Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/_rKMhplHHl02XStnOk64AU16MzY.roa
File: _rKMhplHHl02XStnOk64AU16MzY.roa (raw, json)
Hash identifier: uB9umiHzjwV+C/rHRLTpVQuxNyL64cg9c5Ao0aA/S+s=
Subject key identifier: FE:B2:8C:86:99:47:1E:5D:36:5D:2B:67:3A:4E:B8:01:4D:7A:33:36
Certificate issuer: /CN=342b03896c76698286f881a6ba472a08b7963ca2
Certificate serial: 0D4FD493
Authority key identifier: 34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/_rKMhplHHl02XStnOk64AU16MzY.roa
Signing time: Sat 01 Jan 2022 15:00:17 +0000
ROA not before: Sat 01 Jan 2022 15:00:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34695
IP address blocks: 185.178.100.0/22 maxlen: 22
185.167.28.0/22 maxlen: 22
2a0b:3a00::/29 maxlen: 29
2a0a:280::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 223335571 (0xd4fd493)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=342b03896c76698286f881a6ba472a08b7963ca2
Validity
Not Before: Jan 1 15:00:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=feb28c8699471e5d365d2b673a4eb8014d7a3336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:0f:07:20:6f:a1:b2:64:63:86:03:bd:ae:48:
13:7b:18:45:a8:4e:6a:84:42:0a:1f:ea:ff:79:19:
55:ab:a5:e6:60:e7:db:d8:b9:f2:e2:0e:e1:64:d2:
c0:57:8d:63:b0:38:b0:54:36:c4:98:1d:a0:dc:b4:
43:88:a3:83:89:15:99:42:18:b9:06:3e:13:ae:c0:
15:bf:df:eb:52:82:47:70:46:57:ea:5c:2b:5b:f9:
e9:67:ed:02:9d:fd:e2:2f:80:b7:ad:8b:9a:ef:19:
66:41:57:82:ea:61:ad:f3:d7:04:04:9b:54:6c:f4:
72:c7:d7:2d:44:e6:e1:84:25:05:99:1d:24:fa:38:
6f:a2:e8:3c:04:00:12:2c:94:6a:95:f0:95:dc:3f:
64:e3:c5:4b:03:e1:86:84:1a:3a:80:dc:56:82:70:
49:cc:fb:1c:b8:84:49:ea:e2:03:0d:c1:d1:9d:fa:
eb:66:b7:89:9a:83:e1:4c:5a:1e:3a:b3:c7:59:c7:
27:ca:c4:0d:3c:69:93:56:be:aa:a2:f4:63:44:73:
0d:88:c0:10:40:ba:a2:63:7b:9e:e0:16:59:a0:9c:
ba:33:10:db:b3:75:21:5e:dd:7c:69:6e:ea:f6:db:
db:5f:ce:1f:37:5e:c3:27:74:d8:90:5a:fd:1e:9d:
69:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:B2:8C:86:99:47:1E:5D:36:5D:2B:67:3A:4E:B8:01:4D:7A:33:36
X509v3 Authority Key Identifier:
keyid:34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/_rKMhplHHl02XStnOk64AU16MzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/NCsDiWx2aYKG-IGmukcqCLeWPKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.167.28.0/22
185.178.100.0/22
IPv6:
2a0a:280::/29
2a0b:3a00::/29
Signature Algorithm: sha256WithRSAEncryption
93:71:47:83:5c:ff:9f:50:03:ad:bd:1e:95:27:1b:d0:90:1b:
09:9c:cf:11:31:dc:37:1d:f5:c2:c1:76:c2:b7:b3:3d:23:0e:
