Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/hK4p73VCaFvIYsOH5sNSzIgNCGM.roa
File: hK4p73VCaFvIYsOH5sNSzIgNCGM.roa (raw, json)
Hash identifier: pl7Ld+5x2cifGjZ4SaRh6xoAo/uX9DT+C/4MtqPe9Zg=
Subject key identifier: 84:AE:29:EF:75:42:68:5B:C8:62:C3:87:E6:C3:52:CC:88:0D:08:63
Certificate issuer: /CN=a29d9751f3675f51332734da68ea960260045b12
Certificate serial: 01856E78CA9B2DA7C2ADD9A78AABF606B84A
Authority key identifier: A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/hK4p73VCaFvIYsOH5sNSzIgNCGM.roa
Signing time: Sun 01 Jan 2023 17:54:48 +0000
ROA not before: Sun 01 Jan 2023 17:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49037
IP address blocks: 185.9.184.0/22 maxlen: 24
80.72.16.0/21 maxlen: 32
95.174.96.0/19 maxlen: 24
80.72.24.0/22 maxlen: 32
185.230.240.0/22 maxlen: 24
2a00:8740::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:78:ca:9b:2d:a7:c2:ad:d9:a7:8a:ab:f6:06:b8:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a29d9751f3675f51332734da68ea960260045b12
Validity
Not Before: Jan 1 17:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84ae29ef7542685bc862c387e6c352cc880d0863
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:26:cb:6e:08:01:0d:e0:9a:65:68:dd:6d:0b:
27:ab:42:a2:de:39:87:5d:53:f5:3c:e0:06:4a:fb:
f7:0e:eb:d0:96:a0:3d:80:3b:d7:73:38:03:8a:5a:
4f:9d:e8:af:f8:a6:c6:81:42:64:f8:d4:68:d8:f1:
e1:c3:86:32:49:c3:40:7e:1f:15:a7:e0:50:5c:57:
d4:a6:38:81:37:89:0e:f5:8a:91:86:92:32:7e:cb:
9c:09:e7:53:6e:cc:5c:bd:e7:d4:b4:5a:cd:98:a8:
5d:6e:45:2b:2b:54:c2:1f:9b:14:ee:eb:76:4d:0e:
c3:b5:50:c5:39:4e:d4:93:b7:7c:05:02:8b:5b:c6:
81:42:53:cf:a7:70:93:86:8b:d2:d2:e2:f5:59:48:
87:44:f4:a3:be:af:f5:a6:8d:05:62:e3:61:24:b0:
74:4e:37:46:a3:c5:62:e2:0d:f0:ce:76:8c:b8:0f:
4b:0c:9c:bf:41:b8:19:4e:13:38:ad:97:3b:99:4a:
5c:c6:49:b9:4e:40:30:9c:c4:c6:2f:83:b3:3a:69:
06:ac:20:9f:7d:80:34:a6:88:cb:28:a5:e9:b0:a5:
6c:db:c6:62:bd:02:5d:7e:f1:27:04:96:3e:5e:1e:
de:e1:1b:e9:bf:62:1c:82:a3:f7:f4:82:de:d4:4f:
f3:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:AE:29:EF:75:42:68:5B:C8:62:C3:87:E6:C3:52:CC:88:0D:08:63
X509v3 Authority Key Identifier:
keyid:A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/hK4p73VCaFvIYsOH5sNSzIgNCGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.72.16.0-80.72.27.255
95.174.96.0/19
185.9.184.0/22
185.230.240.0/22
IPv6:
2a00:8740::/32
Signature Algorithm: sha256WithRSAEncryption
