Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/tIqgxy3Km4cpnK8Jhj6NvJSTp1Q.roa
File: tIqgxy3Km4cpnK8Jhj6NvJSTp1Q.roa (raw, json)
Hash identifier: ZrD/C9WzN2EQu1q5oCkCdO20HVdOy3qUWL4EX+JEcP0=
Subject key identifier: B4:8A:A0:C7:2D:CA:9B:87:29:9C:AF:09:86:3E:8D:BC:94:93:A7:54
Certificate issuer: /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial: 37EEFDE2
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/tIqgxy3Km4cpnK8Jhj6NvJSTp1Q.roa
Signing time: Sat 01 Jan 2022 06:01:02 +0000
ROA not before: Sat 01 Jan 2022 06:01:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200678
IP address blocks: 185.99.176.0/22 maxlen: 32
2a00:8e80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 938409442 (0x37eefde2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Validity
Not Before: Jan 1 06:01:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b48aa0c72dca9b87299caf09863e8dbc9493a754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:c6:a3:4a:8e:77:36:9b:98:fa:16:25:a4:4d:
87:81:1a:7d:1f:2f:c3:79:22:e6:8d:69:0c:d4:a6:
f4:c5:83:36:3b:5b:c7:cf:e1:5f:01:a7:ee:3b:57:
0a:7c:96:58:82:a7:4c:78:9a:61:11:92:e0:fb:0b:
b2:3f:12:63:04:69:56:06:b3:f1:2c:dc:b0:3b:05:
57:0a:41:89:d0:18:08:f0:3b:31:83:0d:cf:97:2b:
82:a3:56:03:18:a2:fe:76:03:88:26:07:0b:24:f7:
01:db:ea:a2:f0:19:f9:20:2a:15:35:f5:a8:b2:09:
10:87:fc:d2:11:94:87:d2:04:57:53:b9:14:d3:c8:
21:9c:88:94:82:22:21:27:66:ab:f9:3b:38:6e:74:
e0:2b:c4:c8:37:17:36:12:ef:a3:a2:e5:53:3f:38:
44:ab:9a:de:4d:0e:01:37:31:14:e1:ea:07:14:f5:
ea:6f:4d:32:e3:58:68:9d:de:24:85:be:dc:52:d9:
80:b7:ad:d2:4a:c8:bc:89:ba:37:9f:9b:02:09:6e:
2c:6b:d0:0c:54:bd:c0:ac:de:c6:74:28:a5:9d:19:
c5:fa:3b:1c:f7:8b:aa:64:f6:88:e9:bb:5b:38:f4:
33:62:63:48:40:48:fd:cd:51:a2:6e:d3:0a:62:33:
6a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:8A:A0:C7:2D:CA:9B:87:29:9C:AF:09:86:3E:8D:BC:94:93:A7:54
X509v3 Authority Key Identifier:
keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/tIqgxy3Km4cpnK8Jhj6NvJSTp1Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.99.176.0/22
IPv6:
2a00:8e80::/32
Signature Algorithm: sha256WithRSAEncryption
88:3c:29:66:14:db:d5:92:40:3c:0d:d2:f7:3e:09:ae:fa:fa:
f9:ec:03:2d:6a:93:28:d8:36:7b:ef:64:22:1e:84:f8:e0:ae:
41:ce:27:d2:04:20:78:46:05:5e:8d:28:60:4b:5a:5c:e0:49:
da:00:6e:4b:7e:7b:c3:6b:97:6e:c5:6f:e1:41:f6:bd:88:56:
ed:31:4c:3e:93:b0:28:27:d2:fb:0a:61:c9:30:1d:14:18:10:
db:da:40:0c:fe:b0:05:94:68:62:6c:9d:74:b4:57:d8:32:a2:
42:1a:aa:be:a9:97:a0:85:cf:58:8a:d4:1c:85:8c:8a:05:f0:
7d:d7:f7:b5:1f:64:84:a8:b2:a3:04:ea:27:09:4b:28:bc:5f:
d0:f5:4e:fd:df:be:a2:b2:cd:13:f1:a8:aa:75:4e:ab:5e:dc:
65:a6:b8:b5:0f:d9:0e:15:2f:b2:34:48:ba:57:d9:e2:d6:d6:
0c:05:7a:32:0e:8b:78:26:8c:fb:1e:ec:77:bb:60:9f:22:49:
9d:17:2d:19:45:19:92:ea:2e:d5:e0:d4:0e:90:10:5d:88:fe:
7e:7d:5a:16:bb:48:69:b3:59:3c:09:57:c8:28:4b:8e:d8:4a:
1b:35:17:8c:7e:fd:89:e9:b6:bb:2b:ac:5a:be:44:7f:02:1c:
f0:2f:18:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEN+794jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTlmMGY1ZmY2MjBlMGRiNTMxMWY2NDczNjkwOTk3M2FjNjBmNmYzMB4XDTIyMDEw
MTA2MDEwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjQ4YWEwYzcyZGNh
OWI4NzI5OWNhZjA5ODYzZThkYmM5NDkzYTc1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALfGo0qOdzabmPoWJaRNh4EafR8vw3ki5o1pDNSm9MWDNjtb
x8/hXwGn7jtXCnyWWIKnTHiaYRGS4PsLsj8SYwRpVgaz8SzcsDsFVwpBidAYCPA7
MYMNz5crgqNWAxii/nYDiCYHCyT3AdvqovAZ+SAqFTX1qLIJEIf80hGUh9IEV1O5
FNPIIZyIlIIiISdmq/k7OG504CvEyDcXNhLvo6LlUz84RKua3k0OATcxFOHqBxT1
6m9NMuNYaJ3eJIW+3FLZgLet0krIvIm6N5+bAgluLGvQDFS9wKzexnQopZ0Zxfo7
HPeLqmT2iOm7Wzj0M2JjSEBI/c1Rom7TCmIzaoUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBS0iqDHLcqbhymcrwmGPo28lJOnVDAfBgNVHSMEGDAWgBQ1nw9f9iDg21MR
9kc2kJlzrGD28zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05aOFBYX1lnNE50VEVmWkhOcENaYzZ4Zzl2TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWEvNDBkOWE1LTI1NjYtNDllMS1hNTdiLWQxYWJmNGVlMzJjYi8x
L3RJcWd4eTNLbTRjcG5LOEpoajZOdkpTVHAxUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEv
NDBkOWE1LTI1NjYtNDllMS1hNTdiLWQxYWJmNGVlMzJjYi8xL05aOFBYX1lnNE50
VEVmWkhOcENaYzZ4Zzl2TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArljsDANBAIAAjAHAwUAKgCOgDAN
BgkqhkiG9w0BAQsFAAOCAQEAiDwpZhTb1ZJAPA3S9z4Jrvr6+ewDLWqTKNg2e+9k
Ih6E+OCuQc4n0gQgeEYFXo0oYEtaXOBJ2gBuS357w2uXbsVv4UH2vYhW7TFMPpOw
KCfS+wphyTAdFBgQ29pADP6wBZRoYmyddLRX2DKiQhqqvqmXoIXPWIrUHIWMigXw
fdf3tR9khKiyowTqJwlLKLxf0PVO/d++orLNE/GoqnVOq17cZaa4tQ/ZDhUvsjRI
ulfZ4tbWDAV6Mg6LeCaM+x7sd7tgnyJJnRctGUUZkuou1eDUDpAQXYj+fn1aFrtI
abNZPAlXyChLjthKGzUXjH79iem2uyusWr5EfwIc8C8Y3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:32 2024 by rpki-client on console-fra.rpki-client.org