Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/iZCT2Bt0WkdZAoPJjqktlIv5BaY.roa
File: iZCT2Bt0WkdZAoPJjqktlIv5BaY.roa (raw, json)
Hash identifier: 8RiREuoQFfRfxJugdgslEjRJE7B7CgXwIWZVDSCbzRY=
Subject key identifier: 89:90:93:D8:1B:74:5A:47:59:02:83:C9:8E:A9:2D:94:8B:F9:05:A6
Certificate issuer: /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial: 0187869FA337EEBE5438FC23DD5EF144CB33
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/iZCT2Bt0WkdZAoPJjqktlIv5BaY.roa
Signing time: Sat 15 Apr 2023 20:33:41 +0000
ROA not before: Sat 15 Apr 2023 20:33:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203377
IP address blocks: 194.147.216.0/24 maxlen: 24
2a0a:37c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:86:9f:a3:37:ee:be:54:38:fc:23:dd:5e:f1:44:cb:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Validity
Not Before: Apr 15 20:33:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=899093d81b745a47590283c98ea92d948bf905a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:d7:e8:58:8c:47:93:f5:f6:f0:f6:13:e7:e1:
48:71:03:da:70:f0:15:5a:93:e3:46:50:61:af:a4:
5b:d6:2c:d4:c3:4b:6a:42:6e:c5:37:1f:41:12:49:
fc:1d:34:0a:63:7e:d4:03:fb:c3:4f:13:e7:a5:90:
ff:b5:85:c8:eb:a1:79:60:e0:ac:59:67:ed:fa:1b:
0c:eb:60:a7:df:9b:06:0e:d9:70:a2:47:32:cb:f7:
4e:6b:c2:20:e8:29:ef:3f:82:e2:32:5f:40:02:71:
81:4f:04:ca:d6:99:70:82:86:8b:4e:ca:fd:8e:0f:
16:72:c2:89:0c:34:ee:08:f0:b0:0e:a5:5b:fe:fc:
99:9b:a8:0f:c5:e4:e0:4c:19:42:68:8c:a0:a1:ae:
99:5a:e0:8b:91:30:e8:f9:2c:98:14:e0:2e:e7:6e:
1f:d3:07:59:a2:0a:92:40:b4:ca:11:3e:e6:a0:36:
29:6e:7d:4e:78:a7:b6:3d:db:07:62:3f:b6:eb:d3:
46:5e:48:01:de:7f:51:cc:64:f5:f1:13:9f:5f:72:
12:6b:f4:03:19:d0:ca:47:3f:d2:7e:40:e9:40:d8:
f9:3e:c0:b1:4f:b9:03:92:fb:98:f9:98:33:4d:33:
dd:e5:cf:de:4f:a8:5e:91:e5:45:d5:1c:ae:70:09:
2d:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:90:93:D8:1B:74:5A:47:59:02:83:C9:8E:A9:2D:94:8B:F9:05:A6
X509v3 Authority Key Identifier:
keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/iZCT2Bt0WkdZAoPJjqktlIv5BaY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.147.216.0/24
IPv6:
2a0a:37c0::/48
Signature Algorithm: sha256WithRSAEncryption
33:b1:e4:eb:2b:3a:78:59:8a:56:89:01:0a:44:53:d5:01:61:
94:b3:60:b4:9c:ae:02:2c:23:7a:d3:29:98:0e:6f:43:a2:f2:
d8:82:b4:27:5d:aa:eb:6d:78:8f:c7:6c:35:97:cb:39:32:c3:
d7:d4:17:94:dc:85:76:24:fe:19:7b:76:65:0d:cb:1c:d5:b6:
d8:1c:e8:0f:37:f3:c7:a2:72:76:18:89:f8:f7:8e:19:bf:fb:
3c:ac:15:57:e3:cf:db:df:3b:b8:f8:93:84:3d:01:0a:3f:e7:
c0:4c:c2:46:c3:c6:6a:ab:79:0b:81:50:72:58:e4:a0:18:f8:
93:6e:97:96:d4:98:4e:46:73:15:8e:ec:cb:6c:34:f8:fc:dc:
52:dc:9b:1d:37:7a:dc:f8:1a:4f:13:bf:f2:24:83:29:fb:b4:
5e:3e:1f:ef:f0:aa:7e:f9:27:4b:5e:a2:db:5d:6b:a9:9c:bb:
4d:90:73:da:3b:c6:05:f0:fd:29:69:6e:ef:ee:7a:ab:e8:b1:
3b:9f:0e:1a:a8:02:fd:33:7d:48:f4:a0:c1:78:49:68:8b:7c:
fb:8a:26:d3:e2:aa:23:67:89:0d:17:93:5c:6b:12:7e:b7:c4:
d6:f1:99:88:f4:4c:3e:8d:f6:0f:ef:4a:cb:e3:16:0d:23:d2:
70:19:12:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeGn6M37r5UOPwj3V7xRMszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjMwNDE1MjAzMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkwOTNkODFiNzQ1YTQ3NTkwMjgzYzk4ZWE5MmQ5NDhiZjkwNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9foWIxHk/X28PYT5+FIcQPacPAV
WpPjRlBhr6Rb1izUw0tqQm7FNx9BEkn8HTQKY37UA/vDTxPnpZD/tYXI66F5YOCs
WWft+hsM62Cn35sGDtlwokcyy/dOa8Ig6CnvP4LiMl9AAnGBTwTK1plwgoaLTsr9
jg8WcsKJDDTuCPCwDqVb/vyZm6gPxeTgTBlCaIygoa6ZWuCLkTDo+SyYFOAu524f
0wdZogqSQLTKET7moDYpbn1OeKe2PdsHYj+269NGXkgB3n9RzGT18ROfX3ISa/QD
GdDKRz/SfkDpQNj5PsCxT7kDkvuY+ZgzTTPd5c/eT6hekeVF1RyucAkt7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFImQk9gbdFpHWQKDyY6pLZSL+QWmMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvaVpDVDJCdDBXa2RaQW9QSmpxa3RsSXY1QmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpPYMA8E
AgACMAkDBwAqCjfAAAAwDQYJKoZIhvcNAQELBQADggEBADOx5OsrOnhZilaJAQpE
U9UBYZSzYLScrgIsI3rTKZgOb0Oi8tiCtCddqutteI/HbDWXyzkyw9fUF5TchXYk
/hl7dmUNyxzVttgc6A8388eicnYYifj3jhm/+zysFVfjz9vfO7j4k4Q9AQo/58BM
wkbDxmqreQuBUHJY5KAY+JNul5bUmE5GcxWO7MtsNPj83FLcmx03etz4Gk8Tv/Ik
gyn7tF4+H+/wqn75J0teottda6mcu02Qc9o7xgXw/Slpbu/ueqvosTufDhqoAv0z
fUj0oMF4SWiLfPuKJtPiqiNniQ0Xk1xrEn63xNbxmYj0TD6N9g/vSsvjFg0j0nAZ
Eg8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:19 2024 by rpki-client on console-fra.rpki-client.org