Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/X6udTqx4H2VtoLjLkEkCjxh0u8o.roa
File: X6udTqx4H2VtoLjLkEkCjxh0u8o.roa (raw, json)
Hash identifier: /MxvovBlHhwTnDTH3RmhlDxlXtK/ZwPpFzX6jaSBGmA=
Subject key identifier: 5F:AB:9D:4E:AC:78:1F:65:6D:A0:B8:CB:90:49:02:8F:18:74:BB:CA
Certificate issuer: /CN=342b03896c76698286f881a6ba472a08b7963ca2
Certificate serial: 01856CF8369B8E28BAD9810801683E4E051C
Authority key identifier: 34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/X6udTqx4H2VtoLjLkEkCjxh0u8o.roa
Signing time: Sun 01 Jan 2023 10:54:44 +0000
ROA not before: Sun 01 Jan 2023 10:54:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34695
IP address blocks: 185.167.28.0/22 maxlen: 22
2a0b:3a00::/29 maxlen: 29
2a0a:280::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:36:9b:8e:28:ba:d9:81:08:01:68:3e:4e:05:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=342b03896c76698286f881a6ba472a08b7963ca2
Validity
Not Before: Jan 1 10:54:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5fab9d4eac781f656da0b8cb9049028f1874bbca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:38:fc:69:16:3b:0c:c5:e1:b4:1b:84:8e:5f:
46:f3:db:fd:f0:ca:68:c6:6b:72:ec:58:32:09:64:
d4:14:f3:ad:d5:6f:53:8c:76:23:9b:ee:ed:19:6e:
9d:b4:b3:f4:88:1d:e0:0e:92:ec:29:f3:94:5b:82:
66:80:bb:b8:46:7b:b6:9f:94:3c:29:ee:aa:da:e4:
49:d9:22:99:99:fa:b5:47:8b:8e:01:51:d4:0a:b6:
22:6d:d6:6a:e3:88:88:1b:ac:dc:d6:3e:f3:db:2a:
fe:01:bd:39:b4:32:7d:16:76:99:25:04:b1:a4:69:
50:5c:07:89:72:8e:04:a3:16:03:fa:d5:73:6c:ee:
01:1e:10:3d:56:cb:41:5d:db:98:25:6f:ea:53:72:
a4:b7:f8:d4:92:6d:59:e3:77:4e:05:88:2a:4d:f5:
8b:7a:81:4c:b5:f8:40:f5:3d:80:2a:49:15:cd:47:
c9:65:3f:6a:9a:20:c0:52:ce:f8:69:91:ab:f7:b5:
9b:35:37:06:ed:27:01:b6:23:1e:ba:25:44:8c:3b:
dd:c6:1e:01:a9:df:77:00:9a:39:67:18:44:b3:d1:
04:d2:7b:44:25:bd:cd:d3:73:f8:24:c8:a3:92:cf:
bd:ac:75:f8:73:ea:2e:c4:ab:7d:5a:52:dc:fa:76:
1a:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:AB:9D:4E:AC:78:1F:65:6D:A0:B8:CB:90:49:02:8F:18:74:BB:CA
X509v3 Authority Key Identifier:
keyid:34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/X6udTqx4H2VtoLjLkEkCjxh0u8o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/NCsDiWx2aYKG-IGmukcqCLeWPKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.167.28.0/22
IPv6:
2a0a:280::/29
2a0b:3a00::/29
Signature Algorithm: sha256WithRSAEncryption
ae:bf:cd:bb:f8:50:c5:1b:8d:47:41:18:96:86:02:d7:78:51:
c0:f1:64:5c:b7:4d:64:ae:e7:ce:c1:1e:71:78:97:0d:78:b1:
