Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/P2pv9NNdBAkiRqdgAP4AaSbMlnA.roa
File: P2pv9NNdBAkiRqdgAP4AaSbMlnA.roa (raw, json)
Hash identifier: uCss8uYGt9XKW/PKxmQIE61h7aA0Oo1sPa1jLJYJyP8=
Subject key identifier: 3F:6A:6F:F4:D3:5D:04:09:22:46:A7:60:00:FE:00:69:26:CC:96:70
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 01857BB07BF7184A42CC8DCFE1869F1EDB3D
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/P2pv9NNdBAkiRqdgAP4AaSbMlnA.roa
Signing time: Wed 04 Jan 2023 07:30:41 +0000
ROA not before: Wed 04 Jan 2023 07:30:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 185.244.51.0/24 maxlen: 24
193.111.250.0/24 maxlen: 24
185.250.44.0/23 maxlen: 23
185.250.46.0/23 maxlen: 23
193.39.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7b:b0:7b:f7:18:4a:42:cc:8d:cf:e1:86:9f:1e:db:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Jan 4 07:30:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f6a6ff4d35d04092246a76000fe006926cc9670
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:53:84:70:0a:cf:21:9a:1c:f8:b8:76:f3:4b:
c0:56:39:a4:0c:5a:09:70:ed:35:ce:63:7d:82:89:
c0:82:8f:94:98:4b:ea:db:79:b8:28:c8:cc:7f:2a:
34:0a:96:d4:64:ee:c9:01:5a:22:e9:e6:e7:f4:7b:
9d:62:9f:af:3e:f9:5e:c5:37:50:4c:71:0b:a6:f3:
63:c5:93:89:a2:1c:a5:12:3f:99:da:25:51:79:77:
cf:bb:64:f1:74:d0:33:b2:3c:99:c0:64:d2:5c:41:
c9:ef:55:13:22:81:c9:a7:f4:d3:5c:15:1e:c8:db:
aa:6a:79:f9:36:42:b1:29:ae:e7:e6:76:c9:cd:d0:
56:45:ab:05:70:b6:53:94:cd:4c:92:96:95:b2:6e:
e8:00:87:ce:d4:2a:6f:40:2b:b3:23:27:e4:a0:9c:
c3:86:eb:6f:df:46:82:ae:88:5a:45:00:17:56:83:
a5:3c:8c:1e:5a:26:21:af:78:64:da:1b:50:35:6d:
b3:91:b2:29:a2:ee:ba:07:fc:d9:1a:f9:ad:e4:2a:
4f:58:28:07:ed:52:e5:d9:dd:a5:a5:21:1a:44:e2:
31:42:cd:c5:28:23:e8:d0:a3:58:fb:ac:a2:77:98:
b3:c8:f3:9e:bb:51:90:e0:99:c8:e9:33:8f:6c:d6:
06:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:6A:6F:F4:D3:5D:04:09:22:46:A7:60:00:FE:00:69:26:CC:96:70
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/P2pv9NNdBAkiRqdgAP4AaSbMlnA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.244.51.0/24
185.250.44.0/22
193.39.171.0/24
193.111.250.0/24
Signature Algorithm: sha256WithRSAEncryption
23:41:6b:89:27:f1:d8:e6:3e:a6:32:c8:d3:bd:14:e6:aa:3e:
88:89:ad:66:b5:d8:8a:b1:9b:7f:88:99:73:f3:e2:b0:fb:3a:
f4:81:60:a7:65:72:bf:35:81:e0:d5:dd:5f:63:e9:01:67:fb:
00:22:87:c6:63:54:e2:5e:6e:07:f0:f8:98:c3:3d:f6:7e:7b:
ce:17:2b:6c:80:c1:2f:ad:fc:c2:b7:7a:7b:18:45:52:e0:c2:
6a:1b:67:f6:a5:89:a4:e8:b8:9e:fd:14:d0:80:2d:9c:d0:e2:
97:72:d4:69:8a:8a:da:0c:42:73:ce:0c:b9:d2:c0:13:34:2d:
60:08:c3:0f:a9:af:1d:69:c3:08:a9:45:c5:cb:32:2b:c3:be:
41:ac:0d:8f:d8:e7:af:1d:9c:a0:d5:eb:b4:75:c4:c8:e9:e0:
20:63:66:46:5c:51:c6:3e:e3:18:b5:01:fd:67:aa:ce:ec:0c:
3b:ba:6a:9f:51:47:3f:37:72:36:1a:b1:65:d3:52:19:db:f8:
21:b5:e8:a5:fe:b9:6a:d8:5d:16:15:d1:a7:7a:7d:8c:a2:07:
39:41:45:3b:97:e6:1f:a4:aa:b3:2e:51:37:2f:b0:b5:1d:f3:
eb:68:c6:1f:34:0a:2c:3c:a1:55:be:73:8e:7f:8e:21:9e:3e:
0b:25:0c:28
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYV7sHv3GEpCzI3P4YafHts9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTA0MDczMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZhNmZmNGQzNWQwNDA5MjI0NmE3NjAwMGZlMDA2OTI2Y2M5NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVOEcArPIZoc+Lh280vAVjmkDFoJ
cO01zmN9gonAgo+UmEvq23m4KMjMfyo0CpbUZO7JAVoi6ebn9HudYp+vPvlexTdQ
THELpvNjxZOJohylEj+Z2iVReXfPu2TxdNAzsjyZwGTSXEHJ71UTIoHJp/TTXBUe
yNuqann5NkKxKa7n5nbJzdBWRasFcLZTlM1MkpaVsm7oAIfO1CpvQCuzIyfkoJzD
hutv30aCrohaRQAXVoOlPIweWiYhr3hk2htQNW2zkbIpou66B/zZGvmt5CpPWCgH
7VLl2d2lpSEaROIxQs3FKCPo0KNY+6yid5izyPOeu1GQ4JnI6TOPbNYGjwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD9qb/TTXQQJIkanYAD+AGkmzJZwMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvUDJwdjlOTmRCQWtpUnFkZ0FQNEFhU2JNbG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAufQzAwQC
ufosAwQAwSerAwQAwW/6MA0GCSqGSIb3DQEBCwUAA4IBAQAjQWuJJ/HY5j6mMsjT
vRTmqj6Iia1mtdiKsZt/iJlz8+Kw+zr0gWCnZXK/NYHg1d1fY+kBZ/sAIofGY1Ti
Xm4H8PiYwz32fnvOFytsgMEvrfzCt3p7GEVS4MJqG2f2pYmk6Lie/RTQgC2c0OKX
ctRpioraDEJzzgy50sATNC1gCMMPqa8dacMIqUXFyzIrw75BrA2P2OevHZyg1eu0
dcTI6eAgY2ZGXFHGPuMYtQH9Z6rO7Aw7umqfUUc/N3I2GrFl01IZ2/ghteil/rlq
2F0WFdGnen2Mogc5QUU7l+YfpKqzLlE3L7C1HfPraMYfNAosPKFVvnOOf44hnj4L
JQwo
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:33 2023 by rpki-client on console-fra.rpki-client.org