Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/19e715-ffaa-4c43-b79a-56f6ecc1c121/1/1iULxVIEcDRTQtbtiWneVwosbyo.roa
File: 1iULxVIEcDRTQtbtiWneVwosbyo.roa (raw, json)
Hash identifier: Ow4AeaymboxFeNXR3T62WzYnSAGTbu46V7kORfctIVU=
Subject key identifier: D6:25:0B:C5:52:04:70:34:53:42:D6:ED:89:69:DE:57:0A:2C:6F:2A
Certificate issuer: /CN=ec3543aa00373e9e4d10e64c83d3779b378888c1
Certificate serial: 0185AFA9F11D9431326C339FA62B03A3E008
Authority key identifier: EC:35:43:AA:00:37:3E:9E:4D:10:E6:4C:83:D3:77:9B:37:88:88:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DVDqgA3Pp5NEOZMg9N3mzeIiME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2c/19e715-ffaa-4c43-b79a-56f6ecc1c121/1/1iULxVIEcDRTQtbtiWneVwosbyo.roa
Signing time: Sat 14 Jan 2023 09:43:48 +0000
ROA not before: Sat 14 Jan 2023 09:43:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42366
IP address blocks: 81.17.120.0/22 maxlen: 22
82.149.80.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:af:a9:f1:1d:94:31:32:6c:33:9f:a6:2b:03:a3:e0:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3543aa00373e9e4d10e64c83d3779b378888c1
Validity
Not Before: Jan 14 09:43:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6250bc5520470345342d6ed8969de570a2c6f2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:10:f3:c4:4d:a1:36:08:37:b8:20:8e:44:14:
11:da:62:81:2d:6c:8e:a8:19:f9:33:58:c0:81:d8:
06:89:62:0f:40:ce:5a:f3:4c:3e:31:1c:3e:79:0d:
44:f4:8f:c3:80:46:0d:cc:1f:3f:66:55:49:95:ea:
8a:3d:e9:0e:29:c0:5d:df:d9:f5:27:ea:7d:6c:9e:
61:ac:06:38:4c:2c:da:29:1d:de:b6:89:bd:8e:ce:
d5:99:f4:11:7a:d7:12:94:3c:d5:b7:6a:c5:0a:17:
f1:4d:f7:6e:f0:84:74:7a:c5:ce:c1:74:74:79:98:
5f:8a:dd:87:ca:6f:c5:40:d0:38:19:0a:93:84:cd:
2e:67:cd:fa:e0:9a:c2:f5:d1:ad:98:1b:b1:40:86:
64:0c:8a:05:28:3b:8b:cc:21:6f:90:08:11:f2:ab:
4b:b6:db:c4:d7:02:46:0c:6f:3f:a6:d2:91:f1:a3:
dd:a4:a2:be:e0:51:9c:ba:2c:23:28:30:74:3b:90:
34:ce:c4:d7:f6:c2:34:a3:fa:6e:23:93:d7:06:9f:
78:58:29:91:46:95:86:e4:b9:ae:ad:ff:3e:55:64:
42:bb:30:28:44:b9:42:8c:f4:43:96:fa:3e:38:d0:
2a:14:92:4b:21:9c:2c:25:d6:29:af:54:ab:c9:3b:
0b:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:25:0B:C5:52:04:70:34:53:42:D6:ED:89:69:DE:57:0A:2C:6F:2A
X509v3 Authority Key Identifier:
keyid:EC:35:43:AA:00:37:3E:9E:4D:10:E6:4C:83:D3:77:9B:37:88:88:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DVDqgA3Pp5NEOZMg9N3mzeIiME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/19e715-ffaa-4c43-b79a-56f6ecc1c121/1/1iULxVIEcDRTQtbtiWneVwosbyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/19e715-ffaa-4c43-b79a-56f6ecc1c121/1/7DVDqgA3Pp5NEOZMg9N3mzeIiME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.17.120.0/22
