Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/P-kYFnw5rBLG7XmPQABRXjO9yYk.roa
File: P-kYFnw5rBLG7XmPQABRXjO9yYk.roa (raw, json)
Hash identifier: dy/DoEVUn7YekSTPlpMqHtAa8+WMj5zIa+qhC9BI1jE=
Subject key identifier: 3F:E9:18:16:7C:39:AC:12:C6:ED:79:8F:40:00:51:5E:33:BD:C9:89
Certificate issuer: /CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Certificate serial: 0189DECD10831DE5982B838E72F0ABAD0F7E
Authority key identifier: BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/P-kYFnw5rBLG7XmPQABRXjO9yYk.roa
Signing time: Thu 10 Aug 2023 09:35:28 +0000
ROA not before: Thu 10 Aug 2023 09:35:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29385
IP address blocks: 213.206.32.0/19 maxlen: 19
185.4.160.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:de:cd:10:83:1d:e5:98:2b:83:8e:72:f0:ab:ad:0f:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Validity
Not Before: Aug 10 09:35:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fe918167c39ac12c6ed798f4000515e33bdc989
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b1:a7:04:94:c1:66:a2:41:26:d1:0d:8c:fb:
b9:06:57:e5:ee:70:bf:ec:e7:08:0f:7d:c0:38:6b:
5a:86:86:55:3f:e0:d5:2b:a1:7a:42:11:1b:9a:f2:
70:77:c1:64:56:15:28:6a:44:81:cd:12:ff:9b:c6:
1d:a9:ff:63:12:94:c7:61:e4:3a:a2:cc:35:b1:59:
15:5b:26:29:82:de:ee:f0:6d:6d:28:29:be:4e:67:
b7:80:26:96:71:f3:b4:10:29:84:4f:8c:26:d3:21:
cf:47:79:31:6a:e3:c3:c2:64:00:72:7c:99:5a:3f:
ed:bc:a4:33:fe:f8:82:57:03:d0:6d:93:9e:4b:22:
0a:b4:16:15:7c:7e:df:1e:77:3c:a8:8b:bf:5b:85:
11:11:1b:20:bd:14:47:5d:98:63:c0:bd:92:e6:58:
2d:36:2b:a4:92:a7:36:a4:ba:8b:12:52:1c:19:63:
21:8c:a1:c1:bb:2c:66:62:20:af:8d:68:4b:69:df:
98:c4:a4:62:6c:27:43:4f:59:7a:a0:90:60:5c:62:
c6:f3:e0:c0:4d:b9:36:f8:44:b5:41:8a:cb:cb:39:
36:25:39:37:b2:12:8c:e5:cf:75:e7:0e:23:41:39:
ba:19:17:69:50:ac:4b:70:6c:d4:01:75:e0:c3:d3:
90:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:E9:18:16:7C:39:AC:12:C6:ED:79:8F:40:00:51:5E:33:BD:C9:89
X509v3 Authority Key Identifier:
keyid:BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/P-kYFnw5rBLG7XmPQABRXjO9yYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/urRT2Xui9KBFhD5rSpU7PlEG6vI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.4.160.0/22
213.206.32.0/19
Signature Algorithm: sha256WithRSAEncryption
7e:8c:d0:eb:83:ea:73:1a:ff:1a:20:0f:32:74:cf:86:50:23:
2c:1c:26:c7:25:37:73:ac:c3:e8:5b:e7:20:c3:bd:d2:34:04:
f1:d5:fb:38:bd:29:9b:26:b9:dd:0f:49:81:08:21:5c:8b:28:
d3:dd:8e:82:66:62:f4:28:6b:bf:67:f2:b6:26:44:8d:54:fa:
e4:04:25:a5:59:15:15:6d:52:70:07:ba:c8:49:fc:95:95:6e:
9d:ed:7e:8f:30:11:44:7e:15:0f:6d:6e:ee:a4:0b:94:6a:db:
d9:2d:21:e3:39:6b:44:66:08:c8:63:b5:9a:30:fe:dc:8c:f2:
6e:b6:43:65:8f:ea:e0:16:f7:d6:b7:ce:f9:45:9e:90:e8:9c:
71:7c:71:69:a3:99:22:ad:aa:8a:7f:1a:df:dc:9b:d3:4c:b3:
dc:55:15:53:2a:3f:3a:d4:e5:6e:e4:d4:e5:06:97:5f:b3:ff:
53:7d:b0:7d:7a:e8:79:82:a2:aa:77:7e:6e:0b:c9:1e:a3:cb:
f1:8e:98:e1:59:bd:ad:df:e7:75:8b:4a:2d:67:f1:14:7c:32:
0e:92:eb:27:c9:a9:71:a5:e6:e1:7d:09:ad:40:5e:49:a1:a5:
80:14:98:5a:fe:2d:06:71:97:77:5c:16:d9:61:be:38:ba:89:
9a:a7:90:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYnezRCDHeWYK4OOcvCrrQ9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjQ1M2Q5N2JhMmY0YTA0NTg0M2U2YjRhOTUzYjNlNTEw
NmVhZjIwHhcNMjMwODEwMDkzNTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmU5MTgxNjdjMzlhYzEyYzZlZDc5OGY0MDAwNTE1ZTMzYmRjOTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbGnBJTBZqJBJtENjPu5Blfl7nC/
7OcID33AOGtahoZVP+DVK6F6QhEbmvJwd8FkVhUoakSBzRL/m8Ydqf9jEpTHYeQ6
osw1sVkVWyYpgt7u8G1tKCm+Tme3gCaWcfO0ECmET4wm0yHPR3kxauPDwmQAcnyZ
Wj/tvKQz/viCVwPQbZOeSyIKtBYVfH7fHnc8qIu/W4URERsgvRRHXZhjwL2S5lgt
Niukkqc2pLqLElIcGWMhjKHBuyxmYiCvjWhLad+YxKRibCdDT1l6oJBgXGLG8+DA
Tbk2+ES1QYrLyzk2JTk3shKM5c915w4jQTm6GRdpUKxLcGzUAXXgw9OQ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD/pGBZ8OawSxu15j0AAUV4zvcmJMB8GA1UdIwQY
MBaAFLq0U9l7ovSgRYQ+a0qVOz5RBuryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUt
NGE2ZjU1NzcxYmQxLzEvUC1rWUZudzVyQkxHN1htUFFBQlJYak85eVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUtNGE2ZjU1NzcxYmQx
LzEvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQSgAwQF
1c4gMA0GCSqGSIb3DQEBCwUAA4IBAQB+jNDrg+pzGv8aIA8ydM+GUCMsHCbHJTdz
rMPoW+cgw73SNATx1fs4vSmbJrndD0mBCCFciyjT3Y6CZmL0KGu/Z/K2JkSNVPrk
BCWlWRUVbVJwB7rISfyVlW6d7X6PMBFEfhUPbW7upAuUatvZLSHjOWtEZgjIY7Wa
MP7cjPJutkNlj+rgFvfWt875RZ6Q6JxxfHFpo5kiraqKfxrf3JvTTLPcVRVTKj86
1OVu5NTlBpdfs/9TfbB9euh5gqKqd35uC8keo8vxjpjhWb2t3+d1i0otZ/EUfDIO
kusnyalxpebhfQmtQF5JoaWAFJha/i0GcZd3XBbZYb44uomap5Co
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:29:50 2025 by rpki-client