Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d46e2b-de4d-4b6f-8dd7-69629c501943/1/m_rNQgSpa4DLy1E3Hdpcy3JUjV4.roa
File: m_rNQgSpa4DLy1E3Hdpcy3JUjV4.roa (raw, json)
Hash identifier: kNNHuh+5SDXNTYzJHkcWi55HzzlLjR9fF1bd+DzL7Ak=
Subject key identifier: 9B:FA:CD:42:04:A9:6B:80:CB:CB:51:37:1D:DA:5C:CB:72:54:8D:5E
Certificate issuer: /CN=d0e31a149c2e6ae9acc729cf7ac1706de3de739b
Certificate serial: 01857246B355744D64B489720FE38DF60BB5
Authority key identifier: D0:E3:1A:14:9C:2E:6A:E9:AC:C7:29:CF:7A:C1:70:6D:E3:DE:73:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0OMaFJwuaumsxynPesFwbePec5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/d46e2b-de4d-4b6f-8dd7-69629c501943/1/m_rNQgSpa4DLy1E3Hdpcy3JUjV4.roa
Signing time: Mon 02 Jan 2023 11:38:34 +0000
ROA not before: Mon 02 Jan 2023 11:38:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207330
IP address blocks: 185.49.27.0/24 maxlen: 24
2a12:a3c6::/31 maxlen: 31
2a12:a3c2::/31 maxlen: 31
2a12:a3c0::/31 maxlen: 31
2a12:a3c4::/31 maxlen: 31
2a12:a3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:b3:55:74:4d:64:b4:89:72:0f:e3:8d:f6:0b:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0e31a149c2e6ae9acc729cf7ac1706de3de739b
Validity
Not Before: Jan 2 11:38:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9bfacd4204a96b80cbcb51371dda5ccb72548d5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:a0:35:0a:c4:c9:70:37:3b:81:6a:83:26:58:
d2:fb:cd:6a:39:15:96:e6:cb:0c:7b:41:c5:e8:4d:
b1:19:31:d3:f6:9f:c5:7f:8b:f3:3c:c7:60:1b:e3:
79:2d:3e:4e:f0:7b:c9:86:e8:bb:dd:d8:86:93:71:
b1:f5:50:0a:0b:b1:0c:15:44:52:2e:94:eb:e7:96:
d7:24:e2:fd:93:32:16:eb:12:23:c2:dd:0f:3b:c4:
72:0d:03:ce:bb:85:30:83:c3:11:af:e3:72:5d:cd:
7f:24:c1:3d:e5:6d:c2:8a:c4:2b:6f:8e:82:c0:85:
6b:f4:da:3b:87:8c:64:e4:16:4d:ae:52:92:7c:a4:
a1:e6:ed:00:88:26:16:32:a3:ce:4e:a4:86:39:8d:
f4:fe:76:ed:df:4a:25:dd:cc:b7:82:e7:8b:2b:ef:
89:24:7b:4b:9c:22:01:10:3c:d3:aa:57:31:89:64:
9f:6b:9d:20:88:76:ce:4e:9c:03:9d:d3:fb:f0:ae:
a9:7d:25:dd:60:82:d9:01:37:69:9b:28:f9:26:a3:
c7:ce:b8:27:bb:c0:e9:5e:78:b4:a8:5b:4f:d1:35:
f5:b5:0b:18:73:c4:eb:e1:8c:b1:36:9e:fe:56:25:
73:d0:9d:84:2f:52:d6:5e:10:5c:ef:cb:7d:0f:48:
89:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:FA:CD:42:04:A9:6B:80:CB:CB:51:37:1D:DA:5C:CB:72:54:8D:5E
X509v3 Authority Key Identifier:
keyid:D0:E3:1A:14:9C:2E:6A:E9:AC:C7:29:CF:7A:C1:70:6D:E3:DE:73:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0OMaFJwuaumsxynPesFwbePec5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d46e2b-de4d-4b6f-8dd7-69629c501943/1/m_rNQgSpa4DLy1E3Hdpcy3JUjV4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d46e2b-de4d-4b6f-8dd7-69629c501943/1/0OMaFJwuaumsxynPesFwbePec5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.49.27.0/24
