Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/mWAV_CXxr1jKbBRPbAD85bH8e_8.roa
File: mWAV_CXxr1jKbBRPbAD85bH8e_8.roa (raw, json)
Hash identifier: f8yVPWBXyMVAdOZdMYGAMocn8SAL/1Exv2JJYiMd85w=
Subject key identifier: 99:60:15:FC:25:F1:AF:58:CA:6C:14:4F:6C:00:FC:E5:B1:FC:7B:FF
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 032444E2
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/mWAV_CXxr1jKbBRPbAD85bH8e_8.roa
Signing time: Sat 01 Jan 2022 12:02:31 +0000
ROA not before: Sat 01 Jan 2022 12:02:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20616
IP address blocks: 195.246.242.0/23 maxlen: 23
86.105.192.0/24 maxlen: 24
89.44.188.0/24 maxlen: 24
85.204.198.0/24 maxlen: 24
91.208.142.0/24 maxlen: 24
188.214.16.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 52708578 (0x32444e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Jan 1 12:02:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=996015fc25f1af58ca6c144f6c00fce5b1fc7bff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:16:c9:7e:3e:c9:54:82:10:2a:3c:00:ab:10:
87:85:c1:b3:4e:ed:03:df:93:9d:ae:1d:d4:81:1a:
40:89:96:d1:9a:a2:ad:48:73:fa:bd:5c:8f:b3:18:
0b:8c:fb:3d:03:2c:a6:e9:10:1b:3b:a2:d1:85:7a:
dd:d3:b7:13:05:e1:22:83:b3:4d:a1:d5:3d:f0:f3:
43:57:cd:97:59:6a:b9:c3:a9:83:27:eb:d8:70:8f:
ff:dd:b2:4c:7b:38:54:68:f4:67:08:77:15:77:1a:
7d:9a:5e:c2:79:fb:f3:79:de:8a:16:de:ac:96:65:
2f:85:a4:49:f4:15:5c:a4:5e:33:85:80:66:14:94:
de:07:6a:18:2d:f6:af:9f:d2:31:ff:1b:22:2f:7c:
45:72:4e:2f:22:19:1b:32:27:39:61:dd:8c:28:5b:
4d:f4:61:07:98:66:23:f1:87:c4:bb:03:7c:c6:b1:
07:46:8b:d3:d0:9e:2b:d3:9b:c4:a2:50:44:d5:7a:
d8:7f:5f:cf:71:4b:b1:49:ff:28:d3:13:80:b2:0e:
1c:cf:3f:e5:df:52:87:b8:24:73:b2:32:32:82:26:
f1:a7:be:2b:ea:f9:ee:6a:74:d7:54:63:5a:35:72:
0e:44:a2:19:e2:a0:26:3a:52:3f:20:a0:7c:0e:21:
cb:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:60:15:FC:25:F1:AF:58:CA:6C:14:4F:6C:00:FC:E5:B1:FC:7B:FF
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/mWAV_CXxr1jKbBRPbAD85bH8e_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.198.0/24
86.105.192.0/24
89.44.188.0/24
91.208.142.0/24
188.214.16.0/21
195.246.242.0/23
Signature Algorithm: sha256WithRSAEncryption
18:db:06:a2:d3:d9:09:b1:e0:db:2b:44:67:5e:1a:06:3e:0d:
08:08:31:d3:89:c3:73:f5:22:d8:9c:b9:69:e2:71:0b:6e:5e:
5f:c8:9d:6e:9c:f8:b7:88:ad:96:df:5f:62:e7:8f:f9:4e:12:
29:24:ec:f0:92:cb:9d:a7:0c:1e:41:64:e2:6c:d1:ea:7a:9c:
61:76:93:f2:e7:04:59:52:cf:05:1f:ac:5b:21:09:f1:1c:d6:
6f:72:f8:71:62:5b:dd:f8:6c:65:e1:2a:31:c2:0e:df:1a:ee:
77:0c:15:24:36:c4:19:54:d5:2e:4f:17:72:83:2a:65:f1:a9:
7f:5d:0f:fe:79:0e:67:55:1b:69:1a:fa:8a:a3:55:3a:5e:8d:
b4:a2:c9:af:4d:fc:fa:84:e6:74:ad:2b:cc:a8:23:79:14:49:
be:a6:dd:7f:49:23:b2:11:ac:b9:cc:81:9d:8e:17:46:6d:91:
2e:f1:db:46:1e:5e:b0:9b:68:e7:cc:f7:0d:8f:0c:50:d3:d3:
6a:32:6a:1c:13:74:48:17:58:e6:c3:bc:3d:5b:de:24:83:75:
7a:12:99:d1:df:8d:0c:ba:de:41:77:45:0e:d9:ce:56:1e:e9:
7a:45:8d:1c:92:78:49:7f:19:5c:6b:66:b4:b4:13:e3:28:55:
5e:8c:4d:f4
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEAyRE4jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDhhZjQ4NWI0ZmQwZjAzNzE3Y2Q0YTcwOWVmMTFjNjFkM2VmNDZlMB4XDTIyMDEw
MTEyMDIzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTk2MDE1ZmMyNWYx
YWY1OGNhNmMxNDRmNmMwMGZjZTViMWZjN2JmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM8WyX4+yVSCECo8AKsQh4XBs07tA9+Tna4d1IEaQImW0Zqi
rUhz+r1cj7MYC4z7PQMspukQGzui0YV63dO3EwXhIoOzTaHVPfDzQ1fNl1lqucOp
gyfr2HCP/92yTHs4VGj0Zwh3FXcafZpewnn783neihberJZlL4WkSfQVXKReM4WA
ZhSU3gdqGC32r5/SMf8bIi98RXJOLyIZGzInOWHdjChbTfRhB5hmI/GHxLsDfMax
B0aL09CeK9ObxKJQRNV62H9fz3FLsUn/KNMTgLIOHM8/5d9Sh7gkc7IyMoIm8ae+
K+r57mp011RjWjVyDkSiGeKgJjpSPyCgfA4hyz8CAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBSZYBX8JfGvWMpsFE9sAPzlsfx7/zAfBgNVHSMEGDAWgBRAivSFtP0PA3F8
1KcJ7xHGHT70bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJcjBoYlQ5RHdOeGZOU25DZThSeGgwLTlHNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8x
L21XQVZfQ1h4cjFqS2JCUlBiQUQ4NWJIOGVfOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8xL1FJcjBoYlQ5RHdO
eGZOU25DZThSeGgwLTlHNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAFXMxgMEAFZpwAMEAFksvAMEAFvQ
jgMEA7zWEAMEAcP28jANBgkqhkiG9w0BAQsFAAOCAQEAGNsGotPZCbHg2ytEZ14a
Bj4NCAgx04nDc/Ui2Jy5aeJxC25eX8idbpz4t4itlt9fYueP+U4SKSTs8JLLnacM
HkFk4mzR6nqcYXaT8ucEWVLPBR+sWyEJ8RzWb3L4cWJb3fhsZeEqMcIO3xrudwwV
JDbEGVTVLk8XcoMqZfGpf10P/nkOZ1UbaRr6iqNVOl6NtKLJr038+oTmdK0rzKgj
eRRJvqbdf0kjshGsucyBnY4XRm2RLvHbRh5esJto58z3DY8MUNPTajJqHBN0SBdY
5sO8PVveJIN1ehKZ0d+NDLreQXdFDtnOVh7pekWNHJJ4SX8ZXGtmtLQT4yhVXoxN
9A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:06 2024 by rpki-client on console-ams.rpki-client.org