Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/Ky7FxifiQcO9XKEWBg7u9CwW8Rw.roa
File: Ky7FxifiQcO9XKEWBg7u9CwW8Rw.roa (raw, json)
Hash identifier: oPz/QGvx1hD8e21do6Z9RHqZy1mIs8wHsdRV3Ua9qKo=
Subject key identifier: 2B:2E:C5:C6:27:E2:41:C3:BD:5C:A1:16:06:0E:EE:F4:2C:16:F1:1C
Certificate issuer: /CN=0c4579a4028829d37acac65f66c056063251e57e
Certificate serial: 018CC5DC2343F7A43BE91F0670AAD6FA9D6B
Authority key identifier: 0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/Ky7FxifiQcO9XKEWBg7u9CwW8Rw.roa
Signing time: Mon 01 Jan 2024 16:29:47 +0000
ROA not before: Mon 01 Jan 2024 16:29:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47787
IP address blocks: 193.109.184.0/21 maxlen: 24
82.215.71.0/24 maxlen: 24
185.162.183.0/24 maxlen: 24
2001:b18::/32 maxlen: 48
2a12:c1c0::/29 maxlen: 29
2001:b18:bbbb::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:23:43:f7:a4:3b:e9:1f:06:70:aa:d6:fa:9d:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c4579a4028829d37acac65f66c056063251e57e
Validity
Not Before: Jan 1 16:29:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2b2ec5c627e241c3bd5ca116060eeef42c16f11c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:65:a9:3d:c9:15:41:e9:5d:93:a4:3e:05:3a:
66:69:29:7d:88:16:22:5e:d5:81:d2:96:46:75:c0:
f0:c3:da:08:af:87:58:e9:12:8a:e6:bb:94:c7:94:
02:33:2b:ad:07:06:14:f2:c2:5d:c0:64:79:92:c6:
32:fd:09:7e:9d:41:c6:9e:19:31:b9:9f:c0:58:3f:
a4:7e:79:8b:8f:41:23:2d:36:eb:26:19:03:6e:b2:
87:32:0a:26:6e:38:b4:b8:f6:39:27:19:68:c8:c1:
5f:8c:7c:51:05:c6:9d:3f:80:ae:0e:95:13:07:8d:
76:d6:53:03:7e:51:35:9d:cf:1a:d1:62:4c:65:43:
b6:62:ce:af:64:0d:ff:11:64:dc:9c:91:6d:07:e3:
d3:e2:0f:21:16:4b:33:61:ad:76:0a:de:bb:a9:c0:
65:fe:af:47:d2:16:29:f7:8e:19:4e:fe:e3:54:ee:
45:65:e7:fd:52:57:aa:d5:9f:1d:b3:0d:e9:bf:60:
9a:fd:da:51:00:ab:ad:7f:53:54:ad:7f:d5:e9:66:
9a:37:d0:c1:61:07:13:77:c1:aa:21:86:0d:44:6b:
39:04:d1:13:6d:76:98:bb:ef:38:48:39:9c:7a:ba:
a9:3b:4a:08:ef:48:62:0d:23:d4:8a:d5:fe:35:64:
da:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:2E:C5:C6:27:E2:41:C3:BD:5C:A1:16:06:0E:EE:F4:2C:16:F1:1C
X509v3 Authority Key Identifier:
keyid:0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/Ky7FxifiQcO9XKEWBg7u9CwW8Rw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/DEV5pAKIKdN6ysZfZsBWBjJR5X4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.215.71.0/24
185.162.183.0/24
193.109.184.0/21
IPv6:
2001:b18::/32
