Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/3aH--ZeqPmF8j-hu6WEDm7XGZGQ.roa
File: 3aH--ZeqPmF8j-hu6WEDm7XGZGQ.roa (raw, json)
Hash identifier: tfxvnvIZ5KnSBHXQ906yB4QjqgCCINlIitr0siEVjFk=
Subject key identifier: DD:A1:FE:F9:97:AA:3E:61:7C:8F:E8:6E:E9:61:03:9B:B5:C6:64:64
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018444FF414A38F67B80D6B6AAFC3306E1C4
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/3aH--ZeqPmF8j-hu6WEDm7XGZGQ.roa
Signing time: Fri 04 Nov 2022 23:34:49 +0000
ROA not before: Fri 04 Nov 2022 23:34:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 52000
IP address blocks: 176.114.88.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
176.114.69.0/24 maxlen: 24
176.114.71.0/24 maxlen: 24
176.114.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:44:ff:41:4a:38:f6:7b:80:d6:b6:aa:fc:33:06:e1:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Nov 4 23:34:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dda1fef997aa3e617c8fe86ee961039bb5c66464
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:77:a4:db:c7:e7:fe:2f:e1:97:a1:4e:ed:0e:
a3:d6:7b:44:28:a2:77:75:4c:9e:6e:82:c0:5c:a2:
69:11:0e:aa:54:a2:3e:b0:25:f9:6c:3c:3a:bf:6b:
86:30:0a:04:2a:84:f3:7a:3c:71:ce:8b:b4:7d:da:
ec:63:d2:ac:34:ac:e7:5f:81:ac:17:b0:09:80:9d:
0f:0d:a2:49:9e:11:f1:d5:9a:3e:a7:64:d8:cc:f6:
2e:d7:bb:40:dc:1c:74:93:57:25:06:10:c8:ef:b4:
59:aa:5f:23:b3:ab:72:7b:86:d9:c7:c1:58:b3:9f:
89:dd:a9:dc:e0:51:59:db:e4:fb:b6:23:a5:60:82:
a2:d3:34:68:b4:7b:c1:57:dc:49:f1:cd:f2:52:54:
bc:f6:e1:04:c8:35:b8:83:76:19:8b:89:0c:a2:44:
b1:99:bf:01:fa:23:76:9e:76:59:0e:63:4e:61:b0:
f5:cd:50:a8:2b:c0:eb:b9:86:13:55:76:cc:6c:ce:
2c:06:85:ca:aa:1f:3f:26:c0:22:2b:be:ec:67:39:
56:56:78:3c:f8:96:8b:b6:99:6a:2c:65:34:c7:57:
30:7c:da:c9:a8:87:e5:58:13:aa:69:91:d1:bf:3c:
8f:04:9d:b5:b4:0e:43:8e:2e:09:6d:61:7d:a3:31:
1a:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:A1:FE:F9:97:AA:3E:61:7C:8F:E8:6E:E9:61:03:9B:B5:C6:64:64
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/3aH--ZeqPmF8j-hu6WEDm7XGZGQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.69.0/24
176.114.71.0/24
176.114.76.0/22
176.114.88.0/21
Signature Algorithm: sha256WithRSAEncryption
4e:1e:e7:68:7c:3a:6b:81:11:be:c6:51:c3:b4:2b:ac:20:53:
89:88:7c:31:62:5a:73:06:b2:6e:d6:48:ce:42:e5:f1:ef:75:
a6:1f:e6:ff:ad:cd:07:70:f0:5f:b4:6f:f0:a3:af:a3:8c:2e:
35:8b:97:94:f5:eb:0d:d3:59:5d:6a:8a:aa:60:27:0d:e4:6e:
8c:d4:9f:6d:47:2e:8f:28:74:80:93:e5:95:fe:21:2c:19:de:
0b:97:cb:64:9d:3c:71:5c:ab:d0:26:c7:d6:f5:7b:9f:e0:7f:
7d:b1:53:c2:b7:f9:fc:66:86:b8:c5:7f:6e:c7:aa:d6:78:24:
bc:10:5a:2e:1a:81:c7:65:02:90:e8:50:91:cc:3d:16:c5:b4:
0b:b9:30:5b:af:fb:de:30:23:7f:51:3d:91:98:04:e4:09:f9:
b1:bf:c9:96:3f:ab:8b:fb:7c:70:52:a8:a4:d7:8c:7e:55:a6:
dd:17:40:67:34:b1:27:9f:1b:29:4c:06:73:22:f0:9f:30:e2:
3a:3a:fa:73:f5:8d:42:cf:ec:9b:1f:67:8f:0d:f5:02:48:cb:
eb:eb:23:77:02:f5:a0:91:35:2b:12:37:2e:00:2a:45:20:6f:
66:40:2b:c0:70:4d:fa:2e:76:18:b1:d2:7c:56:95:26:30:3b:
da:42:e8:cd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYRE/0FKOPZ7gNa2qvwzBuHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjIxMTA0MjMzNDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGExZmVmOTk3YWEzZTYxN2M4ZmU4NmVlOTYxMDM5YmI1YzY2NDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nek28fn/i/hl6FO7Q6j1ntEKKJ3
dUyeboLAXKJpEQ6qVKI+sCX5bDw6v2uGMAoEKoTzejxxzou0fdrsY9KsNKznX4Gs
F7AJgJ0PDaJJnhHx1Zo+p2TYzPYu17tA3Bx0k1clBhDI77RZql8js6tye4bZx8FY
s5+J3anc4FFZ2+T7tiOlYIKi0zRotHvBV9xJ8c3yUlS89uEEyDW4g3YZi4kMokSx
mb8B+iN2nnZZDmNOYbD1zVCoK8DruYYTVXbMbM4sBoXKqh8/JsAiK77sZzlWVng8
+JaLtplqLGU0x1cwfNrJqIflWBOqaZHRvzyPBJ21tA5Dji4JbWF9ozEaSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN2h/vmXqj5hfI/obulhA5u1xmRkMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvM2FILS1aZXFQbUY4ai1odTZXRURtN1hHWkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAsHJFAwQA
sHJHAwQCsHJMAwQDsHJYMA0GCSqGSIb3DQEBCwUAA4IBAQBOHudofDprgRG+xlHD
tCusIFOJiHwxYlpzBrJu1kjOQuXx73WmH+b/rc0HcPBftG/wo6+jjC41i5eU9esN
01ldaoqqYCcN5G6M1J9tRy6PKHSAk+WV/iEsGd4Ll8tknTxxXKvQJsfW9Xuf4H99
sVPCt/n8Zoa4xX9ux6rWeCS8EFouGoHHZQKQ6FCRzD0WxbQLuTBbr/veMCN/UT2R
mATkCfmxv8mWP6uL+3xwUqik14x+VabdF0BnNLEnnxspTAZzIvCfMOI6Ovpz9Y1C
z+ybH2ePDfUCSMvr6yN3AvWgkTUrEjcuACpFIG9mQCvAcE36LnYYsdJ8VpUmMDva
QujN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:57 2024 by rpki-client on console-fra.rpki-client.org