Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/_W3oIGiQVTq7Kmq-tBaloG_jD-c.roa
File: _W3oIGiQVTq7Kmq-tBaloG_jD-c.roa (raw, json)
Hash identifier: wb6yUxE9HToCGXtdyWK7Y7FxJFJ/mx2fajUh0s+k77E=
Subject key identifier: FD:6D:E8:20:68:90:55:3A:BB:2A:6A:BE:B4:16:A5:A0:6F:E3:0F:E7
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 018A1BFAF1C5BAF07EFBCDBCD006162EE311
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/_W3oIGiQVTq7Kmq-tBaloG_jD-c.roa
Signing time: Tue 22 Aug 2023 06:42:25 +0000
ROA not before: Tue 22 Aug 2023 06:42:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 82.206.32.0/19 maxlen: 19
217.173.128.0/19 maxlen: 23
217.140.72.0/21 maxlen: 21
217.140.80.0/21 maxlen: 21
217.140.88.0/21 maxlen: 21
2001:4b88::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:1b:fa:f1:c5:ba:f0:7e:fb:cd:bc:d0:06:16:2e:e3:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Aug 22 06:42:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fd6de8206890553abb2a6abeb416a5a06fe30fe7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:dc:c9:78:19:7b:90:2c:a6:f4:c4:88:2a:4e:
8c:f2:92:69:15:b2:11:f5:a3:74:4a:f2:4d:c9:3e:
d9:b3:b2:47:b1:8f:3f:04:62:79:3a:c4:81:d6:9e:
cc:52:92:6f:ac:94:69:a6:c1:18:53:6a:e9:97:c5:
61:5c:88:2e:98:2b:02:5a:f3:2e:34:69:1a:43:49:
c6:9a:bc:9a:3f:9c:86:dd:b6:82:d6:4e:86:b5:d1:
d0:48:18:34:f1:1e:2e:45:db:0a:d6:62:96:08:66:
33:a1:80:5b:bd:0b:7b:89:98:f2:ec:0d:02:07:a3:
a7:b2:41:1a:9d:d2:71:42:4b:62:20:62:d1:8b:dc:
65:05:ca:84:05:ae:1f:3e:a9:68:10:47:3c:ef:e4:
94:ba:df:20:52:0d:7e:88:12:4f:26:4e:f2:72:52:
0b:5d:0e:70:93:8b:b1:9a:ea:95:d5:c0:93:3a:96:
cd:b6:40:99:53:3a:a2:db:30:2b:ee:35:39:26:ce:
f8:10:84:71:0e:80:5c:56:a0:ef:23:0d:3d:1b:4e:
2b:b2:24:99:db:a1:bc:c0:78:03:39:ee:4b:47:e3:
0e:cf:ba:6c:6b:57:6e:b9:54:08:f4:64:57:10:e7:
55:23:ef:55:06:cc:ee:61:40:d3:1a:aa:46:64:6e:
da:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:6D:E8:20:68:90:55:3A:BB:2A:6A:BE:B4:16:A5:A0:6F:E3:0F:E7
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/_W3oIGiQVTq7Kmq-tBaloG_jD-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.32.0/19
217.140.72.0-217.140.95.255
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
c3:37:0a:40:05:43:2e:ab:09:d5:1b:15:d7:01:22:40:d4:79:
c0:e0:ab:5e:9e:a5:89:77:f3:dc:53:32:c7:c0:e0:bd:f5:fb:
8a:09:2e:41:b9:30:57:1c:cf:92:bc:aa:8c:d1:10:37:de:72:
4d:7c:03:4d:f1:5a:42:e3:dc:d6:de:ad:01:46:c3:a7:7c:9b:
77:8c:3e:3c:66:e9:fb:7d:89:fa:8d:90:ac:32:bb:b5:b7:0a:
f4:01:6a:cd:92:21:3f:df:85:64:91:6e:a4:b2:52:66:c9:ce:
8c:18:d9:9c:a5:d7:f8:2d:da:f8:67:c6:0b:80:92:57:4b:73:
b1:1e:c5:1c:b2:d8:6f:9f:c4:6a:6b:da:df:4a:59:e0:88:7c:
cc:d3:4f:d0:6a:37:27:4c:35:83:87:70:b8:8b:1a:75:4f:04:
31:30:ff:4f:d0:79:45:a9:d7:01:a8:a3:6c:de:24:89:d1:98:
8c:cf:2f:4d:ad:06:37:dc:9e:a9:a5:3a:78:e1:02:15:a2:ca:
cf:54:95:89:85:cb:10:bf:1c:2f:54:0f:b7:64:89:c9:af:12:
5e:7b:f4:a5:2e:e0:56:1b:93:c0:8b:13:cc:3b:e1:e0:d0:a4:
dd:75:68:14:32:7b:9a:6e:61:ce:8f:4b:c6:74:b5:06:cb:64:
23:0a:04:72
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYob+vHFuvB++8280AYWLuMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMwODIyMDY0MjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZkZTgyMDY4OTA1NTNhYmIyYTZhYmViNDE2YTVhMDZmZTMwZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidzJeBl7kCym9MSIKk6M8pJpFbIR
9aN0SvJNyT7Zs7JHsY8/BGJ5OsSB1p7MUpJvrJRppsEYU2rpl8VhXIgumCsCWvMu
NGkaQ0nGmryaP5yG3baC1k6GtdHQSBg08R4uRdsK1mKWCGYzoYBbvQt7iZjy7A0C
B6OnskEandJxQktiIGLRi9xlBcqEBa4fPqloEEc87+SUut8gUg1+iBJPJk7yclIL
XQ5wk4uxmuqV1cCTOpbNtkCZUzqi2zAr7jU5Js74EIRxDoBcVqDvIw09G04rsiSZ
26G8wHgDOe5LR+MOz7psa1duuVQI9GRXEOdVI+9VBszuYUDTGqpGZG7alQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFP1t6CBokFU6uypqvrQWpaBv4w/nMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvX1czb0lHaVFWVHE3S21xLXRCYWxvR19qRC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQFUs4gMAwD
BAPZjEgDBAXZjEADBAXZrYAwDQQCAAIwBwMFACABS4gwDQYJKoZIhvcNAQELBQAD
ggEBAMM3CkAFQy6rCdUbFdcBIkDUecDgq16epYl389xTMsfA4L31+4oJLkG5MFcc
z5K8qozREDfeck18A03xWkLj3NberQFGw6d8m3eMPjxm6ft9ifqNkKwyu7W3CvQB
as2SIT/fhWSRbqSyUmbJzowY2Zyl1/gt2vhnxguAkldLc7EexRyy2G+fxGpr2t9K
WeCIfMzTT9BqNydMNYOHcLiLGnVPBDEw/0/QeUWp1wGoo2zeJInRmIzPL02tBjfc
nqmlOnjhAhWiys9UlYmFyxC/HC9UD7dkicmvEl579KUu4FYbk8CLE8w74eDQpN11
aBQye5puYc6PS8Z0tQbLZCMKBHI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:03 2024 by rpki-client on console-ams.rpki-client.org