82.149.80.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:e2:1a:ab:20:cf:da:07:b1:60:84:b5:0e:a8:76:2d:f9:5c:
53:57:7d:ed:22:9a:98:9c:20:f6:e3:93:77:e8:ee:82:2e:97:
11:c1:c0:0e:86:78:8c:50:54:f4:eb:7e:5a:71:97:e2:a0:4e:
95:b6:82:bc:f8:11:e8:c1:01:a7:e1:cd:b4:d4:51:f4:1f:0e:
ea:80:76:d2:6f:da:5a:96:0c:6a:97:e9:e4:be:86:ca:81:d3:
44:b0:7f:78:03:89:c9:7a:40:3d:8c:b6:a4:0a:cc:81:73:70:
1e:6b:b6:2e:be:d4:d6:c9:2a:25:8b:cb:86:4e:35:7f:81:eb:
2a:29:05:f7:a9:78:89:29:10:47:00:c8:8f:90:76:bd:fd:bc:
25:48:f9:fb:26:d5:19:ae:75:0c:2d:09:87:10:3f:02:6e:97:
c9:92:2e:9a:25:81:3a:4e:e1:41:7f:e5:b4:ab:64:62:74:5c:
10:57:1c:d1:84:a6:f8:35:31:9d:a3:5f:7d:7f:ee:6d:a1:59:
46:e8:2c:93:cc:81:e5:b1:e6:af:f6:c4:fb:77:b4:c2:a9:b1:
35:14:a4:c9:f1:af:6c:51:02:e3:98:e3:9b:37:7f:1c:02:3f:
e8:0d:3a:11:5d:8c:d2:7e:2e:1e:83:e8:27:86:8d:0f:01:d5:
20:17:d7:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYWvqfEdlDEybDOfpisDo+AIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMzU0M2FhMDAzNzNlOWU0ZDEwZTY0YzgzZDM3NzliMzc4
ODg4YzEwHhcNMjMwMTE0MDk0MzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI1MGJjNTUyMDQ3MDM0NTM0MmQ2ZWQ4OTY5ZGU1NzBhMmM2ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BDzxE2hNgg3uCCORBQR2mKBLWyO
qBn5M1jAgdgGiWIPQM5a80w+MRw+eQ1E9I/DgEYNzB8/ZlVJleqKPekOKcBd39n1
J+p9bJ5hrAY4TCzaKR3etom9js7VmfQRetcSlDzVt2rFChfxTfdu8IR0esXOwXR0
eZhfit2Hym/FQNA4GQqThM0uZ8364JrC9dGtmBuxQIZkDIoFKDuLzCFvkAgR8qtL
ttvE1wJGDG8/ptKR8aPdpKK+4FGcuiwjKDB0O5A0zsTX9sI0o/puI5PXBp94WCmR
RpWG5Lmurf8+VWRCuzAoRLlCjPRDlvo+ONAqFJJLIZwsJdYpr1SryTsLtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYlC8VSBHA0U0LW7Ylp3lcKLG8qMB8GA1UdIwQY
MBaAFOw1Q6oANz6eTRDmTIPTd5s3iIjBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RWRHFnQTNQcDVORU9aTWc5TjNtemVJaU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xOWU3MTUtZmZhYS00YzQzLWI3OWEt
NTZmNmVjYzFjMTIxLzEvMWlVTHhWSUVjRFJUUXRidGlXbmVWd29zYnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xOWU3MTUtZmZhYS00YzQzLWI3OWEtNTZmNmVjYzFjMTIx
LzEvN0RWRHFnQTNQcDVORU9aTWc5TjNtemVJaU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCURF4AwQC
UpVQMA0GCSqGSIb3DQEBCwUAA4IBAQAO4hqrIM/aB7FghLUOqHYt+VxTV33tIpqY
nCD245N36O6CLpcRwcAOhniMUFT0635acZfioE6VtoK8+BHowQGn4c201FH0Hw7q
gHbSb9palgxql+nkvobKgdNEsH94A4nJekA9jLakCsyBc3Aea7YuvtTWySoli8uG
TjV/gesqKQX3qXiJKRBHAMiPkHa9/bwlSPn7JtUZrnUMLQmHED8CbpfJki6aJYE6
TuFBf+W0q2RidFwQVxzRhKb4NTGdo199f+5toVlG6CyTzIHlseav9sT7d7TCqbE1
FKTJ8a9sUQLjmOObN38cAj/oDToRXYzSfi4eg+gnho0PAdUgF9e5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:46 2024 by rpki-client on console-fra.rpki-client.org