Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa
File: t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa (raw, json)
Hash identifier: RnPZY1A/xDu8vum757GIH2YD+P7tfUrHYzWiAgVPP40=
Subject key identifier: B7:C3:E1:63:9C:46:AB:F4:45:3E:19:47:3B:67:4A:22:8E:5C:E6:44
Certificate issuer: /CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Certificate serial: 0184574F96EB1935A75B71833EB68F67A93E
Authority key identifier: 4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa
Signing time: Tue 08 Nov 2022 12:55:44 +0000
ROA not before: Tue 08 Nov 2022 12:55:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60774
IP address blocks: 194.15.80.0/20 maxlen: 24
2a09:2800::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:57:4f:96:eb:19:35:a7:5b:71:83:3e:b6:8f:67:a9:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Validity
Not Before: Nov 8 12:55:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b7c3e1639c46abf4453e19473b674a228e5ce644
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:24:72:ae:ce:19:6a:08:e2:93:58:5b:1d:55:
2b:3f:6e:c2:5b:99:05:82:4d:dd:b7:e4:f2:a0:e0:
9d:00:3e:12:03:88:8a:27:6e:38:08:f3:3f:69:99:
8f:0f:12:13:70:b1:c4:b5:ae:9f:82:2c:d3:1f:76:
48:0f:fe:1a:8d:6b:e4:90:67:78:81:92:cf:d6:dd:
c5:77:93:75:3e:c1:bf:70:5c:30:91:86:14:47:99:
36:47:ee:fe:96:2e:bb:5d:ca:36:1a:25:99:a6:51:
0f:aa:42:6f:19:1c:77:60:23:12:22:c4:7f:0e:86:
5b:74:f3:5b:05:75:7a:dd:f6:33:ea:a1:21:d1:5c:
8b:85:0a:6a:a1:4e:51:e6:a9:63:63:5a:00:fc:d2:
b5:6a:6e:dd:1e:a5:5f:ff:24:05:5f:d7:68:f5:6d:
b1:fd:c7:88:14:ab:a5:89:a3:11:74:fe:7e:08:84:
99:1b:49:6b:5a:23:ee:d9:59:1f:b6:79:70:cc:26:
40:ad:d5:f7:d8:e4:8c:6b:01:a4:72:14:3d:47:c2:
21:e5:02:15:25:45:a8:43:58:e8:79:c9:40:9f:2b:
32:75:b4:e4:08:9a:ab:24:46:64:87:62:e4:38:7d:
d6:b7:c2:b6:40:76:05:99:80:84:e0:27:79:b3:06:
1a:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:C3:E1:63:9C:46:AB:F4:45:3E:19:47:3B:67:4A:22:8E:5C:E6:44
X509v3 Authority Key Identifier:
keyid:4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.80.0/20
IPv6:
2a09:2800::/29
Signature Algorithm: sha256WithRSAEncryption
96:b3:92:92:2e:69:e5:ee:b1:46:65:b5:88:f1:d2:8d:4d:c7:
3c:4d:af:54:f7:1d:7e:33:f8:80:59:f2:25:35:28:79:d7:d3:
e3:c3:44:cf:3c:f4:d2:f4:48:65:d4:50:d2:30:87:e4:0e:e1:
3e:f0:27:d4:c3:e8:30:06:d2:1b:09:08:5d:7f:46:6b:cd:72:
4c:eb:e3:6e:61:e5:32:e2:05:b3:21:b5:ec:85:c2:f6:c9:ca:
fc:06:34:e1:8a:cc:2d:97:89:bc:e0:b2:78:0d:1d:4c:d1:bb:
a2:5c:24:1b:40:69:87:e3:45:34:48:56:e6:5c:cc:bf:b8:59:
17:1c:13:08:9b:54:38:47:fe:c8:97:0f:46:c8:be:33:34:aa:
9e:f2:c6:03:53:6c:be:dd:e9:23:90:97:de:9b:9b:eb:a7:b0:
17:26:b3:72:4d:0f:f6:83:98:9f:3d:f6:e4:e4:a3:7a:d9:1e:
ee:25:9a:c0:2c:ba:64:fa:75:ed:22:bd:f8:1c:05:7f:9d:a8:
51:db:10:42:33:3f:9d:7f:a0:3d:47:34:30:47:f1:8c:a0:98:
dc:54:0f:0e:a7:1c:e5:08:eb:43:96:2d:85:91:ed:e5:1a:ae:
d8:56:5c:ee:18:64:f0:59:29:d3:bf:a5:9e:6d:16:a1:9a:b2:
45:f6:04:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYRXT5brGTWnW3GDPraPZ6k+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2ZlOTBmMGZhZDZhMjVkNDZiZDdjMzM1YjkyMmRhMDMx
YjJjNzgwHhcNMjIxMTA4MTI1NTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2MzZTE2MzljNDZhYmY0NDUzZTE5NDczYjY3NGEyMjhlNWNlNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCRyrs4Zagjik1hbHVUrP27CW5kF
gk3dt+TyoOCdAD4SA4iKJ244CPM/aZmPDxITcLHEta6fgizTH3ZID/4ajWvkkGd4
gZLP1t3Fd5N1PsG/cFwwkYYUR5k2R+7+li67Xco2GiWZplEPqkJvGRx3YCMSIsR/
DoZbdPNbBXV63fYz6qEh0VyLhQpqoU5R5qljY1oA/NK1am7dHqVf/yQFX9do9W2x
/ceIFKuliaMRdP5+CISZG0lrWiPu2VkftnlwzCZArdX32OSMawGkchQ9R8Ih5QIV
JUWoQ1joeclAnysydbTkCJqrJEZkh2LkOH3Wt8K2QHYFmYCE4Cd5swYaZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfD4WOcRqv0RT4ZRztnSiKOXOZEMB8GA1UdIwQY
MBaAFE4/6Q8PrWol1GvXwzW5ItoDGyx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2Et
MTQ4N2M2MDIwYzQ2LzEvdDhQaFk1eEdxX1JGUGhsSE8yZEtJbzVjNWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2EtMTQ4N2M2MDIwYzQ2
LzEvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEwg9QMA0E
AgACMAcDBQMqCSgAMA0GCSqGSIb3DQEBCwUAA4IBAQCWs5KSLmnl7rFGZbWI8dKN
Tcc8Ta9U9x1+M/iAWfIlNSh519Pjw0TPPPTS9Ehl1FDSMIfkDuE+8CfUw+gwBtIb
CQhdf0ZrzXJM6+NuYeUy4gWzIbXshcL2ycr8BjThiswtl4m84LJ4DR1M0buiXCQb
QGmH40U0SFbmXMy/uFkXHBMIm1Q4R/7Ilw9GyL4zNKqe8sYDU2y+3ekjkJfem5vr
p7AXJrNyTQ/2g5ifPfbk5KN62R7uJZrALLpk+nXtIr34HAV/nahR2xBCMz+df6A9
RzQwR/GMoJjcVA8OpxzlCOtDli2Fke3lGq7YVlzuGGTwWSnTv6WebRahmrJF9gRk
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:24:18 2025 by rpki-client