Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/_lIJjVQpMRXd0PxKQKzXN9mqY9g.roa
File: _lIJjVQpMRXd0PxKQKzXN9mqY9g.roa (raw, json)
Hash identifier: 63PQFnECzXK07SDnN3jZyH5MUFwBpiY5fe54VSlVvM0=
Subject key identifier: FE:52:09:8D:54:29:31:15:DD:D0:FC:4A:40:AC:D7:37:D9:AA:63:D8
Certificate issuer: /CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Certificate serial: 01820144EB09D351F609F3C8B5F984A672E2
Authority key identifier: C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/_lIJjVQpMRXd0PxKQKzXN9mqY9g.roa
Signing time: Fri 15 Jul 2022 09:51:09 +0000
ROA not before: Fri 15 Jul 2022 09:51:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 203789
IP address blocks: 185.123.216.0/23 maxlen: 24
185.123.218.0/23 maxlen: 24
185.123.218.72/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:01:44:eb:09:d3:51:f6:09:f3:c8:b5:f9:84:a6:72:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Validity
Not Before: Jul 15 09:51:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fe52098d54293115ddd0fc4a40acd737d9aa63d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9c:52:72:21:12:88:1c:a9:e1:ea:9a:02:d5:
68:70:0a:fa:70:a7:58:d4:80:6b:49:38:8a:ba:9c:
a7:dc:23:2f:a2:e8:76:43:1e:5d:27:d4:7f:6d:7c:
58:8c:36:11:ec:7a:32:76:2b:79:ed:50:07:e7:29:
1c:d6:e4:02:69:07:a3:6d:7f:23:d3:91:1b:1d:c6:
52:24:b4:0f:23:e1:7e:ea:36:36:3d:22:ab:cf:f5:
c6:9d:ab:69:ae:eb:cf:54:53:70:55:e0:92:4e:a4:
ef:ac:24:fd:b4:c0:d6:48:ce:05:bc:89:ab:9d:ee:
f5:be:95:ca:2d:e4:7e:7e:51:94:a8:3b:80:66:c1:
a1:7c:a9:4d:e6:b4:ce:f4:cb:e6:86:4a:66:e6:a8:
5b:aa:59:e7:a7:d7:70:66:59:a1:08:df:49:7f:7e:
e0:4f:22:fa:d2:b1:7e:b1:7a:24:e2:87:ba:95:a8:
af:1d:87:54:91:c5:72:51:b5:f3:ec:57:fa:c1:86:
1f:64:ce:df:04:f1:6a:25:2e:4a:e9:bf:b4:89:0b:
db:77:67:38:76:e0:ba:55:5e:a2:35:05:32:ce:19:
28:51:93:ae:48:c6:e1:3e:12:89:ef:ec:3b:4c:51:
5b:3f:4b:aa:03:98:62:2d:7a:3d:ba:54:94:c6:7d:
ff:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:52:09:8D:54:29:31:15:DD:D0:FC:4A:40:AC:D7:37:D9:AA:63:D8
X509v3 Authority Key Identifier:
keyid:C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/_lIJjVQpMRXd0PxKQKzXN9mqY9g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.123.216.0/22
Signature Algorithm: sha256WithRSAEncryption
56:a4:02:0f:95:a5:34:42:92:d8:8d:de:d2:61:34:bf:f0:01:
3b:67:c2:aa:55:24:fe:1e:85:87:63:b5:8c:5e:43:3b:e3:b8:
a0:15:ed:e0:e8:10:e3:83:15:e8:d6:f3:08:9d:64:84:32:81:
54:4f:56:7f:91:db:0d:78:c4:05:cd:08:da:97:28:c5:73:8f:
bc:66:65:3b:9b:8a:2b:3f:2c:cb:4d:e5:5a:8e:f6:56:26:86:
0e:2a:c8:42:75:21:6d:7e:fe:d4:af:12:ad:e1:a5:81:85:a0:
95:88:b2:14:cd:4d:71:67:bc:93:32:50:83:18:42:56:f5:d7:
45:ba:4d:b5:21:a7:55:75:e9:40:58:f7:d7:9a:d8:1b:8b:28:
3b:e0:12:12:32:a5:97:9b:b3:80:0c:93:f3:b6:b1:56:db:30:
09:f5:20:c4:f6:58:4c:38:c2:de:f8:e7:d7:4c:c6:9a:5a:0e:
38:7c:6e:b2:5a:0c:c2:10:e8:11:83:3a:a5:20:52:fa:15:03:
a7:a3:b1:2f:a5:83:e6:36:e2:6b:3e:3c:f5:d7:c9:fa:d3:cc:
ef:80:3d:53:dd:a9:aa:7b:6a:f0:dc:23:35:bd:81:b2:78:63:
58:c8:00:a9:16:6b:50:d0:d3:21:66:bc:e3:15:fb:74:cc:7e:
54:90:dd:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYIBROsJ01H2CfPItfmEpnLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NTNmNWUyMzA0MjBiYzRhNzBkMGE2MWRlM2I0N2RjZGEx
YThkMGUwHhcNMjIwNzE1MDk1MTA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTUyMDk4ZDU0MjkzMTE1ZGRkMGZjNGE0MGFjZDczN2Q5YWE2M2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5xSciESiByp4eqaAtVocAr6cKdY
1IBrSTiKupyn3CMvouh2Qx5dJ9R/bXxYjDYR7Hoydit57VAH5ykc1uQCaQejbX8j
05EbHcZSJLQPI+F+6jY2PSKrz/XGnatpruvPVFNwVeCSTqTvrCT9tMDWSM4FvImr
ne71vpXKLeR+flGUqDuAZsGhfKlN5rTO9Mvmhkpm5qhbqlnnp9dwZlmhCN9Jf37g
TyL60rF+sXok4oe6laivHYdUkcVyUbXz7Ff6wYYfZM7fBPFqJS5K6b+0iQvbd2c4
duC6VV6iNQUyzhkoUZOuSMbhPhKJ7+w7TFFbP0uqA5hiLXo9ulSUxn3/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5SCY1UKTEV3dD8SkCs1zfZqmPYMB8GA1UdIwQY
MBaAFMRT9eIwQgvEpw0KYd47R9zaGo0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1Njkt
ZTZjZjE3Y2RkYTRmLzEvX2xJSmpWUXBNUlhkMFB4S1FLelhOOW1xWTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1NjktZTZjZjE3Y2RkYTRm
LzEveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXvYMA0G
CSqGSIb3DQEBCwUAA4IBAQBWpAIPlaU0QpLYjd7SYTS/8AE7Z8KqVST+HoWHY7WM
XkM747igFe3g6BDjgxXo1vMInWSEMoFUT1Z/kdsNeMQFzQjalyjFc4+8ZmU7m4or
PyzLTeVajvZWJoYOKshCdSFtfv7UrxKt4aWBhaCViLIUzU1xZ7yTMlCDGEJW9ddF
uk21IadVdelAWPfXmtgbiyg74BISMqWXm7OADJPztrFW2zAJ9SDE9lhMOMLe+OfX
TMaaWg44fG6yWgzCEOgRgzqlIFL6FQOno7EvpYPmNuJrPjz118n608zvgD1T3amq
e2rw3CM1vYGyeGNYyACpFmtQ0NMhZrzjFft0zH5UkN1F
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:33 2024 by rpki-client on console-fra.rpki-client.org