Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/6e44b7-baff-45f3-a4e9-17f881f771cb/1/utbhGppjiuDKmL3PG2AvSHPHSus.roa
File: utbhGppjiuDKmL3PG2AvSHPHSus.roa (raw, json)
Hash identifier: bLF+SEt7f98gX9qSoxvxYaXnkulIhZxpQO6WVL+fVBc=
Subject key identifier: BA:D6:E1:1A:9A:63:8A:E0:CA:98:BD:CF:1B:60:2F:48:73:C7:4A:EB
Certificate issuer: /CN=56641d162079efd3c560a5de9e9226b2f2f0b097
Certificate serial: 01856F8BA2E15D4505F6ABF786BCA8B265D7
Authority key identifier: 56:64:1D:16:20:79:EF:D3:C5:60:A5:DE:9E:92:26:B2:F2:F0:B0:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VmQdFiB579PFYKXenpImsvLwsJc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/6e44b7-baff-45f3-a4e9-17f881f771cb/1/utbhGppjiuDKmL3PG2AvSHPHSus.roa
Signing time: Sun 01 Jan 2023 22:55:00 +0000
ROA not before: Sun 01 Jan 2023 22:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 188.214.157.0/24 maxlen: 24
86.105.182.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:8b:a2:e1:5d:45:05:f6:ab:f7:86:bc:a8:b2:65:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=56641d162079efd3c560a5de9e9226b2f2f0b097
Validity
Not Before: Jan 1 22:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bad6e11a9a638ae0ca98bdcf1b602f4873c74aeb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d4:57:fa:b8:6c:92:5d:a7:f3:d9:c3:57:51:
c2:94:cb:83:69:1c:34:89:94:5f:2f:63:91:9e:4a:
74:f2:91:c4:58:24:96:99:54:19:05:b6:96:43:48:
9a:01:22:75:a5:20:2c:4c:94:ef:4e:cb:78:e5:08:
96:1f:9b:bc:53:7a:04:94:7e:d9:4b:e1:f7:1e:45:
b6:dc:6b:82:d4:9a:56:0e:61:a2:2f:b0:4e:b0:e2:
74:57:0f:c1:7a:67:52:f0:03:ec:a4:65:04:87:a2:
0e:36:c9:ba:59:4f:eb:92:5d:d8:7e:66:c6:4a:fc:
3f:3d:47:c7:0e:80:38:53:82:33:40:9e:84:76:25:
66:97:60:21:6b:93:d8:eb:dd:1f:11:86:b1:c6:03:
33:12:c5:9b:f7:6e:c6:b4:29:88:c4:94:79:14:c8:
54:88:98:df:f4:90:fb:1c:1e:b4:98:64:28:a7:83:
eb:3f:04:0f:33:f6:5e:e1:e7:2a:8b:df:ff:46:a7:
8c:20:61:ed:0a:cd:2a:b7:45:0e:5b:e9:f7:1a:d5:
92:bd:78:87:cd:e2:1b:22:6f:77:8d:92:ba:e2:3c:
53:0e:da:b6:88:74:07:a1:71:eb:f0:1b:4d:21:b6:
1a:4f:3b:f6:41:c8:51:e5:60:ef:9b:77:dc:fb:29:
cd:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:D6:E1:1A:9A:63:8A:E0:CA:98:BD:CF:1B:60:2F:48:73:C7:4A:EB
X509v3 Authority Key Identifier:
keyid:56:64:1D:16:20:79:EF:D3:C5:60:A5:DE:9E:92:26:B2:F2:F0:B0:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VmQdFiB579PFYKXenpImsvLwsJc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6e44b7-baff-45f3-a4e9-17f881f771cb/1/utbhGppjiuDKmL3PG2AvSHPHSus.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6e44b7-baff-45f3-a4e9-17f881f771cb/1/VmQdFiB579PFYKXenpImsvLwsJc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.105.182.0/24
