Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/uZQdeReaQ2S50aCVRarmnrpf3D0.roa
File: uZQdeReaQ2S50aCVRarmnrpf3D0.roa (raw, json)
Hash identifier: NZ3FnYJucvBkk2OkqF8BwkpofKJfrrpkkm9/f7YqZtQ=
Subject key identifier: B9:94:1D:79:17:9A:43:64:B9:D1:A0:95:45:AA:E6:9E:BA:5F:DC:3D
Certificate issuer: /CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Certificate serial: 018C6A1194E37E705F62746EB2AA4E52047B
Authority key identifier: 6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/uZQdeReaQ2S50aCVRarmnrpf3D0.roa
Signing time: Thu 14 Dec 2023 20:43:06 +0000
ROA not before: Thu 14 Dec 2023 20:43:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43129
IP address blocks: 185.190.249.0/24 maxlen: 24
185.190.248.0/24 maxlen: 24
2a0a:11c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6a:11:94:e3:7e:70:5f:62:74:6e:b2:aa:4e:52:04:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Validity
Not Before: Dec 14 20:43:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b9941d79179a4364b9d1a09545aae69eba5fdc3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:e4:af:66:e5:9c:dd:16:bc:d6:30:3f:95:8f:
53:17:cf:c6:a9:07:43:8e:a9:bb:dd:58:42:42:80:
60:77:b7:55:88:c9:40:5e:6a:50:fc:30:f2:a0:3c:
74:8f:c7:37:93:7d:83:ae:ad:94:7d:2e:61:2a:fa:
bf:8f:43:8e:86:f4:65:57:82:4a:34:13:00:1c:e1:
c1:c8:a3:92:0f:16:33:59:80:09:f5:8e:44:0c:bf:
0e:06:90:2c:22:1d:78:02:fd:ad:b4:68:fb:ff:f6:
a7:f5:fb:2d:36:2e:70:02:fb:3d:a6:43:74:2d:35:
75:92:85:57:59:fd:f9:39:67:85:ad:d2:02:af:19:
1f:ed:87:73:48:0f:e0:8d:49:53:38:2b:8a:7f:67:
83:95:77:06:98:78:6e:8a:a7:35:25:a9:ac:eb:b5:
ad:77:c5:25:e4:19:18:38:9a:03:c1:93:52:be:01:
6a:49:9f:46:48:0a:e5:98:b4:ae:d5:de:2b:c1:c7:
50:ab:73:71:e0:60:ba:d3:4e:76:96:c9:c0:45:0d:
81:98:1b:04:5a:46:ec:53:e9:23:42:83:11:13:27:
7f:a0:67:2d:75:37:75:40:07:36:67:72:7c:45:14:
dc:a0:9d:75:15:c4:81:d8:8d:30:0a:55:70:44:bd:
d3:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:94:1D:79:17:9A:43:64:B9:D1:A0:95:45:AA:E6:9E:BA:5F:DC:3D
X509v3 Authority Key Identifier:
keyid:6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/uZQdeReaQ2S50aCVRarmnrpf3D0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.248.0/23
IPv6:
2a0a:11c0::/29
Signature Algorithm: sha256WithRSAEncryption
25:f9:ed:6f:22:c8:1d:6d:01:44:06:a5:11:a1:3a:80:aa:f9:
fd:42:30:25:98:f7:34:0b:ea:16:2c:66:cc:04:f4:83:6b:3d:
33:47:38:20:60:fe:57:3e:63:a9:06:bd:51:b4:74:d4:df:21:
a1:28:5e:9c:8c:c3:4d:ae:67:59:55:ce:b5:be:8a:d7:b8:55:
52:c1:8b:f8:f4:d5:a4:7d:35:78:fb:ad:3a:36:90:47:5c:c7:
43:eb:3d:7c:67:c1:46:6b:30:c8:99:e4:82:43:3a:15:5f:1c:
d7:4c:85:06:6f:4a:71:c2:60:26:d2:7b:6e:ae:d8:f3:9c:94:
92:50:34:fc:2b:05:1a:3f:7b:b2:37:77:73:f8:d5:ce:b9:94:
69:07:46:ab:31:25:0a:57:e8:ef:12:b8:03:7b:b3:49:39:4a:
75:5c:c5:61:44:4b:54:ce:08:7c:04:06:a3:e8:72:8b:05:23:
29:ac:aa:fe:d7:39:bd:bf:82:e9:43:3f:82:17:4e:c2:a6:c6:
f7:c9:91:94:3c:1f:5d:12:04:64:16:92:5b:4a:4a:e0:0a:f5:
7a:39:6f:fe:75:46:dd:63:7b:70:7e:26:54:6f:f5:d5:8b:37:
8e:40:62:25:74:48:60:bd:e8:af:61:cc:b6:99:eb:d4:b8:22:
b3:f2:81:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYxqEZTjfnBfYnRusqpOUgR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjUwYWYxNzI0NDRiNTIxMTZhN2E2N2Q3NGFhYzdkZjhh
NTVlMWMwHhcNMjMxMjE0MjA0MzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk0MWQ3OTE3OWE0MzY0YjlkMWEwOTU0NWFhZTY5ZWJhNWZkYzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeSvZuWc3Ra81jA/lY9TF8/GqQdD
jqm73VhCQoBgd7dViMlAXmpQ/DDyoDx0j8c3k32Drq2UfS5hKvq/j0OOhvRlV4JK
NBMAHOHByKOSDxYzWYAJ9Y5EDL8OBpAsIh14Av2ttGj7//an9fstNi5wAvs9pkN0
LTV1koVXWf35OWeFrdICrxkf7YdzSA/gjUlTOCuKf2eDlXcGmHhuiqc1Jams67Wt
d8Ul5BkYOJoDwZNSvgFqSZ9GSArlmLSu1d4rwcdQq3Nx4GC60052lsnARQ2BmBsE
WkbsU+kjQoMREyd/oGctdTd1QAc2Z3J8RRTcoJ11FcSB2I0wClVwRL3TkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLmUHXkXmkNkudGglUWq5p66X9w9MB8GA1UdIwQY
MBaAFG1lCvFyREtSEWp6Z9dKrH34pV4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQt
YjRhMGNiOGVkODIxLzEvdVpRZGVSZWFRMlM1MGFDVlJhcm1ucnBmM0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQtYjRhMGNiOGVkODIx
LzEvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBub74MA0E
AgACMAcDBQMqChHAMA0GCSqGSIb3DQEBCwUAA4IBAQAl+e1vIsgdbQFEBqURoTqA
qvn9QjAlmPc0C+oWLGbMBPSDaz0zRzggYP5XPmOpBr1RtHTU3yGhKF6cjMNNrmdZ
Vc61vorXuFVSwYv49NWkfTV4+606NpBHXMdD6z18Z8FGazDImeSCQzoVXxzXTIUG
b0pxwmAm0nturtjznJSSUDT8KwUaP3uyN3dz+NXOuZRpB0arMSUKV+jvErgDe7NJ
OUp1XMVhREtUzgh8BAaj6HKLBSMprKr+1zm9v4LpQz+CF07Cpsb3yZGUPB9dEgRk
FpJbSkrgCvV6OW/+dUbdY3twfiZUb/XVizeOQGIldEhgveivYcy2mevUuCKz8oFy
-----END CERTIFICATE-----
Generated at Thu Dec 21 09:04:58 2023 by rpki-client on console-fra.rpki-client.org