Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/GUkFltncww67EJ7unfYrwFk8oSw.roa
File: GUkFltncww67EJ7unfYrwFk8oSw.roa (raw, json)
Hash identifier: fXZ1cVIXjAqrf953Wtyp8sNC4xOkP6nBXHrjHwkZLno=
Subject key identifier: 19:49:05:96:D9:DC:C3:0E:BB:10:9E:EE:9D:F6:2B:C0:59:3C:A1:2C
Certificate issuer: /CN=864abd435f899d570a8e5fb83bdad1153455dee0
Certificate serial: 01856FC25ACA38AAC695D3D6C99B31ADDC05
Authority key identifier: 86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/GUkFltncww67EJ7unfYrwFk8oSw.roa
Signing time: Sun 01 Jan 2023 23:54:46 +0000
ROA not before: Sun 01 Jan 2023 23:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 38924
IP address blocks: 95.87.0.0/18 maxlen: 24
185.35.176.0/22 maxlen: 24
2a00:fc40::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:c2:5a:ca:38:aa:c6:95:d3:d6:c9:9b:31:ad:dc:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=864abd435f899d570a8e5fb83bdad1153455dee0
Validity
Not Before: Jan 1 23:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19490596d9dcc30ebb109eee9df62bc0593ca12c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:78:2e:b7:7b:8a:b6:32:b8:bb:13:10:dd:5b:
17:77:da:10:f2:ed:72:c9:09:ff:c2:45:46:56:a0:
99:1b:25:81:66:ed:e9:57:33:ea:f3:f0:1f:f5:03:
87:72:6c:07:61:a4:ac:97:27:11:c5:0f:fb:a4:47:
cd:f3:bd:3a:0f:a1:09:c5:20:47:6a:03:83:e6:56:
95:7e:ac:34:0d:72:36:11:ee:bb:31:a5:c9:11:8b:
46:81:9b:ed:38:9c:20:2d:f8:83:27:f0:dd:89:90:
13:0f:e5:15:44:f8:3e:88:c2:04:c7:ff:ed:1c:60:
e3:31:78:8c:9b:7f:77:f2:ea:2b:14:a1:fa:34:12:
40:a7:2d:7d:19:da:2f:fd:a7:ae:41:d5:bf:eb:fb:
46:fa:ca:52:f3:fb:bb:66:20:98:6c:f1:c2:0a:86:
12:16:8d:52:22:17:fd:67:f1:5f:f4:cf:16:4f:7f:
ff:2a:82:ce:ed:63:3d:51:18:67:48:55:36:3a:09:
d6:25:61:60:d0:4d:6b:49:aa:a0:da:43:84:d2:22:
63:be:59:0d:b5:16:21:9c:34:01:cd:0b:4b:a4:13:
90:fb:d2:db:96:d0:6d:0a:a2:86:ed:1d:77:35:b3:
46:50:69:6c:15:6b:4c:64:10:a9:11:79:f9:66:ae:
4f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:49:05:96:D9:DC:C3:0E:BB:10:9E:EE:9D:F6:2B:C0:59:3C:A1:2C
X509v3 Authority Key Identifier:
keyid:86:4A:BD:43:5F:89:9D:57:0A:8E:5F:B8:3B:DA:D1:15:34:55:DE:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/GUkFltncww67EJ7unfYrwFk8oSw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3f133f-1c81-4a4b-a255-3e3646591aa0/1/hkq9Q1-JnVcKjl-4O9rRFTRV3uA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.87.0.0/18
185.35.176.0/22
IPv6:
2a00:fc40::/32