2a12:c1c0::/29
Signature Algorithm: sha256WithRSAEncryption
0d:1a:23:f6:6e:d8:2e:4b:c2:9b:da:cf:ba:cc:9b:13:7d:ef:
aa:4a:45:58:10:3b:21:ee:3c:db:75:1a:1a:47:25:a4:56:ab:
a2:bb:37:5d:55:aa:d2:a3:c6:eb:4f:c4:4a:b9:20:2b:5c:85:
df:9f:74:f8:79:e6:89:4a:91:c4:1b:5c:27:11:81:7a:e9:92:
a3:50:67:22:70:8f:c9:61:25:ef:a7:1f:f4:05:f1:84:31:a7:
80:8a:bc:e3:eb:74:20:33:a5:31:3d:f2:7d:cf:2a:2e:80:c2:
13:02:7f:6a:e6:4b:74:d0:52:39:fc:f9:7f:32:bf:d7:14:51:
e9:4c:e5:53:35:b7:1f:ca:01:fe:1e:27:a6:6c:30:b3:34:0e:
b1:4b:5c:fd:fd:15:3d:dc:fb:a1:61:ca:9d:77:de:45:d3:61:
81:07:aa:5a:fa:89:61:97:b7:56:5b:34:ec:08:fd:c0:28:95:
d9:b6:ef:de:e4:58:3f:5b:76:bf:c8:0b:4d:8d:df:c7:e0:bf:
34:e4:13:18:c1:9c:b7:c4:ec:ca:c3:76:bf:dd:59:4d:be:30:
21:e9:36:66:2b:fa:6a:f2:ed:a1:fa:a0:5d:81:2f:32:75:01:
d6:ec:f4:86:d5:98:a0:6a:17:41:d9:e8:d4:05:60:ed:51:c1:
9a:29:c4:04
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzF3CND96Q76R8GcKrW+p1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDU3OWE0MDI4ODI5ZDM3YWNhYzY1ZjY2YzA1NjA2MzI1
MWU1N2UwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJlYzVjNjI3ZTI0MWMzYmQ1Y2ExMTYwNjBlZWVmNDJjMTZmMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2WpPckVQeldk6Q+BTpmaSl9iBYi
XtWB0pZGdcDww9oIr4dY6RKK5ruUx5QCMyutBwYU8sJdwGR5ksYy/Ql+nUHGnhkx
uZ/AWD+kfnmLj0EjLTbrJhkDbrKHMgombji0uPY5JxloyMFfjHxRBcadP4CuDpUT
B4121lMDflE1nc8a0WJMZUO2Ys6vZA3/EWTcnJFtB+PT4g8hFkszYa12Ct67qcBl
/q9H0hYp944ZTv7jVO5FZef9Uleq1Z8dsw3pv2Ca/dpRAKutf1NUrX/V6WaaN9DB
YQcTd8GqIYYNRGs5BNETbXaYu+84SDmcerqpO0oI70hiDSPUitX+NWTaCwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCsuxcYn4kHDvVyhFgYO7vQsFvEcMB8GA1UdIwQY
MBaAFAxFeaQCiCnTesrGX2bAVgYyUeV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2It
M2M1MDE4MDc4MGIwLzEvS3k3RnhpZmlRY085WEtFV0JnN3U5Q3dXOFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2ItM2M1MDE4MDc4MGIw
LzEvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAUtdHAwQA
uaK3AwQDwW24MBQEAgACMA4DBQAgAQsYAwUDKhLBwDANBgkqhkiG9w0BAQsFAAOC
AQEADRoj9m7YLkvCm9rPusybE33vqkpFWBA7Ie4823UaGkclpFarors3XVWq0qPG
60/ESrkgK1yF3590+HnmiUqRxBtcJxGBeumSo1BnInCPyWEl76cf9AXxhDGngIq8
4+t0IDOlMT3yfc8qLoDCEwJ/auZLdNBSOfz5fzK/1xRR6UzlUzW3H8oB/h4npmww
szQOsUtc/f0VPdz7oWHKnXfeRdNhgQeqWvqJYZe3Vls07Aj9wCiV2bbv3uRYP1t2
v8gLTY3fx+C/NOQTGMGct8TsysN2v91ZTb4wIek2Ziv6avLtofqgXYEvMnUB1uz0
htWYoGoXQdno1AVg7VHBminEBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:26 2024 by rpki-client on console-ams.rpki-client.org