34:67:9c:36:37:d1:89:fb:fd:a3:d7:03:a3:be:59:a6:14:6e:
9a:95:f7:8b:9d:44:48:bf:11:e7:26:1f:0c:8c:ba:f1:5b:03:
a7:5d:98:94:42:8a:de:dc:ec:64:40:eb:94:59:72:87:5a:f2:
5d:8b:79:a7:7c:62:13:cf:ba:fc:7e:a5:20:3e:a0:11:7a:88:
33:8f:bd:32:4a:be:fc:06:08:d4:74:52:3f:a4:df:62:f2:b5:
6a:46:d0:d7:ff:8c:fa:22:58:60:cf:0c:2f:ff:b7:21:08:d6:
16:bc:ed:84:df:5c:d1:61:c9:13:3d:bc:92:a8:f2:b1:1a:70:
3a:92:0a:83:34:f6:3e:ac:fc:b5:85:e3:df:d3:90:53:63:ad:
f7:9a:09:5f:67:3a:fa:d2:86:b0:9a:76:f5:27:11:4d:93:c6:
72:2d:a8:68:e9:f0:d1:98:02:21:f5:99:52:7b:83:d1:27:f7:
a9:37:dd:38:05:39:86:0c:e4:30:7c:f5:4b:84:90:25:ba:f8:
8a:ee:19:9b:42:21:3f:dc:13:6f:be:1e:17:77:fb:33:88:c8:
45:f5:a2:be
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEDU/UkzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDJiMDM4OTZjNzY2OTgyODZmODgxYTZiYTQ3MmEwOGI3OTYzY2EyMB4XDTIyMDEw
MTE1MDAxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmViMjhjODY5OTQ3
MWU1ZDM2NWQyYjY3M2E0ZWI4MDE0ZDdhMzMzNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALoPByBvobJkY4YDva5IE3sYRahOaoRCCh/q/3kZVaul5mDn
29i58uIO4WTSwFeNY7A4sFQ2xJgdoNy0Q4ijg4kVmUIYuQY+E67AFb/f61KCR3BG
V+pcK1v56WftAp394i+At62Lmu8ZZkFXguphrfPXBASbVGz0csfXLUTm4YQlBZkd
JPo4b6LoPAQAEiyUapXwldw/ZOPFSwPhhoQaOoDcVoJwScz7HLiESeriAw3B0Z36
62a3iZqD4UxaHjqzx1nHJ8rEDTxpk1a+qqL0Y0RzDYjAEEC6omN7nuAWWaCcujMQ
27N1IV7dfGlu6vbb21/OHzdewyd02JBa/R6daUMCAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBT+soyGmUceXTZdK2c6TrgBTXozNjAfBgNVHSMEGDAWgBQ0KwOJbHZpgob4
gaa6RyoIt5Y8ojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Dc0RpV3gyYVlLRy1JR211a2NxQ0xlV1BLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvZDFhMjYxLThmODMtNGY2YS04N2FiLWNmNDFmNzZkN2YwMy8x
L19yS01ocGxISGwwMlhTdG5PazY0QVUxNk16WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
ZDFhMjYxLThmODMtNGY2YS04N2FiLWNmNDFmNzZkN2YwMy8xL05Dc0RpV3gyYVlL
Ry1JR211a2NxQ0xlV1BLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEArmnHAMEArmyZDAUBAIAAjAOAwUD
KgoCgAMFAyoLOgAwDQYJKoZIhvcNAQELBQADggEBAJNxR4Nc/59QA629HpUnG9CQ
GwmczxEx3Dcd9cLBdsK3sz0jDjRnnDY30Yn7/aPXA6O+WaYUbpqV94udREi/Eecm
HwyMuvFbA6ddmJRCit7c7GRA65RZcoda8l2Lead8YhPPuvx+pSA+oBF6iDOPvTJK
vvwGCNR0Uj+k32LytWpG0Nf/jPoiWGDPDC//tyEI1ha87YTfXNFhyRM9vJKo8rEa
cDqSCoM09j6s/LWF49/TkFNjrfeaCV9nOvrShrCadvUnEU2TxnItqGjp8NGYAiH1
mVJ7g9En96k33TgFOYYM5DB89UuEkCW6+IruGZtCIT/cE2++Hhd3+zOIyEX1or4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:11 2024 by rpki-client on console-ams.rpki-client.org