IPv6:
2a12:a3c0::/29
Signature Algorithm: sha256WithRSAEncryption
5f:00:65:04:66:fb:85:ad:50:be:fc:c2:66:ff:cb:01:b2:d0:
83:df:b3:28:b8:e1:54:2f:1e:c4:98:cb:ae:22:6e:71:ad:42:
81:3b:fe:2b:af:a3:c7:53:a3:08:ca:1b:54:c2:da:38:6e:70:
60:49:b0:46:50:52:5c:18:1b:a6:f4:80:5d:b1:0b:2c:5f:7b:
12:44:ce:95:51:f7:35:fe:11:3b:0c:7c:e0:01:4b:3f:b8:c9:
54:c2:a1:09:d4:6a:4c:3a:f2:02:9f:b0:99:4b:80:da:7b:fd:
a4:62:14:eb:3e:e5:be:c0:5b:40:4b:35:05:90:e7:fe:95:ea:
2d:f6:62:62:26:7e:6a:c7:d2:47:91:14:c9:82:2c:12:5a:34:
cd:d0:1e:08:65:3c:de:01:de:4a:e5:74:0d:d4:8f:38:45:cc:
38:30:1f:1c:0c:73:1c:e4:fb:81:0b:93:5c:8a:16:49:8f:b1:
53:9f:82:38:0d:f1:47:aa:b7:47:af:4d:59:4e:a0:88:50:20:
1c:78:9f:92:9f:3d:e6:ec:53:77:6d:c7:2b:7f:27:a0:ec:d9:
de:eb:e9:fa:fe:c5:30:8f:cb:a2:f5:64:d6:1f:c5:83:21:2a:
de:a7:f9:ee:75:77:06:84:5d:e0:e9:4e:a4:3e:9c:01:be:92:
df:d2:26:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyRrNVdE1ktIlyD+ON9gu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZTMxYTE0OWMyZTZhZTlhY2M3MjljZjdhYzE3MDZkZTNk
ZTczOWIwHhcNMjMwMTAyMTEzODM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZhY2Q0MjA0YTk2YjgwY2JjYjUxMzcxZGRhNWNjYjcyNTQ4ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6A1CsTJcDc7gWqDJljS+81qORWW
5ssMe0HF6E2xGTHT9p/Ff4vzPMdgG+N5LT5O8HvJhui73diGk3Gx9VAKC7EMFURS
LpTr55bXJOL9kzIW6xIjwt0PO8RyDQPOu4Uwg8MRr+NyXc1/JME95W3CisQrb46C
wIVr9No7h4xk5BZNrlKSfKSh5u0AiCYWMqPOTqSGOY30/nbt30ol3cy3gueLK++J
JHtLnCIBEDzTqlcxiWSfa50giHbOTpwDndP78K6pfSXdYILZATdpmyj5JqPHzrgn
u8DpXni0qFtP0TX1tQsYc8Tr4YyxNp7+ViVz0J2EL1LWXhBc78t9D0iJRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJv6zUIEqWuAy8tRNx3aXMtyVI1eMB8GA1UdIwQY
MBaAFNDjGhScLmrprMcpz3rBcG3j3nObMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME9NYUZKd3VhdW1zeHluUGVzRndiZVBlYzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kNDZlMmItZGU0ZC00YjZmLThkZDct
Njk2MjljNTAxOTQzLzEvbV9yTlFnU3BhNERMeTFFM0hkcGN5M0pValY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kNDZlMmItZGU0ZC00YjZmLThkZDctNjk2MjljNTAxOTQz
LzEvME9NYUZKd3VhdW1zeHluUGVzRndiZVBlYzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTEbMA0E
AgACMAcDBQMqEqPAMA0GCSqGSIb3DQEBCwUAA4IBAQBfAGUEZvuFrVC+/MJm/8sB
stCD37MouOFULx7EmMuuIm5xrUKBO/4rr6PHU6MIyhtUwto4bnBgSbBGUFJcGBum
9IBdsQssX3sSRM6VUfc1/hE7DHzgAUs/uMlUwqEJ1GpMOvICn7CZS4Dae/2kYhTr
PuW+wFtASzUFkOf+leot9mJiJn5qx9JHkRTJgiwSWjTN0B4IZTzeAd5K5XQN1I84
Rcw4MB8cDHMc5PuBC5NcihZJj7FTn4I4DfFHqrdHr01ZTqCIUCAceJ+Snz3m7FN3
bccrfyeg7Nne6+n6/sUwj8ui9WTWH8WDISrep/nudXcGhF3g6U6kPpwBvpLf0ibJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:46 2024 by rpki-client on console-ams.rpki-client.org