3 Authority Key Identifier:
keyid:84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/oGCA0uWVjdRuMNxz7YJjksooogA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.144.0/21
46.227.152.0/21
178.20.32.0/21
178.132.104.0/21
Signature Algorithm: sha256WithRSAEncryption
0c:a6:5a:7c:79:8e:e5:76:a3:b6:b8:21:f0:fe:d0:fd:85:ec:
6a:12:b0:80:6b:ef:92:fa:6f:94:ad:76:d0:03:90:59:36:ce:
d9:b3:9c:46:16:84:f5:58:66:34:8b:ce:b0:f4:af:51:5f:39:
9d:79:72:65:95:6c:cb:78:38:8e:de:7c:42:56:63:84:e7:7b:
49:d9:4c:25:90:03:b2:4e:40:d2:bf:d7:e1:16:65:bc:0a:ea:
3c:77:b4:4f:ab:e0:ea:9d:18:01:fc:fb:e9:46:33:1d:83:a4:
ce:fb:0a:3a:fd:5a:c6:9b:8c:26:e5:47:84:ea:6c:4e:41:03:
42:9b:7f:47:a6:6c:9a:5c:47:2b:78:53:8d:76:af:65:28:05:
40:a9:1b:8d:4d:46:e1:45:ce:b7:80:9a:71:f0:b2:a6:6a:57:
37:83:6b:94:56:31:3d:b8:35:b7:a6:a3:69:c8:4e:ba:a2:00:
cd:2f:ea:12:12:7f:2d:e4:dd:08:b4:b2:be:08:e9:e6:63:57:
95:7a:cf:82:67:6e:c2:ac:d7:6c:54:f4:62:15:91:af:56:ff:
50:d9:3d:d6:8e:8d:7e:c8:1a:63:7b:f7:9c:90:36:ae:40:8b:
c9:d3:c2:3a:b8:0b:c4:9f:ac:61:a5:7c:98:ac:7b:eb:76:35:
30:c3:75:62
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYTs/z3eR52fWT8CwUuOwG+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTRhY2EwMjBmYjJiZGM5M2E0NzI2NmU4N2VjNjdjZGM4
ODU3YzUwHhcNMjIxMjA3MTQzMTAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDYwODBkMmU1OTU4ZGQ0NmUzMGRjNzNlZDgyNjM5MmNhMjhhMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrNuWAvXdBzQo27y1pT0Ui9nbNtp
8XlNtuG+eoa8pbaxYmaWciQGvnb0Sk306vSsO0sLZ1qah0/wyCjRxdKjeyeFDp2t
kwf0C+u7v2iTNsLy2hihuUQvwT3Qyz8t72ufpHKsJcrPL6ZFOmL9RHBn9n431cji
aX4KeYUURwONxmb1QQwX9dg9ZTj3+FMM4jh+y2tCrAedJypBNqFdovsVNeEH/H6h
wEtR+hRN5SzXO6G16oK6o5vfeR8+e6Yxpw3bgiRc0tR5S4w6BwyCJhvIynrnbfvQ
jYvrfwCVIn/zPD8TEMDTcxi+1XBdG7EtTWqa22CLN94bTkluaQfp+ER0IQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKBggNLllY3UbjDcc+2CY5LKKKIAMB8GA1UdIwQY
MBaAFISkrKAg+yvck6RyZuh+xnzciFfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUt
OWVmMzZkMjUxNTE3LzEvb0dDQTB1V1ZqZFJ1TU54ejdZSmprc29vb2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUtOWVmMzZkMjUxNTE3
LzEvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSqQAwQD
LuOYAwQDshQgAwQDsoRoMA0GCSqGSIb3DQEBCwUAA4IBAQAMplp8eY7ldqO2uCHw
/tD9hexqErCAa++S+m+UrXbQA5BZNs7Zs5xGFoT1WGY0i86w9K9RXzmdeXJllWzL
eDiO3nxCVmOE53tJ2UwlkAOyTkDSv9fhFmW8Cuo8d7RPq+DqnRgB/PvpRjMdg6TO
+wo6/VrGm4wm5UeE6mxOQQNCm39HpmyaXEcreFONdq9lKAVAqRuNTUbhRc63gJpx
8LKmalc3g2uUVjE9uDW3pqNpyE66ogDNL+oSEn8t5N0ItLK+COnmY1eVes+CZ27C
rNdsVPRiFZGvVv9Q2T3Wjo1+yBpje/eckDauQIvJ08I6uAvEn6xhpXyYrHvrdjUw
w3Vi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:03 2024 by rpki-client on console-fra.rpki-client.org