Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5bcee0-512e-41f4-8d6b-95d16364dbb9/1/xrPi85CDM-n3uP9kYO3zkCQa2HY.roa
File: xrPi85CDM-n3uP9kYO3zkCQa2HY.roa (raw, json)
Hash identifier: xiZbL/e5tlJYET6SMe9n0o3vjqvkENKgVuza36z8RQU=
Subject key identifier: C6:B3:E2:F3:90:83:33:E9:F7:B8:FF:64:60:ED:F3:90:24:1A:D8:76
Certificate issuer: /CN=0804ace6946fb701bb2c45e30acafea66dac2f7a
Certificate serial: 018ADFCB575E118219FED31090179EC2A217
Authority key identifier: 08:04:AC:E6:94:6F:B7:01:BB:2C:45:E3:0A:CA:FE:A6:6D:AC:2F:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CASs5pRvtwG7LEXjCsr-pm2sL3o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/5bcee0-512e-41f4-8d6b-95d16364dbb9/1/xrPi85CDM-n3uP9kYO3zkCQa2HY.roa
Signing time: Fri 29 Sep 2023 07:15:59 +0000
ROA not before: Fri 29 Sep 2023 07:15:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216352
IP address blocks: 151.216.0.0/22 maxlen: 24
2001:67c:c4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:df:cb:57:5e:11:82:19:fe:d3:10:90:17:9e:c2:a2:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0804ace6946fb701bb2c45e30acafea66dac2f7a
Validity
Not Before: Sep 29 07:15:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c6b3e2f3908333e9f7b8ff6460edf390241ad876
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:fe:27:00:08:92:42:8b:54:0e:05:7a:d3:98:
43:80:2e:19:6c:5c:ef:03:2e:32:b2:1f:e9:2e:e0:
71:f1:0c:33:5e:a3:87:f3:6d:d0:e7:38:f9:5e:37:
4c:ea:c6:0c:da:59:b2:56:5b:77:04:de:c9:67:34:
3a:27:dd:fe:42:4f:8d:73:2c:ce:27:d4:a3:10:02:
94:88:cb:6c:7d:fb:a7:73:98:4f:1e:ab:f5:fe:5f:
c8:39:49:91:1f:66:f9:47:ad:18:03:37:9c:f4:15:
81:bc:57:eb:ec:bb:2d:16:24:95:16:f6:2e:1c:8f:
e2:c4:ea:41:e1:53:eb:4e:cf:5d:f5:77:3b:cd:72:
fb:0e:ff:b2:0f:e9:b1:aa:cb:57:55:f5:2d:88:7e:
46:7d:a1:a7:c9:a8:d9:90:28:8f:ad:18:8c:76:30:
92:c4:67:f6:93:c6:f2:f7:34:80:a3:5c:59:08:1f:
ef:66:b2:6d:8c:41:6d:45:47:95:11:99:7b:eb:a6:
bd:91:d9:ac:e3:be:45:9a:d2:16:0f:93:ee:13:99:
21:8b:35:33:c3:4f:9a:aa:af:e3:0b:60:a6:34:07:
97:a7:40:4e:50:9b:c8:e9:a2:2c:bb:0d:e2:ed:3b:
8d:2b:52:0e:46:ef:03:e8:43:b6:33:70:c9:28:ab:
76:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:B3:E2:F3:90:83:33:E9:F7:B8:FF:64:60:ED:F3:90:24:1A:D8:76
X509v3 Authority Key Identifier:
keyid:08:04:AC:E6:94:6F:B7:01:BB:2C:45:E3:0A:CA:FE:A6:6D:AC:2F:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CASs5pRvtwG7LEXjCsr-pm2sL3o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5bcee0-512e-41f4-8d6b-95d16364dbb9/1/xrPi85CDM-n3uP9kYO3zkCQa2HY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5bcee0-512e-41f4-8d6b-95d16364dbb9/1/CASs5pRvtwG7LEXjCsr-pm2sL3o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.0.0/22