Signature Algorithm: sha256WithRSAEncryption
8d:cf:ab:eb:4c:84:50:47:03:8e:17:42:f1:64:7c:4e:26:90:
e8:41:72:92:b3:e3:14:5d:d8:a6:ee:3a:df:45:6c:62:2f:b6:
09:a4:21:e3:30:b8:41:3a:e5:df:b6:90:2c:88:b1:f7:21:3a:
80:8b:ec:70:11:0a:2d:32:2c:01:cd:20:65:7b:c7:e8:82:88:
56:c2:e0:28:00:be:87:60:7d:be:20:2c:aa:61:11:9f:e8:10:
4a:86:99:15:fe:ce:2a:fb:51:29:1f:8b:4a:b9:d2:d1:a7:31:
51:e3:8d:07:85:9f:8b:ec:68:64:48:fc:52:f7:67:55:bd:a2:
52:01:97:cb:73:49:c0:37:b2:52:b6:8d:30:28:21:39:f2:ee:
5c:77:bf:6c:62:93:0a:ce:89:2d:f5:a8:5d:60:cc:92:88:06:
7a:9e:2a:45:6a:6d:e9:69:64:43:34:3d:60:1e:ef:b0:50:4a:
9d:10:47:d6:9a:6d:de:38:86:f8:ec:08:ea:e3:49:1d:a7:49:
2f:db:2a:85:82:97:06:2a:31:6f:1a:7d:75:e3:cb:32:ea:6c:
21:5e:6d:2d:f4:1e:4a:77:39:b9:a7:45:4a:2a:1a:36:fb:eb:
1f:c9:c6:dd:fa:b0:f0:dd:0d:e7:65:58:1e:63:8a:bc:11:a9:
7d:86:47:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvwlrKOKrGldPWyZsxrdwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGFiZDQzNWY4OTlkNTcwYThlNWZiODNiZGFkMTE1MzQ1
NWRlZTAwHhcNMjMwMTAxMjM1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQ5MDU5NmQ5ZGNjMzBlYmIxMDllZWU5ZGY2MmJjMDU5M2NhMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHgut3uKtjK4uxMQ3VsXd9oQ8u1y
yQn/wkVGVqCZGyWBZu3pVzPq8/Af9QOHcmwHYaSslycRxQ/7pEfN8706D6EJxSBH
agOD5laVfqw0DXI2Ee67MaXJEYtGgZvtOJwgLfiDJ/DdiZATD+UVRPg+iMIEx//t
HGDjMXiMm3938uorFKH6NBJApy19Gdov/aeuQdW/6/tG+spS8/u7ZiCYbPHCCoYS
Fo1SIhf9Z/Ff9M8WT3//KoLO7WM9URhnSFU2OgnWJWFg0E1rSaqg2kOE0iJjvlkN
tRYhnDQBzQtLpBOQ+9LbltBtCqKG7R13NbNGUGlsFWtMZBCpEXn5Zq5PXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBlJBZbZ3MMOuxCe7p32K8BZPKEsMB8GA1UdIwQY
MBaAFIZKvUNfiZ1XCo5fuDva0RU0Vd7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUt
M2UzNjQ2NTkxYWEwLzEvR1VrRmx0bmN3dzY3RUo3dW5mWXJ3Rms4b1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZjEzM2YtMWM4MS00YTRiLWEyNTUtM2UzNjQ2NTkxYWEw
LzEvaGtxOVExLUpuVmNLamwtNE85clJGVFJWM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGX1cAAwQC
uSOwMA0EAgACMAcDBQAqAPxAMA0GCSqGSIb3DQEBCwUAA4IBAQCNz6vrTIRQRwOO
F0LxZHxOJpDoQXKSs+MUXdim7jrfRWxiL7YJpCHjMLhBOuXftpAsiLH3ITqAi+xw
EQotMiwBzSBle8fogohWwuAoAL6HYH2+ICyqYRGf6BBKhpkV/s4q+1EpH4tKudLR
pzFR440HhZ+L7GhkSPxS92dVvaJSAZfLc0nAN7JSto0wKCE58u5cd79sYpMKzokt
9ahdYMySiAZ6nipFam3paWRDND1gHu+wUEqdEEfWmm3eOIb47Ajq40kdp0kv2yqF
gpcGKjFvGn1148sy6mwhXm0t9B5Kdzm5p0VKKho2++sfycbd+rDw3Q3nZVgeY4q8
Eal9hkeJ
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:26:04 2025 by rpki-client