Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/ddoPCqEFSijay33mGrWIgQdCf1c.roa
File: ddoPCqEFSijay33mGrWIgQdCf1c.roa (raw, json)
Hash identifier: vHCm2+mzsBzEAjfS/2hgE6jaXE2/s5CuPxfM/NiMHaQ=
Subject key identifier: 75:DA:0F:0A:A1:05:4A:28:DA:CB:7D:E6:1A:B5:88:81:07:42:7F:57
Certificate issuer: /CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Certificate serial: 01856C1C8D9BC23C2DE9FB8ACC1637D35167
Authority key identifier: C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/ddoPCqEFSijay33mGrWIgQdCf1c.roa
Signing time: Sun 01 Jan 2023 06:54:48 +0000
ROA not before: Sun 01 Jan 2023 06:54:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52036
IP address blocks: 78.111.128.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:1c:8d:9b:c2:3c:2d:e9:fb:8a:cc:16:37:d3:51:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4f88b5c6e5116e50cf2b5bdf43e8720f1d8c60f
Validity
Not Before: Jan 1 06:54:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=75da0f0aa1054a28dacb7de61ab5888107427f57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:db:f8:61:2d:91:dd:3f:aa:70:1d:14:bf:e8:
e6:79:90:42:28:12:76:96:35:61:66:fd:fb:bf:59:
21:ac:ae:46:e4:fd:ce:a0:3b:46:49:1b:7e:3f:37:
e4:7a:f0:16:3b:3a:19:6a:0f:d1:f0:bb:0a:43:8e:
40:0c:9b:0e:08:2b:c8:66:89:97:02:4d:b1:c8:f1:
6e:ec:cf:73:82:4f:0f:46:a5:48:86:26:48:47:0e:
5a:38:bb:6c:6e:c1:27:cf:0a:cd:fe:8d:14:c4:cd:
f2:05:02:ba:95:16:b8:6f:d6:f2:29:29:68:b5:0e:
af:84:91:5b:10:6b:fa:96:4f:b7:6a:45:67:af:6d:
04:85:56:d7:5b:4b:dd:f5:70:f9:e7:ec:00:77:96:
b1:05:a0:6b:90:07:12:ad:e3:93:06:39:83:8e:4b:
4a:bd:10:c0:d3:91:f0:21:d9:1a:72:70:f6:5a:e2:
5c:0d:1f:2d:a7:bc:26:d0:ff:8d:f2:14:8e:9a:48:
2e:35:72:ef:43:a0:2c:c4:d0:1b:32:fe:db:fb:6f:
7b:a6:b5:34:0e:6e:3e:bb:fa:20:9b:05:36:a0:90:
8b:75:ee:df:3d:2e:b0:27:20:97:bb:b7:64:27:5d:
ba:ac:0a:b0:da:2d:01:46:d0:cc:65:36:eb:9d:95:
e6:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:DA:0F:0A:A1:05:4A:28:DA:CB:7D:E6:1A:B5:88:81:07:42:7F:57
X509v3 Authority Key Identifier:
keyid:C4:F8:8B:5C:6E:51:16:E5:0C:F2:B5:BD:F4:3E:87:20:F1:D8:C6:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPiLXG5RFuUM8rW99D6HIPHYxg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/ddoPCqEFSijay33mGrWIgQdCf1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/253078-0a7b-45bb-bc67-073639938437/1/xPiLXG5RFuUM8rW99D6HIPHYxg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.111.128.0/20