IPv6:
2001:67c:c4::/48
Signature Algorithm: sha256WithRSAEncryption
ab:2a:43:ce:15:60:8e:06:79:0b:5f:5c:ee:7e:a4:ca:9d:52:
a0:d6:46:5e:d7:18:f3:43:01:2b:7a:ab:2c:61:46:ce:f5:a3:
87:c2:00:1b:88:1b:47:94:6e:27:8a:10:76:a5:a2:5c:3e:93:
e8:ac:92:84:99:04:34:bf:b9:19:57:4f:61:27:b4:3a:3e:96:
c6:24:15:45:af:5b:de:43:91:ad:41:21:59:16:17:c8:10:a1:
13:27:b4:89:ac:ac:2d:3a:2c:52:9f:d2:3e:e5:16:74:f4:2f:
ce:12:78:b7:be:85:d3:e2:35:77:f6:59:80:1c:63:45:db:5a:
27:37:10:4c:2f:71:c5:8a:c4:7c:a7:d7:87:85:64:f1:f2:4a:
e6:e8:52:fa:c2:a1:fe:f8:33:c2:35:b7:44:cb:fb:16:81:62:
17:07:05:20:f8:1b:60:fa:b6:ad:cb:ca:32:e5:03:1e:da:32:
09:f5:d0:ca:51:eb:d8:c3:53:b4:ae:f4:b0:bc:5e:2c:09:14:
bf:94:18:12:84:62:8c:21:60:c4:bf:5a:64:49:ba:41:3f:ee:
b7:09:a4:44:cb:b8:ec:d4:fc:46:0e:d8:4b:47:f5:3c:ab:75:
90:7d:00:97:e5:a1:02:b3:84:1b:be:cb:ab:18:b6:7a:b9:05:
f1:d0:d6:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYrfy1deEYIZ/tMQkBeewqIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDRhY2U2OTQ2ZmI3MDFiYjJjNDVlMzBhY2FmZWE2NmRh
YzJmN2EwHhcNMjMwOTI5MDcxNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmIzZTJmMzkwODMzM2U5ZjdiOGZmNjQ2MGVkZjM5MDI0MWFkODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf4nAAiSQotUDgV605hDgC4ZbFzv
Ay4ysh/pLuBx8QwzXqOH823Q5zj5XjdM6sYM2lmyVlt3BN7JZzQ6J93+Qk+NcyzO
J9SjEAKUiMtsffunc5hPHqv1/l/IOUmRH2b5R60YAzec9BWBvFfr7LstFiSVFvYu
HI/ixOpB4VPrTs9d9Xc7zXL7Dv+yD+mxqstXVfUtiH5GfaGnyajZkCiPrRiMdjCS
xGf2k8by9zSAo1xZCB/vZrJtjEFtRUeVEZl766a9kdms475FmtIWD5PuE5khizUz
w0+aqq/jC2CmNAeXp0BOUJvI6aIsuw3i7TuNK1IORu8D6EO2M3DJKKt2nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMaz4vOQgzPp97j/ZGDt85AkGth2MB8GA1UdIwQY
MBaAFAgErOaUb7cBuyxF4wrK/qZtrC96MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FTczVwUnZ0d0c3TEVYakNzci1wbTJzTDNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81YmNlZTAtNTEyZS00MWY0LThkNmIt
OTVkMTYzNjRkYmI5LzEveHJQaTg1Q0RNLW4zdVA5a1lPM3prQ1FhMkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81YmNlZTAtNTEyZS00MWY0LThkNmItOTVkMTYzNjRkYmI5
LzEvQ0FTczVwUnZ0d0c3TEVYakNzci1wbTJzTDNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCl9gAMA8E
AgACMAkDBwAgAQZ8AMQwDQYJKoZIhvcNAQELBQADggEBAKsqQ84VYI4GeQtfXO5+
pMqdUqDWRl7XGPNDASt6qyxhRs71o4fCABuIG0eUbieKEHalolw+k+iskoSZBDS/
uRlXT2EntDo+lsYkFUWvW95Dka1BIVkWF8gQoRMntImsrC06LFKf0j7lFnT0L84S
eLe+hdPiNXf2WYAcY0XbWic3EEwvccWKxHyn14eFZPHySuboUvrCof74M8I1t0TL
+xaBYhcHBSD4G2D6tq3LyjLlAx7aMgn10MpR69jDU7Su9LC8XiwJFL+UGBKEYowh
YMS/WmRJukE/7rcJpETLuOzU/EYO2EtH9TyrdZB9AJfloQKzhBu+y6sYtnq5BfHQ
1rc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:18 2024 by rpki-client on console-ams.rpki-client.org