Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/de5c5d-5812-4fe8-b3c0-6bc443f35544/1/rEM7YVPoxi3AUj3-oSfZRzpElls.roa
File: rEM7YVPoxi3AUj3-oSfZRzpElls.roa (raw, json)
Hash identifier: N76H1DVEyBfbl8oTI21zdOpS3cpBjfNTNz50PDjSrFc=
Subject key identifier: AC:43:3B:61:53:E8:C6:2D:C0:52:3D:FE:A1:27:D9:47:3A:44:96:5B
Certificate issuer: /CN=112ba797577ea60a561af9a4598c45060e3b7088
Certificate serial: 01856FD524935E4EEB9B80BC7DADBE9A2DD5
Authority key identifier: 11:2B:A7:97:57:7E:A6:0A:56:1A:F9:A4:59:8C:45:06:0E:3B:70:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ESunl1d-pgpWGvmkWYxFBg47cIg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/de5c5d-5812-4fe8-b3c0-6bc443f35544/1/rEM7YVPoxi3AUj3-oSfZRzpElls.roa
Signing time: Mon 02 Jan 2023 00:15:17 +0000
ROA not before: Mon 02 Jan 2023 00:15:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212548
IP address blocks: 188.240.209.0/24 maxlen: 24
188.241.86.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d5:24:93:5e:4e:eb:9b:80:bc:7d:ad:be:9a:2d:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=112ba797577ea60a561af9a4598c45060e3b7088
Validity
Not Before: Jan 2 00:15:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac433b6153e8c62dc0523dfea127d9473a44965b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:4a:d5:91:2c:85:c5:6d:50:ef:89:18:a4:0c:
6e:33:21:13:be:6c:03:4a:2a:3f:4d:83:a3:2c:85:
d8:29:86:83:79:a4:d4:ef:a4:1f:6f:c2:d5:57:98:
c8:6b:a3:e5:ce:3c:f5:95:ec:49:98:d7:2e:fb:27:
33:0a:09:ee:9e:14:28:79:75:98:d4:14:cd:ef:00:
44:46:6b:06:68:e6:03:6a:d8:81:c0:7f:21:a1:7a:
01:e3:ae:47:f7:50:40:50:86:d0:21:1c:2e:3e:90:
7a:c2:7d:5b:e3:d7:58:6c:4c:c1:f8:59:33:4c:c9:
8d:34:ed:81:61:5f:d7:54:e8:dc:27:aa:04:9c:19:
f9:aa:47:a0:fa:9f:46:ce:98:1a:e5:82:f7:5f:d8:
f0:ee:64:34:6e:97:f2:d8:89:36:85:27:c3:f9:93:
ce:31:3f:e4:e4:7c:0f:fc:cd:88:5e:dc:be:ae:3e:
b2:72:a3:9b:b6:e9:92:5d:4b:94:cc:27:f9:07:c9:
7d:46:5b:bc:f4:b9:86:35:74:b4:96:b4:1a:7e:2b:
b0:0c:7c:a7:a2:b3:a9:76:6a:eb:86:84:67:9d:54:
df:79:bf:a4:c7:ae:85:57:5f:d4:ef:e1:5b:dd:61:
6f:04:e0:c9:10:4a:cd:d7:61:cf:3f:6d:11:d2:1f:
d4:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:43:3B:61:53:E8:C6:2D:C0:52:3D:FE:A1:27:D9:47:3A:44:96:5B
X509v3 Authority Key Identifier:
keyid:11:2B:A7:97:57:7E:A6:0A:56:1A:F9:A4:59:8C:45:06:0E:3B:70:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ESunl1d-pgpWGvmkWYxFBg47cIg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/de5c5d-5812-4fe8-b3c0-6bc443f35544/1/rEM7YVPoxi3AUj3-oSfZRzpElls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/de5c5d-5812-4fe8-b3c0-6bc443f35544/1/ESunl1d-pgpWGvmkWYxFBg47cIg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.240.209.0/24
