Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/inXKbPROoMIqYLSw3_sGTk0gv-w.roa
File: inXKbPROoMIqYLSw3_sGTk0gv-w.roa (raw, json)
Hash identifier: lI2nAgX1qvcpkNr7zeknQnl5nyjbATvkK7+2hxtchPo=
Subject key identifier: 8A:75:CA:6C:F4:4E:A0:C2:2A:60:B4:B0:DF:FB:06:4E:4D:20:BF:EC
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 01856CE67488D089B2EE85E9F12F8729E7DE
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/inXKbPROoMIqYLSw3_sGTk0gv-w.roa
Signing time: Sun 01 Jan 2023 10:35:20 +0000
ROA not before: Sun 01 Jan 2023 10:35:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207772
IP address blocks: 87.118.146.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:e6:74:88:d0:89:b2:ee:85:e9:f1:2f:87:29:e7:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Jan 1 10:35:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8a75ca6cf44ea0c22a60b4b0dffb064e4d20bfec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d4:5f:64:d8:f9:8f:0c:7b:7f:e1:a2:76:3c:
c7:f0:74:7c:dc:c3:f2:51:3b:45:64:fa:e8:be:73:
51:eb:bc:e2:82:66:af:69:6c:04:84:4b:fa:f2:5e:
26:fa:45:53:e6:50:6c:c7:c2:6e:27:cc:13:80:20:
57:bb:d2:53:38:c8:ee:ad:7a:be:2d:e0:66:57:64:
78:ac:1f:b3:d5:34:b6:da:4f:b0:68:96:fa:83:3a:
19:66:d5:e4:30:92:69:45:f4:8a:17:87:dd:92:48:
03:3f:a8:ae:43:1f:bb:ee:e5:67:65:30:df:e2:c3:
5f:dc:7e:7b:d9:04:23:bb:7a:9e:68:72:e3:5c:04:
81:0e:7a:97:5e:94:b6:9b:b6:94:eb:6b:33:34:58:
93:d2:72:94:3c:f3:38:22:37:ba:b8:1e:52:70:48:
9f:c6:e9:93:1e:2b:9f:c9:28:7b:42:ca:bf:cf:bb:
8f:05:e7:f5:65:5d:13:30:b4:ff:3c:0e:76:83:d4:
a9:64:0e:3a:4f:64:1c:0e:ae:11:ac:4a:5e:83:ef:
e7:cf:54:d0:48:10:8b:c2:2e:78:83:23:f4:ca:fd:
36:c0:fb:87:11:7f:05:ae:03:bd:5c:2b:fa:95:c5:
51:ad:8a:5b:a1:0f:4b:36:52:e1:64:ed:9d:33:43:
2e:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:75:CA:6C:F4:4E:A0:C2:2A:60:B4:B0:DF:FB:06:4E:4D:20:BF:EC
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/inXKbPROoMIqYLSw3_sGTk0gv-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.118.146.0/24
Signature Algorithm: sha256WithRSAEncryption
18:57:f9:ff:51:6e:92:5f:06:69:21:f9:1d:15:8a:04:e8:2d:
7a:cf:aa:02:88:96:0c:d1:82:04:94:65:1f:58:0a:df:c2:a2:
02:97:48:d4:c7:36:3f:46:25:55:a0:9c:3d:c0:e1:88:07:85:
82:83:bb:98:9e:cd:07:65:f7:d7:a8:e2:7f:9b:f9:d6:6f:df:
a9:ec:d8:c6:ab:82:0b:a1:c1:e3:7f:a9:c1:6c:3b:84:ba:80:
4a:d2:c4:b0:cc:68:ec:2c:a7:32:f1:a7:5a:0d:6a:91:af:32:
5c:7d:5a:f3:5f:fc:a1:9c:e3:6c:ed:33:ad:8d:c1:43:4d:d2:
bc:ea:01:76:ef:62:3a:d2:1f:82:00:b0:2f:dc:72:db:c4:55:
d0:a1:0c:4f:7a:39:89:fe:9b:fa:f0:1a:24:8e:e7:44:83:83:
f0:cc:52:b5:c8:59:8c:e3:8d:9b:b8:b1:27:51:3b:b9:1a:dc:
c8:41:02:d9:c8:b4:23:2b:3f:15:fe:81:98:b9:47:42:e6:98:
0d:7d:95:b2:5e:d9:cb:ff:05:88:34:89:6f:7c:c3:f0:41:d4:
a1:26:2f:16:79:cb:c8:b2:53:93:b2:d7:56:5b:7d:5b:18:f1:
4c:69:41:5e:51:7d:dd:09:19:9f:e9:92:fc:3a:d3:ac:4c:79:
36:3b:6e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs5nSI0Imy7oXp8S+HKefeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjMwMTAxMTAzNTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTc1Y2E2Y2Y0NGVhMGMyMmE2MGI0YjBkZmZiMDY0ZTRkMjBiZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNRfZNj5jwx7f+GidjzH8HR83MPy
UTtFZProvnNR67zigmavaWwEhEv68l4m+kVT5lBsx8JuJ8wTgCBXu9JTOMjurXq+
LeBmV2R4rB+z1TS22k+waJb6gzoZZtXkMJJpRfSKF4fdkkgDP6iuQx+77uVnZTDf
4sNf3H572QQju3qeaHLjXASBDnqXXpS2m7aU62szNFiT0nKUPPM4Ije6uB5ScEif
xumTHiufySh7Qsq/z7uPBef1ZV0TMLT/PA52g9SpZA46T2QcDq4RrEpeg+/nz1TQ
SBCLwi54gyP0yv02wPuHEX8FrgO9XCv6lcVRrYpboQ9LNlLhZO2dM0MuiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIp1ymz0TqDCKmC0sN/7Bk5NIL/sMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvaW5YS2JQUk9vTUlxWUxTdzNfc0dUazBndi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3aSMA0G
CSqGSIb3DQEBCwUAA4IBAQAYV/n/UW6SXwZpIfkdFYoE6C16z6oCiJYM0YIElGUf
WArfwqICl0jUxzY/RiVVoJw9wOGIB4WCg7uYns0HZffXqOJ/m/nWb9+p7NjGq4IL
ocHjf6nBbDuEuoBK0sSwzGjsLKcy8adaDWqRrzJcfVrzX/yhnONs7TOtjcFDTdK8
6gF272I60h+CALAv3HLbxFXQoQxPejmJ/pv68BokjudEg4PwzFK1yFmM442buLEn
UTu5GtzIQQLZyLQjKz8V/oGYuUdC5pgNfZWyXtnL/wWINIlvfMPwQdShJi8WecvI
slOTstdWW31bGPFMaUFeUX3dCRmf6ZL8OtOsTHk2O251
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:05 2024 by rpki-client on console-fra.rpki-client.org