Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/xxJpvTM7VRCwjW3eTJ88e5EWwB4.roa
File: xxJpvTM7VRCwjW3eTJ88e5EWwB4.roa (raw, json)
Hash identifier: mXRh8pIhwR6Rkf3tZVAHmqhpBgtt1F991+IIX/8sZMY=
Subject key identifier: C7:12:69:BD:33:3B:55:10:B0:8D:6D:DE:4C:9F:3C:7B:91:16:C0:1E
Certificate issuer: /CN=3848885c9702eac1f3d01263e6d3e54449ee2154
Certificate serial: 0185724C55D454AB05538FDD03416AC99A64
Authority key identifier: 38:48:88:5C:97:02:EA:C1:F3:D0:12:63:E6:D3:E5:44:49:EE:21:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OEiIXJcC6sHz0BJj5tPlREnuIVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/xxJpvTM7VRCwjW3eTJ88e5EWwB4.roa
Signing time: Mon 02 Jan 2023 11:44:43 +0000
ROA not before: Mon 02 Jan 2023 11:44:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210767
IP address blocks: 5.183.151.0/24 maxlen: 24
188.64.139.0/24 maxlen: 24
2a11:fc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:4c:55:d4:54:ab:05:53:8f:dd:03:41:6a:c9:9a:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3848885c9702eac1f3d01263e6d3e54449ee2154
Validity
Not Before: Jan 2 11:44:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c71269bd333b5510b08d6dde4c9f3c7b9116c01e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c0:0f:52:07:e1:23:5a:6d:ed:a0:2e:8c:dc:
46:30:f1:31:7e:b0:41:17:47:51:3b:33:46:f1:a9:
e9:d7:93:16:1e:d4:5d:36:2f:70:d2:99:ef:78:e1:
11:29:ad:43:bf:4f:c1:8e:b0:a4:62:c9:fd:ef:bb:
67:17:cb:b8:0b:e2:36:48:cc:33:fb:fc:cf:bd:d4:
65:a1:b1:69:b0:ca:e7:22:8e:9f:69:3b:ff:af:3a:
48:53:d1:42:7a:b9:1c:76:26:b4:c3:f4:1f:77:82:
9b:a4:ac:0e:d2:45:a6:84:92:43:1d:27:e6:53:c9:
b0:b1:7a:9c:a2:1d:d7:ed:a2:5b:8e:b3:56:30:0c:
48:00:9b:ed:a4:aa:1d:4d:4d:04:77:0d:e4:59:4c:
e0:09:91:3d:18:07:ae:de:ee:f6:2f:76:6a:ec:2e:
1c:49:08:f7:dc:52:a8:1e:0f:f2:3e:ae:02:8d:0f:
66:2f:56:33:51:76:bb:93:82:4f:3c:26:d2:dd:8a:
60:a5:17:4e:27:39:ff:e6:ca:7c:63:cd:4b:16:91:
db:78:94:b2:a5:df:56:2f:30:59:80:b1:d1:a9:91:
8f:4e:17:3b:29:46:9c:e4:7f:42:31:da:34:ef:e8:
78:73:c3:7c:b1:77:76:fb:1e:71:3b:e2:76:6e:c9:
b7:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:12:69:BD:33:3B:55:10:B0:8D:6D:DE:4C:9F:3C:7B:91:16:C0:1E
X509v3 Authority Key Identifier:
keyid:38:48:88:5C:97:02:EA:C1:F3:D0:12:63:E6:D3:E5:44:49:EE:21:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEiIXJcC6sHz0BJj5tPlREnuIVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/xxJpvTM7VRCwjW3eTJ88e5EWwB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/OEiIXJcC6sHz0BJj5tPlREnuIVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.183.151.0/24
188.64.139.0/24
IPv6:
2a11:fc0::/29
