Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/VDadPFt6Cgi5v54mtF62lD0cIxo.roa
File: VDadPFt6Cgi5v54mtF62lD0cIxo.roa (raw, json)
Hash identifier: 1ihoa5c1C8I4JmOSMJ265xGfVN7Mxmh0rLTs1Rwqh5g=
Subject key identifier: 54:36:9D:3C:5B:7A:0A:08:B9:BF:9E:26:B4:5E:B6:94:3D:1C:23:1A
Certificate issuer: /CN=9bdba95290a985a697763d30ab42f9c3784078b2
Certificate serial: 018FC4FB6BD4E0442CFAAC89B9A4F70E51B7
Authority key identifier: 9B:DB:A9:52:90:A9:85:A6:97:76:3D:30:AB:42:F9:C3:78:40:78:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9upUpCphaaXdj0wq0L5w3hAeLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/VDadPFt6Cgi5v54mtF62lD0cIxo.roa
Signing time: Wed 29 May 2024 15:32:42 +0000
ROA not before: Wed 29 May 2024 15:32:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209368
IP address blocks: 85.208.76.0/22 maxlen: 24
185.133.92.0/22 maxlen: 24
2a09:83c0::/29 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c4:fb:6b:d4:e0:44:2c:fa:ac:89:b9:a4:f7:0e:51:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bdba95290a985a697763d30ab42f9c3784078b2
Validity
Not Before: May 29 15:32:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=54369d3c5b7a0a08b9bf9e26b45eb6943d1c231a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e2:49:67:2e:7b:30:ea:57:60:9d:65:5a:c8:
a1:cb:b0:eb:a2:6a:04:ac:61:77:9a:64:cb:fd:42:
64:23:90:f9:1a:36:2a:ba:4b:52:12:2b:60:c7:a4:
3e:6e:cc:ba:c8:af:0c:96:84:54:1b:3d:01:55:b0:
5d:01:8e:5b:3d:5f:fe:0a:a5:04:4e:75:4d:f8:5f:
60:82:8d:69:66:8f:de:72:c7:53:05:2d:ac:6b:a2:
14:2d:f9:01:69:88:4f:70:f6:cf:74:a8:64:5f:18:
ce:d7:f7:1f:57:a2:a2:8c:c7:40:45:3f:aa:0d:4d:
a9:87:1e:03:ba:c0:fb:20:58:74:87:82:dd:65:ca:
33:22:cc:b2:30:bd:5e:57:90:d2:87:c7:93:18:c6:
8a:d4:66:3b:a4:71:b4:e1:e6:dc:12:4e:61:54:17:
bd:85:c2:54:f0:8a:16:61:73:bb:76:a1:bc:ae:5c:
cf:ef:d0:59:79:36:6e:86:b8:22:c1:ec:a3:f6:ce:
00:5c:64:5d:d4:cd:d8:95:7f:c6:b5:23:34:fe:8f:
8f:20:e2:d3:56:a8:8a:3a:22:d6:89:09:6f:3e:75:
cf:f9:44:d9:8c:d6:36:65:12:47:37:94:bd:3f:04:
26:db:f3:7e:73:f8:e4:82:f4:41:d4:da:8a:a3:3e:
68:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:36:9D:3C:5B:7A:0A:08:B9:BF:9E:26:B4:5E:B6:94:3D:1C:23:1A
X509v3 Authority Key Identifier:
keyid:9B:DB:A9:52:90:A9:85:A6:97:76:3D:30:AB:42:F9:C3:78:40:78:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9upUpCphaaXdj0wq0L5w3hAeLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/VDadPFt6Cgi5v54mtF62lD0cIxo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/m9upUpCphaaXdj0wq0L5w3hAeLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.76.0/22
185.133.92.0/22
IPv6:
2a09:83c0::/29
