Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/apZHTkz_fSxY_Rp7bg2A0xtDyyw.roa
File: apZHTkz_fSxY_Rp7bg2A0xtDyyw.roa (raw, json)
Hash identifier: w7Yu4pVJGyDOY8F3NyTIOuSr4ib0/xw2BrqEHsh+ldk=
Subject key identifier: 6A:96:47:4E:4C:FF:7D:2C:58:FD:1A:7B:6E:0D:80:D3:1B:43:CB:2C
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 018B60583717B1BA6D73060326FC9698400C
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/apZHTkz_fSxY_Rp7bg2A0xtDyyw.roa
Signing time: Tue 24 Oct 2023 06:21:15 +0000
ROA not before: Tue 24 Oct 2023 06:21:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48918
IP address blocks: 80.66.96.0/20 maxlen: 20
195.20.20.0/22 maxlen: 24
185.198.200.0/22 maxlen: 24
2a02:340::/32 maxlen: 32
2a0a:8ec0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:60:58:37:17:b1:ba:6d:73:06:03:26:fc:96:98:40:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Oct 24 06:21:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6a96474e4cff7d2c58fd1a7b6e0d80d31b43cb2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:21:ca:9c:09:43:f2:7c:88:b1:c8:d9:9c:1a:
59:c5:56:04:c6:99:e9:7f:8c:bb:d9:f8:22:c2:4f:
12:a1:34:81:be:40:b1:d6:52:d9:a4:a7:20:80:f1:
ce:c6:84:6a:ae:31:db:d4:00:f0:5a:d5:f5:9a:cb:
68:8f:c7:c3:4b:03:c7:57:b9:83:fd:ea:7c:cd:3a:
fe:1a:fa:c4:1a:b6:7d:2d:4e:f5:59:e3:1c:51:8e:
95:54:ff:60:cd:3b:e1:e2:e9:ab:19:64:77:31:d2:
5e:65:1d:b4:a8:8f:f7:bb:b9:8f:60:a4:cc:69:bb:
56:7d:81:76:1f:05:ce:93:ad:13:8d:23:86:6e:ae:
20:67:96:f4:03:b7:18:51:ac:12:ca:f1:4c:8b:88:
d8:12:26:b1:67:2e:2f:c1:4f:8d:36:9e:f8:11:c2:
66:20:1f:0d:eb:64:27:4d:da:60:44:67:3f:76:92:
a7:c9:d7:1b:38:14:b8:79:7d:2f:1b:fb:ae:21:d8:
48:f0:1a:c1:fa:9b:83:51:e4:f4:60:0f:34:2f:e9:
c8:fd:a9:a8:c3:e1:f2:00:91:ce:74:21:ab:ad:04:
dc:21:0b:94:32:7f:27:3f:66:f4:f4:bd:93:80:85:
57:e6:83:4a:80:c2:da:70:71:04:c1:00:99:98:17:
96:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:96:47:4E:4C:FF:7D:2C:58:FD:1A:7B:6E:0D:80:D3:1B:43:CB:2C
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/apZHTkz_fSxY_Rp7bg2A0xtDyyw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a02:340::/32
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
63:78:d3:e6:74:eb:34:02:df:12:d2:e0:a1:ea:d7:61:26:c7:
a8:fd:19:f1:e7:94:ae:2f:cc:34:87:02:e6:e4:39:cb:f0:48:
5c:d2:70:07:b1:38:0e:74:85:2a:54:df:6e:13:c0:5b:8a:4b:
73:fc:e8:34:9f:8a:3a:a6:c8:22:d1:a0:6f:03:8e:ee:ce:5c:
ba:98:24:d1:98:36:81:3b:71:2a:c1:c3:f6:3c:44:6c:32:39:
c9:66:3c:a4:a1:b0:1b:a0:86:8e:1a:93:b9:51:8b:95:fb:2a:
07:5a:d2:6d:4d:bb:c1:8a:43:03:24:6a:1a:97:ce:c4:5f:5b:
94:f9:3f:ce:66:9f:09:0a:6a:8a:93:40:60:94:3e:89:c3:5b:
16:6d:ba:12:81:72:2a:03:08:49:df:2e:65:cd:9e:84:54:86:
e3:ee:18:17:21:09:f7:cc:78:d7:11:29:b5:5b:c0:95:26:43:
53:f8:78:1e:be:70:ed:a6:83:ac:9a:a5:db:c5:fb:99:b7:28:
2f:f4:9c:5f:fe:2f:a9:15:81:c8:30:7b:e9:0b:4a:d7:0b:1f:
a9:de:7d:bd:d3:aa:9e:20:b1:83:65:d4:60:27:96:0d:d1:48:
63:e6:86:6e:9f:b6:e1:0e:0f:4e:5f:99:9b:35:3d:05:44:b8:
fe:39:46:b2
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYtgWDcXsbptcwYDJvyWmEAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjMxMDI0MDYyMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk2NDc0ZTRjZmY3ZDJjNThmZDFhN2I2ZTBkODBkMzFiNDNjYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSHKnAlD8nyIscjZnBpZxVYExpnp
f4y72fgiwk8SoTSBvkCx1lLZpKcggPHOxoRqrjHb1ADwWtX1mstoj8fDSwPHV7mD
/ep8zTr+GvrEGrZ9LU71WeMcUY6VVP9gzTvh4umrGWR3MdJeZR20qI/3u7mPYKTM
abtWfYF2HwXOk60TjSOGbq4gZ5b0A7cYUawSyvFMi4jYEiaxZy4vwU+NNp74EcJm
IB8N62QnTdpgRGc/dpKnydcbOBS4eX0vG/uuIdhI8BrB+puDUeT0YA80L+nI/amo
w+HyAJHOdCGrrQTcIQuUMn8nP2b09L2TgIVX5oNKgMLacHEEwQCZmBeWgwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFGqWR05M/30sWP0ae24NgNMbQ8ssMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvYXBaSFRrel9mU3hZX1JwN2JnMkEweHREeXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQEUEJgAwQC
ucbIAwQCwxQUMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0BAQsFAAOC
AQEAY3jT5nTrNALfEtLgoerXYSbHqP0Z8eeUri/MNIcC5uQ5y/BIXNJwB7E4DnSF
KlTfbhPAW4pLc/zoNJ+KOqbIItGgbwOO7s5cupgk0Zg2gTtxKsHD9jxEbDI5yWY8
pKGwG6CGjhqTuVGLlfsqB1rSbU27wYpDAyRqGpfOxF9blPk/zmafCQpqipNAYJQ+
icNbFm26EoFyKgMISd8uZc2ehFSG4+4YFyEJ98x41xEptVvAlSZDU/h4Hr5w7aaD
rJql28X7mbcoL/ScX/4vqRWByDB76QtK1wsfqd59vdOqniCxg2XUYCeWDdFIY+aG
bp+24Q4PTl+ZmzU9BUS4/jlGsg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:13:10 2025 by rpki-client