97:54:da:16:9c:d5:de:ee:2b:d6:62:58:35:05:18:9a:d3:fb:
e5:cb:a7:62:78:9d:8a:fc:bf:0a:05:97:73:4e:6a:27:5b:60:
a7:27:fd:18:cc:f1:27:e8:7a:29:e1:49:1d:2b:07:24:98:58:
24:b7:7e:e1:86:87:aa:40:5f:f2:56:61:e1:56:55:62:1a:a9:
16:c4:3e:40:1b:b1:f5:60:3d:7f:7b:fe:03:a9:b1:c3:e4:cd:
c5:b6:79:23:72:ca:68:9b:0b:6e:4b:1e:ac:75:b1:8d:91:8f:
70:5c:75:09:49:2a:ca:33:ec:a0:d3:ea:1e:99:a0:e7:76:3b:
9c:c4:e7:2b:f2:2e:b6:42:61:64:90:c6:35:85:32:50:f0:da:
55:c1:39:f5:a8:b2:b9:d3:db:37:5e:0e:4e:cf:96:71:92:fc:
b2:fe:69:37:da:f7:bd:d8:f1:7d:52:ad:c1:f2:95:04:24:41:
a7:f9:e5:5c:fe:30:ce:48:22:42:71:69:d8:f6:f9:b1:52:c3:
2d:67:43:bd:7d:4a:e2:69:11:15:f8:33:ea:f3:1e:1e:15:e8:
59:ea:cd:97:f1:78:41:c1:98:e7:40:bf:6d:52:3a:65:85:92:
a3:95:b0:99:42:34:cf:9a:d8:f3:c3:8a:40:d9:9c:77:6c:4d:
3f:f2:d1:20
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVueMqbLafCrdmniqv2BrhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOWQ5NzUxZjM2NzVmNTEzMzI3MzRkYTY4ZWE5NjAyNjAw
NDViMTIwHhcNMjMwMTAxMTc1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFlMjllZjc1NDI2ODViYzg2MmMzODdlNmMzNTJjYzg4MGQwODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSbLbggBDeCaZWjdbQsnq0Ki3jmH
XVP1POAGSvv3DuvQlqA9gDvXczgDilpPneiv+KbGgUJk+NRo2PHhw4YyScNAfh8V
p+BQXFfUpjiBN4kO9YqRhpIyfsucCedTbsxcvefUtFrNmKhdbkUrK1TCH5sU7ut2
TQ7DtVDFOU7Uk7d8BQKLW8aBQlPPp3CThovS0uL1WUiHRPSjvq/1po0FYuNhJLB0
TjdGo8Vi4g3wznaMuA9LDJy/QbgZThM4rZc7mUpcxkm5TkAwnMTGL4OzOmkGrCCf
fYA0pojLKKXpsKVs28ZivQJdfvEnBJY+Xh7e4Rvpv2IcgqP39ILe1E/zEwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFISuKe91QmhbyGLDh+bDUsyIDQhjMB8GA1UdIwQY
MBaAFKKdl1HzZ19RMyc02mjqlgJgBFsSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMt
MDc5YmEwNTcwZjc1LzEvaEs0cDczVkNhRnZJWXNPSDVzTlN6SWdOQ0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMtMDc5YmEwNTcwZjc1
LzEvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBARQSBAD
BAJQSBgDBAVfrmADBAK5CbgDBAK55vAwDQQCAAIwBwMFACoAh0AwDQYJKoZIhvcN
AQELBQADggEBAJdU2hac1d7uK9ZiWDUFGJrT++XLp2J4nYr8vwoFl3NOaidbYKcn
/RjM8SfoeinhSR0rBySYWCS3fuGGh6pAX/JWYeFWVWIaqRbEPkAbsfVgPX97/gOp
scPkzcW2eSNyymibC25LHqx1sY2Rj3BcdQlJKsoz7KDT6h6ZoOd2O5zE5yvyLrZC
YWSQxjWFMlDw2lXBOfWosrnT2zdeDk7PlnGS/LL+aTfa973Y8X1SrcHylQQkQaf5
5Vz+MM5IIkJxadj2+bFSwy1nQ719SuJpERX4M+rzHh4V6FnqzZfxeEHBmOdAv21S
OmWFkqOVsJlCNM+a2PPDikDZnHdsTT/y0SA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:34 2024 by rpki-client on console-ams.rpki-client.org