Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/DBCDbHcNW4GTIN9dnv2o8fQbgyU.roa
File: DBCDbHcNW4GTIN9dnv2o8fQbgyU.roa (raw, json)
Hash identifier: xPe2zTfG1O941JNwan3TZVyQ9gX3GLUZQGT3iAh0NJc=
Subject key identifier: 0C:10:83:6C:77:0D:5B:81:93:20:DF:5D:9E:FD:A8:F1:F4:1B:83:25
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018678E0B376C3303C61EEFF296E0697538A
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/DBCDbHcNW4GTIN9dnv2o8fQbgyU.roa
Signing time: Wed 22 Feb 2023 11:27:17 +0000
ROA not before: Wed 22 Feb 2023 11:27:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 26636
IP address blocks: 194.5.92.0/24 maxlen: 24
45.66.116.0/24 maxlen: 24
92.118.114.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:78:e0:b3:76:c3:30:3c:61:ee:ff:29:6e:06:97:53:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Feb 22 11:27:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c10836c770d5b819320df5d9efda8f1f41b8325
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:dd:c3:dd:68:71:1d:41:9d:40:9f:7c:8d:cd:
39:00:02:fd:cd:ed:93:61:51:ad:3e:ca:67:db:f1:
34:21:0e:57:61:42:df:53:bd:be:83:e3:af:ca:43:
9d:e3:25:9e:07:d6:ff:35:84:a9:ee:7b:a5:d9:16:
20:7d:9f:67:4a:e9:f0:46:55:f1:db:18:91:82:e0:
e5:1a:60:31:63:12:8f:a4:a5:fe:a8:16:2e:97:0d:
09:26:db:41:29:6e:de:f3:6e:75:b2:c8:76:2c:c5:
8b:88:4f:be:93:71:d6:3b:9a:ae:d3:14:e0:b1:3f:
41:82:f9:3e:58:d6:bf:94:ae:b8:63:cf:20:bf:9e:
fb:ee:f0:7b:01:c6:37:6b:31:89:fb:6c:24:7f:09:
5c:21:34:c4:c0:92:a1:4a:68:0e:c9:61:3d:51:a8:
a4:6f:f2:c1:06:6f:f0:ac:24:00:c8:93:04:6a:d9:
ec:bc:e2:3f:d8:1a:28:5f:83:2d:d0:68:04:e8:82:
a5:27:5b:9c:9c:54:89:77:9f:cf:42:c4:7b:41:c9:
39:15:ca:64:fb:0b:85:e1:c1:4c:23:f2:39:44:c7:
94:a4:55:75:9b:5d:2c:96:d3:d1:81:ff:58:d6:b6:
0b:a4:da:2a:98:2d:7e:fc:db:c7:0a:4c:80:7c:01:
cc:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:10:83:6C:77:0D:5B:81:93:20:DF:5D:9E:FD:A8:F1:F4:1B:83:25
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/DBCDbHcNW4GTIN9dnv2o8fQbgyU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.116.0/24
92.118.114.0/23
194.5.92.0/24
Signature Algorithm: sha256WithRSAEncryption
01:fa:33:e9:9f:1b:f7:30:76:ac:fa:d3:72:c5:21:2e:d6:a3:
2d:c4:c1:98:12:3b:aa:87:bc:ce:44:cd:c3:ef:61:b0:56:d0:
36:3c:c5:b7:95:f3:f4:ac:01:86:55:cd:9f:ce:08:f6:3f:bd:
98:82:3f:80:b1:e5:e0:f6:ca:2e:3d:5c:a5:ae:2a:3f:f4:c0:
df:fe:30:f3:71:8c:19:a0:70:c0:dc:4e:3f:92:2e:6f:1b:9a:
1f:99:e6:83:e4:e7:65:f7:f4:59:f0:b8:9a:9c:7d:aa:3d:50:
f9:25:bd:3f:91:91:d1:3a:b9:04:4f:76:2b:de:ee:8f:d3:0b:
57:e3:ed:50:52:33:f3:67:02:f5:ad:31:24:06:2f:c5:09:f8:
93:58:e5:b4:88:a5:d3:9b:f8:88:b8:2c:bf:76:65:73:32:6d:
40:a3:9f:b3:f1:10:5b:a5:91:f8:99:ab:ae:7f:9d:a8:1c:b5:
e1:cd:1c:d2:f2:91:b3:12:1e:5b:56:3f:5d:5f:39:56:4e:42:
41:dc:c8:a9:3e:5d:fd:d0:42:5d:fd:06:0f:e2:1d:df:95:96:
11:5d:9f:c9:43:52:71:b1:f3:69:ce:be:e2:55:10:9a:fc:7d:
75:6a:8d:6a:37:4a:3d:f1:b6:c8:84:93:c7:2f:b0:cb:b0:c6:
56:8f:08:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYZ44LN2wzA8Ye7/KW4Gl1OKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjIyMTEyNzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzEwODM2Yzc3MGQ1YjgxOTMyMGRmNWQ5ZWZkYThmMWY0MWI4MzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4t3D3WhxHUGdQJ98jc05AAL9ze2T
YVGtPspn2/E0IQ5XYULfU72+g+OvykOd4yWeB9b/NYSp7nul2RYgfZ9nSunwRlXx
2xiRguDlGmAxYxKPpKX+qBYulw0JJttBKW7e8251ssh2LMWLiE++k3HWO5qu0xTg
sT9Bgvk+WNa/lK64Y88gv5777vB7AcY3azGJ+2wkfwlcITTEwJKhSmgOyWE9Uaik
b/LBBm/wrCQAyJMEatnsvOI/2BooX4Mt0GgE6IKlJ1ucnFSJd5/PQsR7Qck5Fcpk
+wuF4cFMI/I5RMeUpFV1m10sltPRgf9Y1rYLpNoqmC1+/NvHCkyAfAHM6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAwQg2x3DVuBkyDfXZ79qPH0G4MlMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvREJDRGJIY05XNEdUSU45ZG52Mm84ZlFiZ3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUJ0AwQB
XHZyAwQAwgVcMA0GCSqGSIb3DQEBCwUAA4IBAQAB+jPpnxv3MHas+tNyxSEu1qMt
xMGYEjuqh7zORM3D72GwVtA2PMW3lfP0rAGGVc2fzgj2P72Ygj+AseXg9souPVyl
rio/9MDf/jDzcYwZoHDA3E4/ki5vG5ofmeaD5Odl9/RZ8LianH2qPVD5Jb0/kZHR
OrkET3Yr3u6P0wtX4+1QUjPzZwL1rTEkBi/FCfiTWOW0iKXTm/iIuCy/dmVzMm1A
o5+z8RBbpZH4mauuf52oHLXhzRzS8pGzEh5bVj9dXzlWTkJB3MipPl390EJd/QYP
4h3flZYRXZ/JQ1JxsfNpzr7iVRCa/H11ao1qN0o98bbIhJPHL7DLsMZWjwiv
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:47 2023 by rpki-client on console-ams.rpki-client.org