Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa
File: TqoI9W3ik9rbUtY8B7108Kkyyac.roa (raw, json)
Hash identifier: PnOTRYHjuVcjFOPjwON8fvQxXuMMq8BVcBaiEQP/yvI=
Subject key identifier: 4E:AA:08:F5:6D:E2:93:DA:DB:52:D6:3C:07:BD:74:F0:A9:32:C9:A7
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 018458364A3ACA6988643F31F08A83D8B960
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa
Signing time: Tue 08 Nov 2022 17:07:43 +0000
ROA not before: Tue 08 Nov 2022 17:07:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59854
IP address blocks: 188.214.142.0/24 maxlen: 24
89.35.173.0/24 maxlen: 24
93.119.227.0/24 maxlen: 24
185.171.185.0/24 maxlen: 24
185.171.184.0/24 maxlen: 24
185.171.187.0/24 maxlen: 24
77.81.164.0/23 maxlen: 23
188.215.36.0/24 maxlen: 24
86.105.187.0/24 maxlen: 24
128.0.46.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:58:36:4a:3a:ca:69:88:64:3f:31:f0:8a:83:d8:b9:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Nov 8 17:07:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4eaa08f56de293dadb52d63c07bd74f0a932c9a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e4:0c:b7:d4:2d:39:cf:91:75:8a:61:93:e0:
66:41:b5:10:eb:8a:41:96:1e:b2:54:d5:36:50:7b:
64:a1:29:f1:a5:4e:60:cc:a9:18:44:cd:09:77:f5:
6c:8e:ff:0b:59:c7:9b:90:58:8c:01:7c:5c:10:8f:
f7:1a:e9:e8:50:72:d7:79:f9:5b:d6:58:57:24:9e:
85:3b:9c:28:69:f0:59:95:3c:ae:f7:2c:9f:d2:ae:
6b:38:d5:eb:78:b5:29:49:e9:62:38:d4:10:55:4e:
07:d1:75:b1:61:ff:dd:82:e8:00:ad:74:7a:e7:df:
d1:b7:e2:fe:f2:74:17:bc:00:5b:ef:a3:ac:c0:79:
a3:49:7c:11:e6:a4:a9:27:d8:d1:80:ab:95:61:4b:
c4:05:bb:0d:fc:3b:fe:92:27:7c:41:7a:03:9e:40:
68:4b:b1:74:8c:d1:fa:69:bd:d4:55:45:60:94:44:
24:8e:4b:81:35:55:f4:6a:6b:7e:37:4a:06:bc:ef:
8c:0e:38:a8:f2:5f:02:6a:27:b8:6a:17:36:52:2c:
74:f6:2e:6c:04:50:d8:ad:47:bc:5d:f2:aa:86:15:
e3:0e:a0:e0:b2:ea:40:ec:6a:c0:38:2d:1e:d5:02:
21:90:2f:b0:59:4e:2b:c6:65:7c:1f:94:74:84:18:
15:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:AA:08:F5:6D:E2:93:DA:DB:52:D6:3C:07:BD:74:F0:A9:32:C9:A7
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.164.0/23
86.105.187.0/24
89.35.173.0/24
93.119.227.0/24
128.0.46.0/23
185.171.184.0/23
185.171.187.0/24
188.214.142.0/24
188.215.36.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:05:21:86:0e:e0:c0:e2:94:c4:da:f3:23:f7:1b:04:0e:04:
e8:aa:91:25:4c:61:93:1e:bf:b4:ed:1a:71:11:40:ee:1b:b6:
c0:b3:e8:c0:b3:a8:57:ab:c7:6c:d0:4e:80:79:50:08:2f:8d:
3b:42:ca:31:9a:d8:8f:51:7f:85:01:95:dc:c8:df:dc:81:be:
4e:b4:09:12:dd:8e:f6:10:73:bf:ce:c4:1a:56:d4:01:d7:eb:
cf:ca:0d:25:f2:96:19:01:06:8a:75:bc:1a:97:9c:ff:41:13:
38:33:22:1c:fa:bf:54:8f:47:1a:f6:e4:e8:8d:9c:89:94:e4:
a1:a4:89:f4:00:87:14:5d:18:00:52:0a:21:48:99:f6:55:6d:
04:07:50:0d:83:bd:93:fa:71:3a:5b:d4:4c:e9:be:c9:7d:59:
6a:8f:ef:d2:c3:ad:f6:08:5a:f7:c6:43:90:73:9d:a8:1b:9d:
13:24:4a:ef:ea:44:68:f8:10:8d:ce:27:ea:a8:c7:ef:eb:37:
7d:49:46:30:38:71:3d:8e:c5:ab:01:25:82:2d:ab:09:9b:a3:
f2:07:6c:53:23:7d:98:f4:f8:01:6d:97:39:8d:fb:2a:f4:5d:
ad:aa:ce:67:17:5f:42:f6:d8:30:19:02:64:98:ab:e3:f2:76:
c7:6f:a0:27
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYRYNko6ymmIZD8x8IqD2LlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjIxMTA4MTcwNzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWFhMDhmNTZkZTI5M2RhZGI1MmQ2M2MwN2JkNzRmMGE5MzJjOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOQMt9QtOc+RdYphk+BmQbUQ64pB
lh6yVNU2UHtkoSnxpU5gzKkYRM0Jd/Vsjv8LWcebkFiMAXxcEI/3GunoUHLXeflb
1lhXJJ6FO5woafBZlTyu9yyf0q5rONXreLUpSeliONQQVU4H0XWxYf/dgugArXR6
59/Rt+L+8nQXvABb76OswHmjSXwR5qSpJ9jRgKuVYUvEBbsN/Dv+kid8QXoDnkBo
S7F0jNH6ab3UVUVglEQkjkuBNVX0amt+N0oGvO+MDjio8l8Caie4ahc2Uix09i5s
BFDYrUe8XfKqhhXjDqDgsupA7GrAOC0e1QIhkC+wWU4rxmV8H5R0hBgVHwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE6qCPVt4pPa21LWPAe9dPCpMsmnMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvVHFvSTlXM2lrOXJiVXRZOEI3MTA4S2t5eWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBTVGkAwQA
Vmm7AwQAWSOtAwQAXXfjAwQBgAAuAwQBuau4AwQAuau7AwQAvNaOAwQAvNckMA0G
CSqGSIb3DQEBCwUAA4IBAQB6BSGGDuDA4pTE2vMj9xsEDgToqpElTGGTHr+07Rpx
EUDuG7bAs+jAs6hXq8ds0E6AeVAIL407QsoxmtiPUX+FAZXcyN/cgb5OtAkS3Y72
EHO/zsQaVtQB1+vPyg0l8pYZAQaKdbwal5z/QRM4MyIc+r9Uj0ca9uTojZyJlOSh
pIn0AIcUXRgAUgohSJn2VW0EB1ANg72T+nE6W9RM6b7JfVlqj+/Sw632CFr3xkOQ
c52oG50TJErv6kRo+BCNzifqqMfv6zd9SUYwOHE9jsWrASWCLasJm6PyB2xTI32Y
9PgBbZc5jfsq9F2tqs5nF19C9tgwGQJkmKvj8nbHb6An
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:06 2024 by rpki-client on console-ams.rpki-client.org