Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/4OYf08DebPv1oWZmqI691c6EHEY.roa
File: 4OYf08DebPv1oWZmqI691c6EHEY.roa (raw, json)
Hash identifier: A4QMeMwPUb3yxVQQoQ/I+zvuwhkSdNhm/wG7W9krnDY=
Subject key identifier: E0:E6:1F:D3:C0:DE:6C:FB:F5:A1:66:66:A8:8E:BD:D5:CE:84:1C:46
Certificate issuer: /CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Certificate serial: 018572CCD187CF4CF4311F4CD7F1F6D4FCF3
Authority key identifier: 4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/4OYf08DebPv1oWZmqI691c6EHEY.roa
Signing time: Mon 02 Jan 2023 14:05:03 +0000
ROA not before: Mon 02 Jan 2023 14:05:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60774
IP address blocks: 194.15.80.0/20 maxlen: 24
2a09:2800::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:cc:d1:87:cf:4c:f4:31:1f:4c:d7:f1:f6:d4:fc:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Validity
Not Before: Jan 2 14:05:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0e61fd3c0de6cfbf5a16666a88ebdd5ce841c46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:de:78:ca:6b:be:f8:45:aa:4f:e8:05:fc:ed:
8f:dd:f3:3f:a2:cc:a2:12:e6:ed:74:42:59:f1:18:
bf:55:25:d2:66:f7:a6:b4:94:f4:03:3c:af:18:c2:
b4:b2:91:c8:d3:57:e2:07:5f:85:dc:13:48:6f:5a:
cf:9c:2e:8b:b5:9e:d3:d5:70:62:3c:82:42:12:03:
bd:3b:37:d8:1c:a2:80:1a:56:5a:4b:55:02:ea:5a:
41:6a:0a:8f:80:8e:42:e3:6a:35:1e:c6:8c:2e:84:
fa:75:35:83:76:e9:03:8a:4e:87:f9:4e:d2:aa:8b:
2c:3f:d6:5f:71:c6:15:e4:49:e9:6b:f0:22:e5:3b:
4e:2e:87:c8:70:ac:76:09:37:7a:93:5d:9a:53:8d:
34:a9:95:35:15:8f:29:09:54:26:da:f8:31:e8:ae:
d3:33:bd:30:8f:57:34:4b:cf:38:80:68:7c:b1:af:
4a:d5:64:df:4f:91:eb:32:f5:3b:88:8c:28:8b:21:
0b:ec:d4:d8:1f:94:ca:47:38:d0:2f:3f:7a:6f:f5:
1e:c0:a1:4c:5f:8b:58:03:ef:f5:1a:eb:1c:da:ab:
28:1d:f4:e5:fe:6b:e9:3f:7f:6f:0b:68:af:4f:7e:
ac:be:8b:e3:4e:1d:1a:40:0d:36:39:a4:72:1b:b5:
c0:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:E6:1F:D3:C0:DE:6C:FB:F5:A1:66:66:A8:8E:BD:D5:CE:84:1C:46
X509v3 Authority Key Identifier:
keyid:4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/4OYf08DebPv1oWZmqI691c6EHEY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.80.0/20
IPv6:
2a09:2800::/29
Signature Algorithm: sha256WithRSAEncryption
23:cc:1a:0f:5d:64:68:f5:3f:d1:0f:6d:46:bb:5b:e7:bf:37:
e0:99:57:14:09:9b:05:ca:73:78:a9:a9:57:25:8c:23:a4:0f:
9e:f3:90:2e:54:7a:15:49:de:00:0d:dd:5b:aa:6c:9d:c6:ad:
ae:e2:ba:c7:7d:ca:62:10:aa:54:e1:92:bf:45:d7:ab:0d:c4:
91:b8:27:0e:40:19:9e:a7:f9:eb:e6:ab:79:f0:e6:cc:44:62:
8e:f9:c0:69:8e:db:34:54:89:2f:58:df:b3:1c:84:60:60:38:
23:97:ab:d5:5d:0b:01:f2:90:de:22:e6:29:3c:cb:cd:5c:1a:
28:e3:83:49:69:fa:ef:0b:2e:f8:5d:43:75:b4:b8:20:35:3d:
2a:8e:fc:37:7f:8c:70:a1:fc:c9:c6:23:1e:ba:1d:07:2a:76:
79:91:f1:ea:f0:ac:00:7e:6a:00:e1:1c:d6:02:a9:62:6c:e1:
ab:98:19:ba:f7:3e:86:d2:5f:bc:d0:3e:ad:4e:71:c2:ca:97:
0a:6b:6a:e9:28:b7:7f:e5:3a:72:e8:5f:2d:ea:7f:c4:11:9e:
87:3d:31:bd:a9:1a:a8:e8:6a:f7:94:a0:5b:1d:63:87:cf:b4:
68:22:87:e4:b0:b5:7e:b3:e9:0b:37:10:2f:a8:32:2d:5b:40:
f4:96:75:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyzNGHz0z0MR9M1/H21PzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2ZlOTBmMGZhZDZhMjVkNDZiZDdjMzM1YjkyMmRhMDMx
YjJjNzgwHhcNMjMwMTAyMTQwNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGU2MWZkM2MwZGU2Y2ZiZjVhMTY2NjZhODhlYmRkNWNlODQxYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN54ymu++EWqT+gF/O2P3fM/osyi
EubtdEJZ8Ri/VSXSZvemtJT0AzyvGMK0spHI01fiB1+F3BNIb1rPnC6LtZ7T1XBi
PIJCEgO9OzfYHKKAGlZaS1UC6lpBagqPgI5C42o1HsaMLoT6dTWDdukDik6H+U7S
qossP9ZfccYV5Enpa/Ai5TtOLofIcKx2CTd6k12aU400qZU1FY8pCVQm2vgx6K7T
M70wj1c0S884gGh8sa9K1WTfT5HrMvU7iIwoiyEL7NTYH5TKRzjQLz96b/UewKFM
X4tYA+/1Gusc2qsoHfTl/mvpP39vC2ivT36svovjTh0aQA02OaRyG7XAqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFODmH9PA3mz79aFmZqiOvdXOhBxGMB8GA1UdIwQY
MBaAFE4/6Q8PrWol1GvXwzW5ItoDGyx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2Et
MTQ4N2M2MDIwYzQ2LzEvNE9ZZjA4RGViUHYxb1dabXFJNjkxYzZFSEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2EtMTQ4N2M2MDIwYzQ2
LzEvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEwg9QMA0E
AgACMAcDBQMqCSgAMA0GCSqGSIb3DQEBCwUAA4IBAQAjzBoPXWRo9T/RD21Gu1vn
vzfgmVcUCZsFynN4qalXJYwjpA+e85AuVHoVSd4ADd1bqmydxq2u4rrHfcpiEKpU
4ZK/RderDcSRuCcOQBmep/nr5qt58ObMRGKO+cBpjts0VIkvWN+zHIRgYDgjl6vV
XQsB8pDeIuYpPMvNXBoo44NJafrvCy74XUN1tLggNT0qjvw3f4xwofzJxiMeuh0H
KnZ5kfHq8KwAfmoA4RzWAqlibOGrmBm69z6G0l+80D6tTnHCypcKa2rpKLd/5Tpy
6F8t6n/EEZ6HPTG9qRqo6Gr3lKBbHWOHz7RoIofksLV+s+kLNxAvqDItW0D0lnWR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:05 2024 by rpki-client on console-ams.rpki-client.org