Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa
File: 2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa (raw, json)
Hash identifier: SaiDLWnPftuTeOADZD8dNrQlJ1FqL+O6VgxBP9Pmnng=
Subject key identifier: D8:1D:C7:1A:37:15:93:55:E1:A3:DC:D3:52:0D:31:BD:85:08:F9:F9
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018CC726232B01687EE6A9B6D329264FAA70
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa
Signing time: Mon 01 Jan 2024 22:30:14 +0000
ROA not before: Mon 01 Jan 2024 22:30:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34665
IP address blocks: 85.208.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:23:2b:01:68:7e:e6:a9:b6:d3:29:26:4f:aa:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Jan 1 22:30:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d81dc71a37159355e1a3dcd3520d31bd8508f9f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:4f:ff:ca:10:83:e5:74:81:f8:25:3d:ac:1a:
6d:9a:b9:8e:89:55:bf:f4:b6:6f:b0:3c:b1:3b:55:
7f:e4:4b:a0:04:da:05:02:12:43:3f:fb:e3:eb:0e:
62:a3:ae:ad:2c:0c:04:27:ea:26:10:87:6e:fc:1e:
f7:47:d7:46:2a:01:60:ae:09:94:40:22:37:95:8a:
14:88:05:ad:21:e8:32:51:18:63:93:17:a1:36:be:
99:7b:e8:de:b2:c4:36:79:76:d1:24:19:73:12:63:
f2:ba:01:75:cd:81:ac:af:da:35:ef:0d:37:b0:ac:
f0:68:b2:ef:c0:81:55:5a:b4:6d:b8:1d:58:cc:59:
19:76:35:2e:e7:d9:27:c4:03:88:7f:8e:63:49:84:
01:f5:57:6b:ac:c8:f3:52:fd:39:8c:0f:0a:c7:a4:
7b:47:89:c1:42:75:ee:08:9b:78:22:5c:6c:c7:d9:
23:b6:e1:a8:8f:2f:23:09:3c:73:59:ad:eb:50:96:
3a:8f:1a:2d:a2:5e:55:b8:76:48:36:ea:6c:35:14:
8c:1e:c5:a1:21:e5:71:45:78:9d:00:82:0a:99:56:
a3:40:e9:15:1d:36:c2:63:f4:0d:54:d2:0c:97:6f:
4c:b4:ce:d8:b6:12:86:3f:5c:b5:a6:03:db:8b:fd:
6f:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:1D:C7:1A:37:15:93:55:E1:A3:DC:D3:52:0D:31:BD:85:08:F9:F9
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/2B3HGjcVk1Xho9zTUg0xvYUI-fk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.84.0/24
Signature Algorithm: sha256WithRSAEncryption
71:f2:64:b2:37:28:83:7a:a4:71:e9:48:7f:17:e4:16:b6:2f:
12:94:3b:b9:ac:93:c9:d7:7e:4f:f6:cb:a9:22:88:0b:fa:1f:
29:a8:62:5f:bc:46:68:05:db:68:f4:cb:c0:62:16:26:ba:f6:
9c:f9:60:ac:65:61:67:0e:84:21:4d:30:6d:d8:fe:7c:9d:dd:
65:53:49:f6:75:c6:6b:fd:2d:46:71:c4:2b:cb:3c:30:5d:90:
ba:6e:d5:15:67:5d:90:0c:10:78:8b:8a:07:85:be:67:b6:35:
5e:38:72:ad:18:e1:67:83:24:ae:ca:83:fc:72:b3:a5:6b:92:
a9:4c:e5:57:fe:81:18:c1:e0:12:41:de:47:c3:dd:41:b6:05:
76:71:78:a3:51:7c:f7:74:64:ff:aa:1e:60:c8:a1:ea:51:49:
cb:80:c2:c3:72:a8:0e:61:85:8f:e5:8d:bc:f2:e7:ca:18:1a:
02:ba:c7:cf:99:c2:66:89:9c:e9:5f:ae:92:4c:05:b6:c4:a2:
6f:a5:5c:cf:de:c9:8e:17:a5:4a:20:2f:43:db:c9:96:c1:e8:
86:36:40:cd:f2:c3:d0:d1:22:a8:bb:74:fb:e6:ff:ee:c5:ef:
37:59:65:36:36:f1:25:ee:58:77:ad:0b:df:23:11:89:5a:d8:
2f:a5:45:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJiMrAWh+5qm20ykmT6pwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTAxMjIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFkYzcxYTM3MTU5MzU1ZTFhM2RjZDM1MjBkMzFiZDg1MDhmOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0//yhCD5XSB+CU9rBptmrmOiVW/
9LZvsDyxO1V/5EugBNoFAhJDP/vj6w5io66tLAwEJ+omEIdu/B73R9dGKgFgrgmU
QCI3lYoUiAWtIegyURhjkxehNr6Ze+jessQ2eXbRJBlzEmPyugF1zYGsr9o17w03
sKzwaLLvwIFVWrRtuB1YzFkZdjUu59knxAOIf45jSYQB9VdrrMjzUv05jA8Kx6R7
R4nBQnXuCJt4Ilxsx9kjtuGojy8jCTxzWa3rUJY6jxotol5VuHZINupsNRSMHsWh
IeVxRXidAIIKmVajQOkVHTbCY/QNVNIMl29MtM7YthKGP1y1pgPbi/1vrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgdxxo3FZNV4aPc01INMb2FCPn5MB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvMkIzSEdqY1ZrMVhobzl6VFVnMHh2WVVJLWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBUMA0G
CSqGSIb3DQEBCwUAA4IBAQBx8mSyNyiDeqRx6Uh/F+QWti8SlDu5rJPJ135P9sup
IogL+h8pqGJfvEZoBdto9MvAYhYmuvac+WCsZWFnDoQhTTBt2P58nd1lU0n2dcZr
/S1GccQryzwwXZC6btUVZ12QDBB4i4oHhb5ntjVeOHKtGOFngySuyoP8crOla5Kp
TOVX/oEYweASQd5Hw91BtgV2cXijUXz3dGT/qh5gyKHqUUnLgMLDcqgOYYWP5Y28
8ufKGBoCusfPmcJmiZzpX66STAW2xKJvpVzP3smOF6VKIC9D28mWweiGNkDN8sPQ
0SKou3T75v/uxe83WWU2NvEl7lh3rQvfIxGJWtgvpUWt
-----END CERTIFICATE-----
Generated at Wed Aug 21 09:58:20 2024 by rpki-client on console-fra.rpki-client.org