Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/Pr7Tar94agACCGraEq9C4H41S9k.roa
File: Pr7Tar94agACCGraEq9C4H41S9k.roa (raw, json)
Hash identifier: pe5h47FnRxvOfxYf6SbjMHOm86nlKA0yfyuOuW4MrXs=
Subject key identifier: 3E:BE:D3:6A:BF:78:6A:00:02:08:6A:DA:12:AF:42:E0:7E:35:4B:D9
Certificate issuer: /CN=a036af22669183ba26f23976530e349b34651968
Certificate serial: 019316D5F7B9FD8EA1B902EB484D02B2E2F3
Authority key identifier: A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/Pr7Tar94agACCGraEq9C4H41S9k.roa
Signing time: Sun 10 Nov 2024 16:09:01 +0000
ROA not before: Sun 10 Nov 2024 16:09:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 30910
IP address blocks: 80.64.16.0/22 maxlen: 22
185.39.16.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:16:d5:f7:b9:fd:8e:a1:b9:02:eb:48:4d:02:b2:e2:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a036af22669183ba26f23976530e349b34651968
Validity
Not Before: Nov 10 16:09:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ebed36abf786a0002086ada12af42e07e354bd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ea:2a:a8:1a:b5:8e:40:63:40:85:b5:a3:25:
fe:a5:13:e8:ce:3f:0f:34:39:64:71:83:0a:1d:9f:
9c:c6:e2:be:4e:4d:93:45:87:fd:d4:b4:df:a5:0b:
05:ba:a0:63:1a:54:14:0d:f2:5f:8c:5f:cb:3e:53:
73:22:de:53:3d:a4:f2:dc:4d:ee:90:48:14:cb:0b:
d5:f5:77:c1:91:52:5e:e5:4a:f6:64:93:61:de:bd:
33:08:56:db:ed:aa:26:9f:6e:8d:d3:d5:69:dd:33:
d3:9a:a8:33:7c:dd:aa:20:8a:0c:d9:e6:1f:82:3e:
78:ff:25:98:ca:fd:9a:ec:78:58:7c:6a:f5:51:5f:
9a:a1:d1:d5:f4:05:40:c5:d4:fe:08:35:e1:0a:3a:
ac:13:d0:34:61:13:97:5f:04:5a:3e:16:34:f6:3d:
de:26:10:27:1c:4d:7e:c1:28:2f:51:65:ce:c1:b9:
6e:84:e5:73:5f:5b:84:01:5f:d9:6c:55:4e:6a:3a:
25:d9:ec:b4:3d:33:fc:cf:30:4b:f6:84:6f:bd:d6:
db:2d:02:59:f7:60:66:ff:38:c5:7e:76:b6:af:b6:
c4:53:59:54:b2:c7:5e:11:2f:10:14:65:3d:bf:67:
46:68:bc:35:26:0f:3c:e0:4b:65:d5:60:65:34:24:
ab:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:BE:D3:6A:BF:78:6A:00:02:08:6A:DA:12:AF:42:E0:7E:35:4B:D9
X509v3 Authority Key Identifier:
keyid:A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/Pr7Tar94agACCGraEq9C4H41S9k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oDavImaRg7om8jl2Uw40mzRlGWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.16.0/22
185.39.16.0/23
Signature Algorithm: sha256WithRSAEncryption
82:80:d1:6a:8f:f3:1c:20:21:48:91:d8:6b:e3:57:98:70:48:
f1:56:f6:d9:d6:0a:6c:a6:2c:d1:a1:db:95:a0:c6:4a:ad:48:
4c:5f:d9:a5:7e:c1:66:58:ec:8b:4a:aa:e6:88:1f:3e:2d:83:
a7:9b:4e:42:39:d2:79:8d:ce:24:ae:22:1d:da:83:fc:82:7e:
e3:f2:a2:14:7e:fd:fc:61:6c:ec:39:a9:81:81:f1:2e:af:e8:
10:96:ac:63:3b:a6:5c:5a:2e:ff:79:0e:f4:a1:e5:00:50:23:
54:4d:5a:81:55:bc:6b:a4:ff:d5:08:59:9c:94:2b:6f:b2:17:
ed:c1:a7:e7:d3:7e:d2:13:24:01:3e:35:a8:d2:7e:61:56:dd:
10:57:2c:91:76:e6:48:37:04:dc:76:af:01:e9:1a:0c:5d:9b:
8f:c0:c6:84:6e:2e:2c:91:47:e2:53:65:6e:7c:7b:fc:3d:39:
0f:b0:34:50:d2:a1:38:15:de:a4:4a:49:48:a1:54:e4:3c:4e:
4f:17:02:82:14:27:76:cc:bb:c8:2a:27:3c:66:36:81:13:ae:
e1:15:3d:4c:81:84:0b:df:4c:b9:bd:9c:3d:64:f6:22:9b:86:
07:be:86:46:69:fc:f7:06:88:59:d0:e9:be:81:d2:66:4c:2c:
02:9a:f7:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMW1fe5/Y6huQLrSE0CsuLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMzZhZjIyNjY5MTgzYmEyNmYyMzk3NjUzMGUzNDliMzQ2
NTE5NjgwHhcNMjQxMTEwMTYwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWJlZDM2YWJmNzg2YTAwMDIwODZhZGExMmFmNDJlMDdlMzU0YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOoqqBq1jkBjQIW1oyX+pRPozj8P
NDlkcYMKHZ+cxuK+Tk2TRYf91LTfpQsFuqBjGlQUDfJfjF/LPlNzIt5TPaTy3E3u
kEgUywvV9XfBkVJe5Ur2ZJNh3r0zCFbb7aomn26N09Vp3TPTmqgzfN2qIIoM2eYf
gj54/yWYyv2a7HhYfGr1UV+aodHV9AVAxdT+CDXhCjqsE9A0YROXXwRaPhY09j3e
JhAnHE1+wSgvUWXOwbluhOVzX1uEAV/ZbFVOajol2ey0PTP8zzBL9oRvvdbbLQJZ
92Bm/zjFfna2r7bEU1lUssdeES8QFGU9v2dGaLw1Jg884Etl1WBlNCSrhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6+02q/eGoAAghq2hKvQuB+NUvZMB8GA1UdIwQY
MBaAFKA2ryJmkYO6JvI5dlMONJs0ZRloMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUt
N2M1OTY0OTkwMzk3LzEvUHI3VGFyOTRhZ0FDQ0dyYUVxOUM0SDQxUzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUtN2M1OTY0OTkwMzk3
LzEvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUEAQAwQB
uScQMA0GCSqGSIb3DQEBCwUAA4IBAQCCgNFqj/McICFIkdhr41eYcEjxVvbZ1gps
pizRoduVoMZKrUhMX9mlfsFmWOyLSqrmiB8+LYOnm05COdJ5jc4kriId2oP8gn7j
8qIUfv38YWzsOamBgfEur+gQlqxjO6ZcWi7/eQ70oeUAUCNUTVqBVbxrpP/VCFmc
lCtvshftwafn037SEyQBPjWo0n5hVt0QVyyRduZINwTcdq8B6RoMXZuPwMaEbi4s
kUfiU2VufHv8PTkPsDRQ0qE4Fd6kSklIoVTkPE5PFwKCFCd2zLvIKic8ZjaBE67h
FT1MgYQL30y5vZw9ZPYim4YHvoZGafz3BohZ0Om+gdJmTCwCmves
-----END CERTIFICATE-----
Generated at Wed Nov 20 14:28:25 2024 by rpki-client on console-ams.rpki-client.org