Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa
File: 7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa (raw, json)
Hash identifier: dC1EcqZPm6lU/HSGBz5dHsDt3YO/aKpNcjbDglDchkw=
Subject key identifier: EF:3D:A7:27:C9:B3:44:C2:C4:7F:98:84:48:5D:2C:FF:D0:9F:0B:FD
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0185969D726AE31DAC1517B410BA1F15A694
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa
Signing time: Mon 09 Jan 2023 12:59:38 +0000
ROA not before: Mon 09 Jan 2023 12:59:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 395800
IP address blocks: 85.92.109.0/24 maxlen: 24
194.5.92.0/24 maxlen: 24
109.236.58.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:9d:72:6a:e3:1d:ac:15:17:b4:10:ba:1f:15:a6:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 9 12:59:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ef3da727c9b344c2c47f9884485d2cffd09f0bfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:32:01:fb:28:e9:d0:81:68:57:b7:49:45:c6:
09:cf:81:60:ac:da:ce:e4:7c:af:f9:f8:2e:ca:ce:
8e:cc:8d:37:a1:12:0a:4c:1e:4f:ff:81:d3:b4:7a:
ce:cd:9d:2c:1f:66:51:a3:59:53:d4:7f:ab:ad:ec:
d4:63:57:02:3a:21:ee:e4:c4:25:a7:65:16:43:b6:
94:2e:8b:51:93:9b:27:3a:87:4f:d5:22:11:44:83:
24:30:57:f9:47:6a:95:72:dd:66:63:09:90:46:62:
c8:88:df:f0:87:a3:3d:98:4d:07:82:37:81:59:fc:
a7:a8:2a:8a:26:7f:98:e5:c9:b9:47:34:49:1d:c6:
6f:6b:54:0a:07:7a:a2:a9:82:89:ac:65:83:5b:45:
f8:ce:16:8d:c6:f8:3b:91:a4:9a:10:fb:ef:28:16:
65:28:fa:b5:70:47:57:ad:32:dc:1a:fa:c7:4b:c6:
62:48:f3:1a:bf:d2:96:a6:58:10:f9:d3:40:b0:c0:
65:b7:50:c0:eb:58:0f:69:bf:a0:c3:6a:8d:eb:6e:
59:66:8e:31:48:c3:58:d2:4d:66:ff:08:f2:9d:a0:
7b:c0:85:f1:f1:35:39:84:30:70:b0:d0:72:6a:19:
b8:da:27:90:1e:43:9e:05:05:63:cb:78:16:26:2f:
18:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:3D:A7:27:C9:B3:44:C2:C4:7F:98:84:48:5D:2C:FF:D0:9F:0B:FD
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.92.109.0/24
109.236.58.0/24
194.5.92.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:39:a7:6b:1d:0a:bc:fb:4e:ea:cb:ca:ba:89:bc:23:dc:90:
32:24:b8:6e:5c:f6:96:83:39:42:f4:23:4c:c7:ac:42:3c:75:
1e:72:44:f1:23:93:9e:10:77:34:c5:53:91:d7:a6:26:ff:88:
7c:6e:d5:32:47:c2:ef:28:2a:b8:fc:53:50:9d:24:f8:94:31:
1c:c3:51:a4:22:14:f2:46:03:55:a3:17:de:dd:ef:60:55:bf:
57:58:b3:f5:91:97:2f:57:0b:61:4f:b0:ce:33:8d:f7:7f:6b:
99:f0:91:f3:2d:ec:39:ac:0a:f9:c6:5a:f0:9c:95:75:17:5a:
ba:f7:74:36:cf:f3:3c:72:2b:49:17:f6:74:fc:ee:5d:75:f0:
7a:d5:d5:a9:c3:f9:eb:a2:c1:8d:3f:0a:54:83:10:33:cc:fe:
a4:4b:5b:a0:2a:87:2c:10:10:7c:38:f6:a7:e8:f8:fe:55:56:
f2:54:ba:40:d2:79:ad:7c:cb:3f:42:07:98:31:5f:13:80:a1:
39:8e:67:c3:81:d8:95:9e:af:36:ba:85:80:bb:71:5e:80:0b:
1a:ff:e5:0d:c7:49:b5:fe:17:0b:b6:ff:cc:fd:46:c0:3f:a6:
8c:25:5e:6d:5b:db:b0:eb:82:c6:08:91:a2:d7:ee:35:1c:52:
41:9f:73:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYWWnXJq4x2sFRe0ELofFaaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTA5MTI1OTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjNkYTcyN2M5YjM0NGMyYzQ3Zjk4ODQ0ODVkMmNmZmQwOWYwYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTIB+yjp0IFoV7dJRcYJz4FgrNrO
5Hyv+fguys6OzI03oRIKTB5P/4HTtHrOzZ0sH2ZRo1lT1H+rrezUY1cCOiHu5MQl
p2UWQ7aULotRk5snOodP1SIRRIMkMFf5R2qVct1mYwmQRmLIiN/wh6M9mE0HgjeB
WfynqCqKJn+Y5cm5RzRJHcZva1QKB3qiqYKJrGWDW0X4zhaNxvg7kaSaEPvvKBZl
KPq1cEdXrTLcGvrHS8ZiSPMav9KWplgQ+dNAsMBlt1DA61gPab+gw2qN625ZZo4x
SMNY0k1m/wjynaB7wIXx8TU5hDBwsNByahm42ieQHkOeBQVjy3gWJi8YcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO89pyfJs0TCxH+YhEhdLP/Qnwv9MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvN3oybko4bXpSTUxFZjVpRVNGMHNfOUNmQ18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVVxtAwQA
bew6AwQAwgVcMA0GCSqGSIb3DQEBCwUAA4IBAQA6OadrHQq8+07qy8q6ibwj3JAy
JLhuXPaWgzlC9CNMx6xCPHUeckTxI5OeEHc0xVOR16Ym/4h8btUyR8LvKCq4/FNQ
nST4lDEcw1GkIhTyRgNVoxfe3e9gVb9XWLP1kZcvVwthT7DOM433f2uZ8JHzLew5
rAr5xlrwnJV1F1q693Q2z/M8citJF/Z0/O5ddfB61dWpw/nrosGNPwpUgxAzzP6k
S1ugKocsEBB8OPan6Pj+VVbyVLpA0nmtfMs/QgeYMV8TgKE5jmfDgdiVnq82uoWA
u3FegAsa/+UNx0m1/hcLtv/M/UbAP6aMJV5tW9uw64LGCJGi1+41HFJBn3Pc
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org