6d:04:23:f3:c2:f7:17:ea:4d:0b:bf:e5:6c:85:6a:c3:c3:ad:
42:86:94:df:1c:5b:85:6e:f0:39:c1:8e:f6:63:2f:40:b6:57:
2c:a9:59:c6:9c:11:a0:f4:6a:e2:14:4e:d2:ed:d0:df:38:8d:
22:e1:d2:d0:83:32:35:d8:31:14:a2:c1:69:38:43:24:e1:3a:
bb:5c:1a:49:a6:27:d5:51:40:89:0d:6f:31:8e:3c:a2:96:f1:
13:f0:c4:cc:d7:af:d8:b9:f2:85:83:fc:1c:fe:e9:62:49:49:
df:34:c9:ad:6b:60:27:3d:34:b8:f8:77:fc:e6:46:52:e8:e0:
f7:40:21:4d:cd:22:be:7b:59:3f:c1:77:0a:12:ca:bc:4b:b0:
0b:b7:69:f3:54:1c:d6:3b:5a:bf:ea:e8:c7:ac:33:23:c3:0d:
37:4b:4a:ab:f9:7d:83:65:65:d8:8d:f5:ee:fc:43:b0:64:67:
26:e6:bb:6f:f0:93:75:6b:a7:0f:57:43:ee:a7:a2:89:56:d0:
ba:f1:4e:4d:e5:80:9f:1f:b6:c2:36:46:9d:80:75:d3:59:e2:
b4:fb:6c:33
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVs+Dabjii62YEIAWg+TgUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MmIwMzg5NmM3NjY5ODI4NmY4ODFhNmJhNDcyYTA4Yjc5
NjNjYTIwHhcNMjMwMTAxMTA1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmFiOWQ0ZWFjNzgxZjY1NmRhMGI4Y2I5MDQ5MDI4ZjE4NzRiYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTj8aRY7DMXhtBuEjl9G89v98Mpo
xmty7FgyCWTUFPOt1W9TjHYjm+7tGW6dtLP0iB3gDpLsKfOUW4JmgLu4Rnu2n5Q8
Ke6q2uRJ2SKZmfq1R4uOAVHUCrYibdZq44iIG6zc1j7z2yr+Ab05tDJ9FnaZJQSx
pGlQXAeJco4EoxYD+tVzbO4BHhA9VstBXduYJW/qU3Kkt/jUkm1Z43dOBYgqTfWL
eoFMtfhA9T2AKkkVzUfJZT9qmiDAUs74aZGr97WbNTcG7ScBtiMeuiVEjDvdxh4B
qd93AJo5ZxhEs9EE0ntEJb3N03P4JMijks+9rHX4c+ouxKt9WlLc+nYapQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFF+rnU6seB9lbaC4y5BJAo8YdLvKMB8GA1UdIwQY
MBaAFDQrA4lsdmmChviBprpHKgi3ljyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkNzRGlXeDJhWUtHLUlHbXVrY3FDTGVXUEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9kMWEyNjEtOGY4My00ZjZhLTg3YWIt
Y2Y0MWY3NmQ3ZjAzLzEvWDZ1ZFRxeDRIMlZ0b0xqTGtFa0NqeGgwdThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9kMWEyNjEtOGY4My00ZjZhLTg3YWItY2Y0MWY3NmQ3ZjAz
LzEvTkNzRGlXeDJhWUtHLUlHbXVrY3FDTGVXUEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuaccMBQE
AgACMA4DBQMqCgKAAwUDKgs6ADANBgkqhkiG9w0BAQsFAAOCAQEArr/Nu/hQxRuN
R0EYloYC13hRwPFkXLdNZK7nzsEecXiXDXixbQQj88L3F+pNC7/lbIVqw8OtQoaU
3xxbhW7wOcGO9mMvQLZXLKlZxpwRoPRq4hRO0u3Q3ziNIuHS0IMyNdgxFKLBaThD
JOE6u1waSaYn1VFAiQ1vMY48opbxE/DEzNev2LnyhYP8HP7pYklJ3zTJrWtgJz00
uPh3/OZGUujg90AhTc0ivntZP8F3ChLKvEuwC7dp81Qc1jtav+rox6wzI8MNN0tK
q/l9g2Vl2I317vxDsGRnJua7b/CTdWunD1dD7qeiiVbQuvFOTeWAnx+2wjZGnYB1
01nitPtsMw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:04 2023 by rpki-client on console-ams.rpki-client.org