188.241.86.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:07:24:7c:0c:19:ec:66:0a:16:4e:a4:8e:1e:28:74:b2:ea:
1b:bf:a1:4d:79:58:9c:46:50:f5:d2:8a:db:d8:05:cd:07:e4:
c4:4b:15:b2:ca:87:ea:ff:3e:4b:99:fd:e8:69:2c:2c:e1:6a:
ff:17:8c:00:a1:57:10:ae:2a:46:87:68:4b:96:86:7e:e8:58:
a4:cc:4a:a9:ec:59:6d:a6:a7:ed:95:73:1e:8c:55:67:91:a5:
7c:75:c3:48:77:07:81:96:8a:1e:51:f3:a1:41:ac:d7:82:23:
72:6c:53:61:dc:9f:f6:fe:5b:ae:27:31:fe:80:08:8a:9b:e9:
48:d0:24:e5:68:48:89:6a:01:53:52:cc:dd:67:b9:90:54:e0:
35:13:e1:42:d6:c1:ec:0f:fa:78:b4:6d:03:3a:35:7b:4c:14:
1e:4b:c5:9a:a2:ac:7f:47:fd:b3:c9:7e:ec:6e:d7:94:b7:c5:
7d:44:df:e5:aa:27:61:c2:75:f7:0e:da:b2:eb:c1:62:57:49:
51:a4:01:c0:a1:18:a0:6f:97:fe:93:dd:ed:38:48:4d:f6:2b:
4c:8b:85:51:26:fc:46:45:89:5f:d5:b1:a0:14:6f:cd:83:29:
81:de:9a:3f:c8:cf:ec:7c:c6:27:81:7b:ee:c1:9f:84:e4:60:
c8:fa:7b:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVv1SSTXk7rm4C8fa2+mi3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMmJhNzk3NTc3ZWE2MGE1NjFhZjlhNDU5OGM0NTA2MGUz
YjcwODgwHhcNMjMwMTAyMDAxNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQzM2I2MTUzZThjNjJkYzA1MjNkZmVhMTI3ZDk0NzNhNDQ5NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2krVkSyFxW1Q74kYpAxuMyETvmwD
Sio/TYOjLIXYKYaDeaTU76Qfb8LVV5jIa6Plzjz1lexJmNcu+yczCgnunhQoeXWY
1BTN7wBERmsGaOYDatiBwH8hoXoB465H91BAUIbQIRwuPpB6wn1b49dYbEzB+Fkz
TMmNNO2BYV/XVOjcJ6oEnBn5qkeg+p9Gzpga5YL3X9jw7mQ0bpfy2Ik2hSfD+ZPO
MT/k5HwP/M2IXty+rj6ycqObtumSXUuUzCf5B8l9Rlu89LmGNXS0lrQafiuwDHyn
orOpdmrrhoRnnVTfeb+kx66FV1/U7+Fb3WFvBODJEErN12HPP20R0h/UjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKxDO2FT6MYtwFI9/qEn2Uc6RJZbMB8GA1UdIwQY
MBaAFBErp5dXfqYKVhr5pFmMRQYOO3CIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVN1bmwxZC1wZ3BXR3Zta1dZeEZCZzQ3Y0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZTVjNWQtNTgxMi00ZmU4LWIzYzAt
NmJjNDQzZjM1NTQ0LzEvckVNN1lWUG94aTNBVWozLW9TZlpSenBFbGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZTVjNWQtNTgxMi00ZmU4LWIzYzAtNmJjNDQzZjM1NTQ0
LzEvRVN1bmwxZC1wZ3BXR3Zta1dZeEZCZzQ3Y0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvPDRAwQA
vPFWMA0GCSqGSIb3DQEBCwUAA4IBAQAtByR8DBnsZgoWTqSOHih0suobv6FNeVic
RlD10orb2AXNB+TESxWyyofq/z5Lmf3oaSws4Wr/F4wAoVcQripGh2hLloZ+6Fik
zEqp7FltpqftlXMejFVnkaV8dcNIdweBlooeUfOhQazXgiNybFNh3J/2/luuJzH+
gAiKm+lI0CTlaEiJagFTUszdZ7mQVOA1E+FC1sHsD/p4tG0DOjV7TBQeS8Waoqx/
R/2zyX7sbteUt8V9RN/lqidhwnX3Dtqy68FiV0lRpAHAoRigb5f+k93tOEhN9itM
i4VRJvxGRYlf1bGgFG/NgymB3po/yM/sfMYngXvuwZ+E5GDI+nuj
-----END CERTIFICATE-----
Generated at Tue Sep 12 10:08:11 2023 by rpki-client on console-fra.rpki-client.org