Signature Algorithm: sha256WithRSAEncryption
8a:8c:4b:8e:97:46:60:0b:c9:69:70:62:ae:eb:04:68:08:8d:
2e:21:c1:5e:d5:ed:04:b4:06:66:2f:8f:39:6f:6c:df:51:ad:
33:7d:d7:d6:bc:97:2f:a9:f8:9f:17:c9:44:93:03:2b:6b:a4:
6b:64:24:44:4d:62:64:da:b4:98:c6:36:be:77:c2:5a:e1:a9:
01:eb:59:ae:75:09:44:ac:9d:1b:90:68:dd:7b:50:62:b1:3f:
d5:4f:b7:d6:44:b7:2a:7f:ee:91:c4:34:56:01:0b:b2:ae:7d:
2b:48:73:0f:8e:24:03:ae:19:8a:10:ff:8a:3c:cf:70:cb:5f:
fd:35:5e:80:13:96:dd:32:36:df:a8:8d:29:d8:04:1e:b6:1b:
df:b9:51:3c:bb:90:75:63:92:3a:2a:bf:ff:7b:46:a7:6d:3b:
ac:d7:34:68:34:aa:e8:8a:68:bc:63:91:fe:e8:3c:31:fa:4e:
87:de:2d:0c:ba:65:ed:40:20:7d:87:13:01:81:75:70:cc:d2:
c2:36:9d:f8:c8:e2:40:57:93:35:bc:22:4c:f4:17:c6:4c:f3:
08:dc:eb:28:07:c0:e3:c3:a3:d6:38:f4:b4:d2:15:c6:c9:95:
61:bd:77:c9:74:86:1f:5d:ba:f8:f7:13:aa:cc:69:98:16:56:
2a:b7:89:9f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVyTFXUVKsFU4/dA0FqyZpkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDg4ODVjOTcwMmVhYzFmM2QwMTI2M2U2ZDNlNTQ0NDll
ZTIxNTQwHhcNMjMwMTAyMTE0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzEyNjliZDMzM2I1NTEwYjA4ZDZkZGU0YzlmM2M3YjkxMTZjMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMAPUgfhI1pt7aAujNxGMPExfrBB
F0dROzNG8anp15MWHtRdNi9w0pnveOERKa1Dv0/BjrCkYsn977tnF8u4C+I2SMwz
+/zPvdRlobFpsMrnIo6faTv/rzpIU9FCerkcdia0w/Qfd4KbpKwO0kWmhJJDHSfm
U8mwsXqcoh3X7aJbjrNWMAxIAJvtpKodTU0Edw3kWUzgCZE9GAeu3u72L3Zq7C4c
SQj33FKoHg/yPq4CjQ9mL1YzUXa7k4JPPCbS3YpgpRdOJzn/5sp8Y81LFpHbeJSy
pd9WLzBZgLHRqZGPThc7KUac5H9CMdo07+h4c8N8sXd2+x5xO+J2bsm3+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMcSab0zO1UQsI1t3kyfPHuRFsAeMB8GA1UdIwQY
MBaAFDhIiFyXAurB89ASY+bT5URJ7iFUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VpSVhKY0M2c0h6MEJKajV0UGxSRW51SVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zN2JkYjctOWI5My00NmFiLTlhMTUt
NDJhNDhkYmMyNTIxLzEveHhKcHZUTTdWUkN3alczZVRKODhlNUVXd0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zN2JkYjctOWI5My00NmFiLTlhMTUtNDJhNDhkYmMyNTIx
LzEvT0VpSVhKY0M2c0h6MEJKajV0UGxSRW51SVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABbeXAwQA
vECLMA0EAgACMAcDBQMqEQ/AMA0GCSqGSIb3DQEBCwUAA4IBAQCKjEuOl0ZgC8lp
cGKu6wRoCI0uIcFe1e0EtAZmL485b2zfUa0zfdfWvJcvqfifF8lEkwMra6RrZCRE
TWJk2rSYxja+d8Ja4akB61mudQlErJ0bkGjde1BisT/VT7fWRLcqf+6RxDRWAQuy
rn0rSHMPjiQDrhmKEP+KPM9wy1/9NV6AE5bdMjbfqI0p2AQethvfuVE8u5B1Y5I6
Kr//e0anbTus1zRoNKroimi8Y5H+6Dwx+k6H3i0MumXtQCB9hxMBgXVwzNLCNp34
yOJAV5M1vCJM9BfGTPMI3OsoB8Djw6PWOPS00hXGyZVhvXfJdIYfXbr49xOqzGmY
FlYqt4mf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:45 2024 by rpki-client on console-fra.rpki-client.org