Signature Algorithm: sha256WithRSAEncryption
04:30:0a:99:1e:98:c2:c8:b7:8d:75:13:f0:8f:d2:66:65:e7:
10:02:03:d7:e9:03:f7:5e:e0:a2:04:56:2c:ff:0b:14:08:be:
96:71:57:35:f9:5d:f3:5d:2f:4e:9f:23:c1:70:6d:fa:28:69:
3f:21:7d:49:65:a7:19:ad:36:71:82:8a:c8:29:5e:f7:f8:1d:
18:09:91:dd:07:88:a9:44:a1:58:1a:f0:0d:85:d8:8d:3d:9d:
93:35:06:4a:1f:7a:52:03:35:9f:c7:e6:a0:b7:06:0a:8f:8f:
49:d0:ce:67:1a:b1:eb:f8:8c:03:2a:04:ed:96:99:f3:8d:e7:
95:91:9a:ba:24:14:16:c8:20:6d:7c:81:2f:6c:29:19:23:41:
d7:7d:39:83:65:47:06:16:38:a8:46:7f:d4:ac:54:32:6f:c7:
05:ff:58:b1:d2:30:ce:bf:ff:4d:ce:c3:dd:30:b9:bd:6b:f4:
8a:61:b7:f6:7a:87:98:81:2e:9b:7b:ab:9b:c4:65:32:f7:d9:
23:86:14:cb:d8:98:38:70:fb:a3:c0:20:5b:f3:b3:3d:a6:96:
40:9d:e7:a2:7b:ff:ee:0b:3f:91:2b:e2:67:82:a7:d8:58:2f:
0d:61:b1:58:e5:63:4b:c3:1b:b6:29:78:2a:b6:49:95:07:b5:
04:38:83:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY/E+2vU4EQs+qyJuaT3DlG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZGJhOTUyOTBhOTg1YTY5Nzc2M2QzMGFiNDJmOWMzNzg0
MDc4YjIwHhcNMjQwNTI5MTUzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDM2OWQzYzViN2EwYTA4YjliZjllMjZiNDVlYjY5NDNkMWMyMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+JJZy57MOpXYJ1lWsihy7DromoE
rGF3mmTL/UJkI5D5GjYquktSEitgx6Q+bsy6yK8MloRUGz0BVbBdAY5bPV/+CqUE
TnVN+F9ggo1pZo/ecsdTBS2sa6IULfkBaYhPcPbPdKhkXxjO1/cfV6KijMdART+q
DU2phx4DusD7IFh0h4LdZcozIsyyML1eV5DSh8eTGMaK1GY7pHG04ebcEk5hVBe9
hcJU8IoWYXO7dqG8rlzP79BZeTZuhrgiweyj9s4AXGRd1M3YlX/GtSM0/o+PIOLT
VqiKOiLWiQlvPnXP+UTZjNY2ZRJHN5S9PwQm2/N+c/jkgvRB1NqKoz5oxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFQ2nTxbegoIub+eJrRetpQ9HCMaMB8GA1UdIwQY
MBaAFJvbqVKQqYWml3Y9MKtC+cN4QHiyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTl1cFVwQ3BoYWFYZGowd3EwTDV3M2hBZUxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy80YWUxYmQtNTg2NC00M2YwLWI0ZmQt
ODBhNjZjMGZjODg0LzEvVkRhZFBGdDZDZ2k1djU0bXRGNjJsRDBjSXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy80YWUxYmQtNTg2NC00M2YwLWI0ZmQtODBhNjZjMGZjODg0
LzEvbTl1cFVwQ3BoYWFYZGowd3EwTDV3M2hBZUxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVdBMAwQC
uYVcMA0EAgACMAcDBQMqCYPAMA0GCSqGSIb3DQEBCwUAA4IBAQAEMAqZHpjCyLeN
dRPwj9JmZecQAgPX6QP3XuCiBFYs/wsUCL6WcVc1+V3zXS9OnyPBcG36KGk/IX1J
ZacZrTZxgorIKV73+B0YCZHdB4ipRKFYGvANhdiNPZ2TNQZKH3pSAzWfx+agtwYK
j49J0M5nGrHr+IwDKgTtlpnzjeeVkZq6JBQWyCBtfIEvbCkZI0HXfTmDZUcGFjio
Rn/UrFQyb8cF/1ix0jDOv/9NzsPdMLm9a/SKYbf2eoeYgS6be6ubxGUy99kjhhTL
2Jg4cPujwCBb87M9ppZAneeie//uCz+RK+JngqfYWC8NYbFY5WNLwxu2KXgqtkmV
B7UEOINc
-----END CERTIFICATE-----
Generated at Tue Nov 5 19:27:10 2024 by rpki-client on console-ams.rpki-client.org