Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/A9ccJN98I9CIgWQkeQCJU3MpcQE.roa
File: A9ccJN98I9CIgWQkeQCJU3MpcQE.roa (raw, json)
Hash identifier: GR4BK9Bptd7g428FQq/Ce84lXExbBwqyc+doRfr1guY=
Subject key identifier: 03:D7:1C:24:DF:7C:23:D0:88:81:64:24:79:00:89:53:73:29:71:01
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018572E831FDD92998E03A4274B5FA1BFCAE
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/A9ccJN98I9CIgWQkeQCJU3MpcQE.roa
Signing time: Mon 02 Jan 2023 14:34:57 +0000
ROA not before: Mon 02 Jan 2023 14:34:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 185.244.51.0/24 maxlen: 24
185.250.44.0/23 maxlen: 23
185.250.46.0/23 maxlen: 23
193.39.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:e8:31:fd:d9:29:98:e0:3a:42:74:b5:fa:1b:fc:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Jan 2 14:34:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=03d71c24df7c23d0888164247900895373297101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:1c:fd:9e:f9:e8:d9:aa:86:d7:44:45:ce:ea:
a3:bf:c9:3f:15:a6:e2:fa:73:a8:ca:2f:7c:c7:fa:
d1:7f:d1:30:a6:61:2f:e9:2a:7a:06:35:c8:31:ed:
d9:9a:5a:46:bf:07:34:57:a2:18:aa:09:d9:bd:15:
16:17:90:de:b7:f3:df:8a:8b:05:d8:75:34:77:6d:
80:44:90:56:3a:32:e4:a0:1e:ba:4c:93:96:47:5c:
10:d1:59:12:9a:82:b8:b3:5d:8d:49:b3:a4:7d:c5:
48:34:21:c1:b8:2f:74:50:62:b9:b1:c0:dc:2c:8f:
73:e5:20:c4:0b:36:d1:7a:0c:6c:a3:22:49:d3:5f:
9b:66:0b:64:e8:51:da:48:bc:0c:ea:7d:79:f4:2d:
dd:10:64:0c:b2:c4:6f:6f:28:36:70:05:4a:08:35:
89:00:ef:a2:85:3d:a0:3b:06:3d:4a:de:af:cb:2f:
37:e4:15:5c:28:5a:6c:41:ad:03:49:20:22:30:63:
93:ab:03:d9:4c:9a:23:2a:ec:f6:d1:29:ca:e2:2a:
4a:a7:a3:6a:a1:1c:69:24:a9:f5:bb:26:f0:00:7a:
99:bb:0d:43:8e:a6:2d:d8:ab:4b:9f:56:6c:7f:2f:
99:7e:00:cd:fc:54:89:82:91:fe:94:39:d7:78:95:
d3:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:D7:1C:24:DF:7C:23:D0:88:81:64:24:79:00:89:53:73:29:71:01
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/A9ccJN98I9CIgWQkeQCJU3MpcQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.244.51.0/24
185.250.44.0/22
193.39.171.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:44:7d:b4:99:66:fb:f9:62:d6:d4:b0:28:bc:c8:1f:ae:10:
4d:18:ec:e5:d7:7d:64:01:39:eb:ff:5d:b9:83:9a:be:17:09:
91:ed:97:3d:e3:7f:d7:3e:2f:27:4a:93:40:e3:71:a7:6a:bc:
46:44:79:64:bd:e7:b2:d6:7a:a0:3a:f4:40:80:fa:27:1e:31:
ff:d5:c3:c8:2c:f3:c1:82:c8:5f:46:83:0a:6d:c2:eb:07:3b:
77:53:0a:bc:51:73:ed:c3:3b:b0:22:de:cd:98:1f:54:09:c5:
05:bd:a1:8e:71:de:0c:a0:8a:dd:e8:7f:73:2c:b9:8d:d6:b3:
ca:cd:62:ef:cf:f0:a2:f8:09:ad:cb:48:57:a1:9c:12:f6:fa:
12:37:15:17:07:19:1c:43:3a:d9:26:7a:1d:ee:2e:fb:e2:fc:
dd:4e:34:ef:94:6e:cd:88:be:df:c6:9a:62:90:88:34:1d:16:
51:c9:d0:ee:93:11:0f:ea:7b:76:09:dd:e8:d5:56:c6:2f:e9:
7d:52:fb:1b:95:ab:0c:ca:7e:96:28:1b:ec:44:c5:48:fe:8f:
bd:30:83:99:22:3f:15:41:ce:10:a0:e8:a3:0e:04:0d:0e:27:
47:50:63:c6:99:5c:e6:82:cb:ed:e2:c1:c7:81:ba:20:bc:96:
53:66:88:e0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVy6DH92SmY4DpCdLX6G/yuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTAyMTQzNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q3MWMyNGRmN2MyM2QwODg4MTY0MjQ3OTAwODk1MzczMjk3MTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xz9nvno2aqG10RFzuqjv8k/Fabi
+nOoyi98x/rRf9EwpmEv6Sp6BjXIMe3ZmlpGvwc0V6IYqgnZvRUWF5Det/PfiosF
2HU0d22ARJBWOjLkoB66TJOWR1wQ0VkSmoK4s12NSbOkfcVINCHBuC90UGK5scDc
LI9z5SDECzbRegxsoyJJ01+bZgtk6FHaSLwM6n159C3dEGQMssRvbyg2cAVKCDWJ
AO+ihT2gOwY9St6vyy835BVcKFpsQa0DSSAiMGOTqwPZTJojKuz20SnK4ipKp6Nq
oRxpJKn1uybwAHqZuw1DjqYt2KtLn1Zsfy+ZfgDN/FSJgpH+lDnXeJXTzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAPXHCTffCPQiIFkJHkAiVNzKXEBMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvQTljY0pOOThJOUNJZ1dRa2VRQ0pVM01wY1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAufQzAwQC
ufosAwQAwSerMA0GCSqGSIb3DQEBCwUAA4IBAQArRH20mWb7+WLW1LAovMgfrhBN
GOzl131kATnr/125g5q+FwmR7Zc943/XPi8nSpNA43GnarxGRHlkveey1nqgOvRA
gPonHjH/1cPILPPBgshfRoMKbcLrBzt3Uwq8UXPtwzuwIt7NmB9UCcUFvaGOcd4M
oIrd6H9zLLmN1rPKzWLvz/Ci+Amty0hXoZwS9voSNxUXBxkcQzrZJnod7i774vzd
TjTvlG7NiL7fxppikIg0HRZRydDukxEP6nt2Cd3o1VbGL+l9UvsblasMyn6WKBvs
RMVI/o+9MIOZIj8VQc4QoOijDgQNDidHUGPGmVzmgsvt4sHHgbogvJZTZojg
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:19 2023 by rpki-client on console-ams.rpki-client.org