Signature Algorithm: sha256WithRSAEncryption
19:93:ea:d0:32:cd:ca:fc:69:14:1d:67:40:5f:00:ae:ba:68:
69:62:46:b9:75:fa:f2:35:0b:6e:bd:64:d4:2e:a0:12:56:ce:
a5:76:11:f8:34:d1:80:05:f6:7a:d5:c9:3d:30:f2:96:a7:7a:
05:52:0a:40:eb:31:06:15:44:6c:04:29:c1:b3:3e:fb:19:b7:
ec:13:bf:1a:10:f6:0d:00:92:9a:ee:c7:58:4b:bd:67:9d:58:
49:33:0f:1a:49:8f:54:45:3a:b2:eb:38:fb:13:02:11:00:b9:
2f:e4:c2:b4:62:64:26:c5:ce:6c:4a:5e:9d:be:43:29:aa:09:
ad:7c:f7:19:bc:a2:0b:db:e3:cb:db:b6:1b:83:15:45:ce:29:
41:7c:67:77:58:0b:e8:c1:96:13:ba:45:1d:c8:12:d7:e8:a2:
3f:01:0f:b7:ca:ab:d8:ca:a2:59:74:8f:40:a0:d4:8a:2f:1c:
8b:3d:53:71:6d:c1:c7:c5:44:fe:d7:0b:33:06:ff:83:0d:14:
3e:e6:d0:ca:bd:87:1a:97:ee:c6:59:54:b5:32:d6:1d:83:c4:
d5:23:d4:00:a5:22:be:1b:2b:20:e3:2e:70:da:ba:a2:03:0e:
23:c6:e9:4c:b6:7a:11:89:aa:f4:48:00:31:7b:03:7f:91:25:
37:95:29:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsHI2bwjwt6fuKzBY301FnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Zjg4YjVjNmU1MTE2ZTUwY2YyYjViZGY0M2U4NzIwZjFk
OGM2MGYwHhcNMjMwMTAxMDY1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWRhMGYwYWExMDU0YTI4ZGFjYjdkZTYxYWI1ODg4MTA3NDI3ZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9v4YS2R3T+qcB0Uv+jmeZBCKBJ2
ljVhZv37v1khrK5G5P3OoDtGSRt+PzfkevAWOzoZag/R8LsKQ45ADJsOCCvIZomX
Ak2xyPFu7M9zgk8PRqVIhiZIRw5aOLtsbsEnzwrN/o0UxM3yBQK6lRa4b9byKSlo
tQ6vhJFbEGv6lk+3akVnr20EhVbXW0vd9XD55+wAd5axBaBrkAcSreOTBjmDjktK
vRDA05HwIdkacnD2WuJcDR8tp7wm0P+N8hSOmkguNXLvQ6AsxNAbMv7b+297prU0
Dm4+u/ogmwU2oJCLde7fPS6wJyCXu7dkJ126rAqw2i0BRtDMZTbrnZXmyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXaDwqhBUoo2st95hq1iIEHQn9XMB8GA1UdIwQY
MBaAFMT4i1xuURblDPK1vfQ+hyDx2MYPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjct
MDczNjM5OTM4NDM3LzEvZGRvUENxRUZTaWpheTMzbUdyV0lnUWRDZjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNTMwNzgtMGE3Yi00NWJiLWJjNjctMDczNjM5OTM4NDM3
LzEveFBpTFhHNVJGdVVNOHJXOTlENkhJUEhZeGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETm+AMA0G
CSqGSIb3DQEBCwUAA4IBAQAZk+rQMs3K/GkUHWdAXwCuumhpYka5dfryNQtuvWTU
LqASVs6ldhH4NNGABfZ61ck9MPKWp3oFUgpA6zEGFURsBCnBsz77GbfsE78aEPYN
AJKa7sdYS71nnVhJMw8aSY9URTqy6zj7EwIRALkv5MK0YmQmxc5sSl6dvkMpqgmt
fPcZvKIL2+PL27YbgxVFzilBfGd3WAvowZYTukUdyBLX6KI/AQ+3yqvYyqJZdI9A
oNSKLxyLPVNxbcHHxUT+1wszBv+DDRQ+5tDKvYcal+7GWVS1MtYdg8TVI9QApSK+
Gysg4y5w2rqiAw4jxulMtnoRiar0SAAxewN/kSU3lSlW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:04 2024 by rpki-client on console-fra.rpki-client.org