188.214.157.0/24
Signature Algorithm: sha256WithRSAEncryption
c7:b1:47:27:1b:34:7b:ce:c6:2a:be:9d:fc:70:ad:8d:ab:3d:
8d:06:64:1c:c2:cf:c0:30:0b:5d:69:65:36:94:29:26:f4:3e:
ff:1c:6a:42:d5:d8:70:ba:e5:b5:0f:bd:05:5c:bc:58:f5:d1:
70:7e:3f:3e:0d:14:04:57:9e:04:06:a0:d3:c5:ec:87:ec:d4:
57:4e:a6:a3:86:af:cc:94:c8:d8:7e:b1:49:fa:89:56:73:3c:
15:b3:f9:cc:b5:d8:7c:c1:31:7e:73:3d:3f:fa:c2:5a:3b:2f:
3f:9c:3d:73:b8:35:2f:cf:76:fe:7e:8b:5f:7a:c4:7b:b8:ae:
61:fb:1e:e5:da:af:e6:91:c5:3e:18:51:e7:7c:3d:76:0d:b4:
ba:69:52:66:f5:50:cd:13:b3:1e:de:c9:ef:5d:0f:53:5b:f2:
a8:b5:ab:7c:a1:21:ee:d8:2b:b0:cd:93:e9:90:60:78:e1:ae:
65:14:8e:46:85:62:a3:13:90:21:f7:8e:45:e8:21:bd:63:1d:
59:c9:48:20:30:47:7a:e6:27:71:c1:cc:9d:98:1f:19:97:35:
ac:68:f6:11:4d:fe:c9:36:dd:19:d7:73:98:3a:8b:04:4c:91:
cd:d9:68:83:d1:36:6d:2b:a5:6e:60:42:95:36:4d:20:56:04:
83:33:a7:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvi6LhXUUF9qv3hryosmXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NjQxZDE2MjA3OWVmZDNjNTYwYTVkZTllOTIyNmIyZjJm
MGIwOTcwHhcNMjMwMTAxMjI1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWQ2ZTExYTlhNjM4YWUwY2E5OGJkY2YxYjYwMmY0ODczYzc0YWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNRX+rhskl2n89nDV1HClMuDaRw0
iZRfL2ORnkp08pHEWCSWmVQZBbaWQ0iaASJ1pSAsTJTvTst45QiWH5u8U3oElH7Z
S+H3HkW23GuC1JpWDmGiL7BOsOJ0Vw/BemdS8APspGUEh6IONsm6WU/rkl3YfmbG
Svw/PUfHDoA4U4IzQJ6EdiVml2Aha5PY690fEYaxxgMzEsWb927GtCmIxJR5FMhU
iJjf9JD7HB60mGQop4PrPwQPM/Ze4ecqi9//RqeMIGHtCs0qt0UOW+n3GtWSvXiH
zeIbIm93jZK64jxTDtq2iHQHoXHr8BtNIbYaTzv2QchR5WDvm3fc+ynN4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLrW4RqaY4rgypi9zxtgL0hzx0rrMB8GA1UdIwQY
MBaAFFZkHRYgee/TxWCl3p6SJrLy8LCXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm1RZEZpQjU3OVBGWUtYZW5wSW1zdkx3c0pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82ZTQ0YjctYmFmZi00NWYzLWE0ZTkt
MTdmODgxZjc3MWNiLzEvdXRiaEdwcGppdURLbUwzUEcyQXZTSFBIU3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82ZTQ0YjctYmFmZi00NWYzLWE0ZTktMTdmODgxZjc3MWNi
LzEvVm1RZEZpQjU3OVBGWUtYZW5wSW1zdkx3c0pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmm2AwQA
vNadMA0GCSqGSIb3DQEBCwUAA4IBAQDHsUcnGzR7zsYqvp38cK2Nqz2NBmQcws/A
MAtdaWU2lCkm9D7/HGpC1dhwuuW1D70FXLxY9dFwfj8+DRQEV54EBqDTxeyH7NRX
Tqajhq/MlMjYfrFJ+olWczwVs/nMtdh8wTF+cz0/+sJaOy8/nD1zuDUvz3b+fotf
esR7uK5h+x7l2q/mkcU+GFHnfD12DbS6aVJm9VDNE7Me3snvXQ9TW/Kotat8oSHu
2CuwzZPpkGB44a5lFI5GhWKjE5Ah945F6CG9Yx1ZyUggMEd65idxwcydmB8ZlzWs
aPYRTf7JNt0Z13OYOosETJHN2WiD0TZtK6VuYEKVNk0gVgSDM6cm
-----END CERTIFICATE-----
Generated at Mon Jul 24 09:09:20 2023 by rpki-client on console-ams.rpki-client.org