Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tcRG1QQ1RvnoqSFM9jdc5K0uDGc.roa
File: tcRG1QQ1RvnoqSFM9jdc5K0uDGc.roa (raw, json)
Hash identifier: XVmt2B51Sd4o8qE5MIPvgfQMfcoY0Vlfl+OwJTgK0yI=
Subject key identifier: B5:C4:46:D5:04:35:46:F9:E8:A9:21:4C:F6:37:5C:E4:AD:2E:0C:67
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018A472077B27154A78DDADA9B9A5A28B000
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tcRG1QQ1RvnoqSFM9jdc5K0uDGc.roa
Signing time: Wed 30 Aug 2023 15:47:04 +0000
ROA not before: Wed 30 Aug 2023 15:47:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21507
IP address blocks: 79.73.128.0/17 maxlen: 24
79.73.64.0/18 maxlen: 24
88.104.0.0/15 maxlen: 24
79.73.0.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:47:20:77:b2:71:54:a7:8d:da:da:9b:9a:5a:28:b0:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Aug 30 15:47:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5c446d5043546f9e8a9214cf6375ce4ad2e0c67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:d0:00:d7:aa:18:65:1d:47:e0:45:cf:b2:66:
3f:6f:6c:26:92:c1:1b:4d:d6:b0:71:7e:86:25:ab:
e7:9f:84:42:65:d8:0b:09:00:04:a8:42:e3:c3:36:
5e:a2:9b:21:54:d5:e2:72:02:5c:ee:00:44:ae:ea:
c1:b5:8d:8a:c8:65:76:72:4f:7f:f7:39:a9:46:46:
1a:23:25:af:25:6f:ce:f3:89:01:60:49:1c:e9:68:
7f:d7:ab:d8:d8:69:65:e6:08:98:14:99:9d:c4:85:
82:0c:06:91:a1:46:1a:a2:bd:cd:73:9f:77:f4:d9:
1e:dc:df:d8:4f:78:9a:c7:cc:2b:17:ba:09:6c:c1:
93:90:ef:23:46:34:74:f4:c1:6d:f7:f0:19:78:b2:
b7:0d:67:e7:45:fa:d5:38:21:f5:94:d0:c1:49:ee:
85:bd:f6:33:76:5b:26:0c:ea:5b:1d:52:eb:15:df:
dc:08:e2:77:01:55:95:ae:85:16:6d:f9:54:a8:c1:
af:04:da:52:84:b7:0f:aa:5f:ce:5d:ab:c5:ad:07:
95:79:8d:57:31:39:92:75:32:43:68:1b:73:48:78:
ea:37:5f:94:e9:4b:33:0b:38:64:43:f1:63:ab:2d:
83:22:23:b6:82:6a:90:38:e2:7d:c3:0a:4b:b9:1d:
35:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:C4:46:D5:04:35:46:F9:E8:A9:21:4C:F6:37:5C:E4:AD:2E:0C:67
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tcRG1QQ1RvnoqSFM9jdc5K0uDGc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.73.0.0/16
88.104.0.0/15
Signature Algorithm: sha256WithRSAEncryption
78:40:78:ef:82:55:2b:7b:90:e3:87:8d:a8:43:cd:7a:b6:35:
0e:91:24:ce:c6:aa:21:3c:6e:d2:0b:d3:6a:72:ae:62:9e:31:
62:d9:aa:e5:89:10:7a:2a:e2:e9:1b:f8:75:26:82:6d:54:2d:
d3:e8:61:79:4a:23:6a:5b:d5:42:23:55:13:95:d8:24:25:f4:
84:01:d9:7a:67:f1:c1:39:a2:09:b2:16:f8:e1:40:63:6f:68:
9c:41:c0:e9:66:a7:59:71:98:c8:00:5c:3a:19:a0:0c:24:38:
01:29:fc:ec:ab:97:3c:11:9e:d6:4f:e5:fd:3a:82:e4:0f:21:
e8:15:e3:b5:53:f7:78:59:2e:10:f9:ff:9a:86:e9:6c:aa:89:
5e:5e:96:53:f5:f2:6a:64:58:24:22:6a:c2:4f:48:17:f3:5f:
b0:a6:52:5c:ec:40:3f:0e:71:e2:98:52:be:97:f5:a0:21:53:
24:8b:5f:11:22:aa:c2:25:96:53:4a:c8:ff:3d:34:79:2f:8b:
c2:43:81:fa:83:e3:df:11:b6:bf:7c:13:31:4a:98:bf:ce:f7:
12:d6:44:7d:8e:77:81:7f:3d:bb:76:c1:88:79:1c:b3:65:bc:
9f:a3:40:b7:60:90:02:7c:38:11:f4:7b:f5:6d:f4:b6:4b:0a:
c4:e5:f9:3e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYpHIHeycVSnjdram5paKLAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwODMwMTU0NzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM0NDZkNTA0MzU0NmY5ZThhOTIxNGNmNjM3NWNlNGFkMmUwYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdAA16oYZR1H4EXPsmY/b2wmksEb
TdawcX6GJavnn4RCZdgLCQAEqELjwzZeopshVNXicgJc7gBErurBtY2KyGV2ck9/
9zmpRkYaIyWvJW/O84kBYEkc6Wh/16vY2Gll5giYFJmdxIWCDAaRoUYaor3Nc593
9Nke3N/YT3iax8wrF7oJbMGTkO8jRjR09MFt9/AZeLK3DWfnRfrVOCH1lNDBSe6F
vfYzdlsmDOpbHVLrFd/cCOJ3AVWVroUWbflUqMGvBNpShLcPql/OXavFrQeVeY1X
MTmSdTJDaBtzSHjqN1+U6UszCzhkQ/Fjqy2DIiO2gmqQOOJ9wwpLuR01AwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFLXERtUENUb56KkhTPY3XOStLgxnMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvdGNSRzFRUTFSdm5vcVNGTTlqZGM1SzB1REdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAT0kDAwFY
aDANBgkqhkiG9w0BAQsFAAOCAQEAeEB474JVK3uQ44eNqEPNerY1DpEkzsaqITxu
0gvTanKuYp4xYtmq5YkQeiri6Rv4dSaCbVQt0+hheUojalvVQiNVE5XYJCX0hAHZ
emfxwTmiCbIW+OFAY29onEHA6WanWXGYyABcOhmgDCQ4ASn87KuXPBGe1k/l/TqC
5A8h6BXjtVP3eFkuEPn/mobpbKqJXl6WU/XyamRYJCJqwk9IF/NfsKZSXOxAPw5x
4phSvpf1oCFTJItfESKqwiWWU0rI/z00eS+LwkOB+oPj3xG2v3wTMUqYv873EtZE
fY53gX89u3bBiHkcs2W8n6NAt2CQAnw4EfR79W30tksKxOX5Pg==
-----END CERTIFICATE-----
Generated at Wed Sep 13 15:36:25 2023 by rpki-client on console-ams.rpki-client.org