Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kDTpbfVS_4kI5cwAKHf6tonizUI.roa
File: kDTpbfVS_4kI5cwAKHf6tonizUI.roa (raw, json)
Hash identifier: rzWEmBWIUnA62JqGe7v3+YrcfXFkJtDGZSAX+65PoHM=
Subject key identifier: 90:34:E9:6D:F5:52:FF:89:08:E5:CC:00:28:77:FA:B6:89:E2:CD:42
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 01879D37EFF032B941B48B3CFB2ECDF21A7F
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kDTpbfVS_4kI5cwAKHf6tonizUI.roa
Signing time: Thu 20 Apr 2023 05:51:41 +0000
ROA not before: Thu 20 Apr 2023 05:51:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207772
IP address blocks: 87.118.146.0/24 maxlen: 24
95.43.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9d:37:ef:f0:32:b9:41:b4:8b:3c:fb:2e:cd:f2:1a:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Apr 20 05:51:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9034e96df552ff8908e5cc002877fab689e2cd42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ef:b3:d8:dc:50:ff:1e:76:01:4b:c4:2b:a7:
ae:61:3c:01:a8:2d:c6:db:35:59:bf:ca:55:2d:79:
8e:38:ba:37:f1:0b:e2:34:16:50:43:62:79:fa:e4:
d5:40:cc:29:7a:cf:13:04:41:d4:6d:8e:2d:e3:bc:
41:3d:c1:d2:a1:e2:44:56:5e:b8:e2:00:82:88:cb:
78:56:6a:39:8f:f4:b7:b8:3f:98:a4:49:a6:c9:01:
42:5a:29:c2:7b:95:37:21:e7:b1:5b:46:92:d9:96:
4b:fa:39:b6:81:83:18:00:8e:0c:b3:ba:1b:b4:c7:
96:5e:35:50:15:f7:b1:c5:da:92:fb:4a:d4:3d:b9:
84:3f:bc:79:68:b1:f8:08:70:1d:19:74:7e:4d:b6:
1a:9b:a2:7f:28:fc:c1:62:ea:7d:e2:f3:32:0d:af:
70:6a:2c:d7:b9:97:43:52:9d:e6:e4:cb:7c:f2:07:
9e:03:38:26:62:a0:1f:19:a4:71:47:ff:eb:e8:b7:
06:75:90:72:e8:bf:4f:91:fe:c6:40:86:62:78:06:
1d:d0:b6:bf:ee:75:a1:25:8b:6c:3b:8f:c4:85:4c:
94:6c:49:2e:fe:f2:cf:50:f3:7d:c7:f9:5f:84:a2:
d9:73:74:bf:4c:28:c1:5a:ba:fc:35:f6:5c:d4:cc:
e2:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:34:E9:6D:F5:52:FF:89:08:E5:CC:00:28:77:FA:B6:89:E2:CD:42
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kDTpbfVS_4kI5cwAKHf6tonizUI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.118.146.0/24
95.43.114.0/24
Signature Algorithm: sha256WithRSAEncryption
23:44:d0:be:b4:f9:6d:15:a9:a2:7a:35:fd:3f:7a:3a:44:a0:
f2:f4:82:77:1d:20:a0:2d:79:97:8a:f8:43:d1:ba:e3:13:df:
3f:01:d1:c1:5c:38:3e:37:19:c0:c3:27:48:02:cc:92:dd:53:
d0:31:10:9f:da:5e:27:9c:04:d6:36:1d:ae:5b:ae:01:5e:d6:
06:1e:07:21:25:ee:46:08:31:f2:1c:e2:df:d9:e9:5b:a3:e6:
07:b9:6e:8f:bf:89:7d:04:ae:ba:4c:de:82:cc:03:fa:a6:55:
c7:04:18:d4:a0:1f:98:bf:3a:49:6f:6f:b2:64:15:a8:c9:6f:
cd:63:85:7e:63:e5:e6:8a:8e:36:de:91:26:fa:09:99:44:dc:
e9:e0:6b:29:72:06:5e:3a:be:60:a6:f2:f3:e8:d6:c9:c2:59:
6e:77:26:5b:bf:39:f0:bc:59:98:bd:24:4e:3d:16:c8:f4:e6:
da:55:e2:8a:82:bd:d1:de:0d:ac:4e:05:f0:aa:fb:31:85:eb:
14:e8:af:84:1b:89:3e:b6:0f:2b:cd:d0:85:7e:d2:3d:02:cf:
d1:ff:0a:d1:92:38:3e:8c:86:c0:cf:5b:90:61:1a:2b:3c:5a:
c0:6c:86:51:10:6e:f9:6a:b6:6a:4c:f0:f9:7a:11:05:b5:6d:
1f:66:99:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYedN+/wMrlBtIs8+y7N8hp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjMwNDIwMDU1MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM0ZTk2ZGY1NTJmZjg5MDhlNWNjMDAyODc3ZmFiNjg5ZTJjZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm++z2NxQ/x52AUvEK6euYTwBqC3G
2zVZv8pVLXmOOLo38QviNBZQQ2J5+uTVQMwpes8TBEHUbY4t47xBPcHSoeJEVl64
4gCCiMt4Vmo5j/S3uD+YpEmmyQFCWinCe5U3IeexW0aS2ZZL+jm2gYMYAI4Ms7ob
tMeWXjVQFfexxdqS+0rUPbmEP7x5aLH4CHAdGXR+TbYam6J/KPzBYup94vMyDa9w
aizXuZdDUp3m5Mt88geeAzgmYqAfGaRxR//r6LcGdZBy6L9Pkf7GQIZieAYd0La/
7nWhJYtsO4/EhUyUbEku/vLPUPN9x/lfhKLZc3S/TCjBWrr8NfZc1MziJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJA06W31Uv+JCOXMACh3+raJ4s1CMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEva0RUcGJmVlNfNGtJNWN3QUtIZjZ0b25pelVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3aSAwQA
XytyMA0GCSqGSIb3DQEBCwUAA4IBAQAjRNC+tPltFamiejX9P3o6RKDy9IJ3HSCg
LXmXivhD0brjE98/AdHBXDg+NxnAwydIAsyS3VPQMRCf2l4nnATWNh2uW64BXtYG
HgchJe5GCDHyHOLf2elbo+YHuW6Pv4l9BK66TN6CzAP6plXHBBjUoB+YvzpJb2+y
ZBWoyW/NY4V+Y+Xmio423pEm+gmZRNzp4GspcgZeOr5gpvLz6NbJwlludyZbvznw
vFmYvSROPRbI9ObaVeKKgr3R3g2sTgXwqvsxhesU6K+EG4k+tg8rzdCFftI9As/R
/wrRkjg+jIbAz1uQYRorPFrAbIZREG75arZqTPD5ehEFtW0fZpmp
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:54 2024 by rpki-client on console-ams.rpki-client.org