Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/XzrBYfMk2UdIiND3gV-U64DOhtA.roa
File: XzrBYfMk2UdIiND3gV-U64DOhtA.roa (raw, json)
Hash identifier: z8ao/VNDm8lpBTvXJreD9wvHWvfJga9XDnGg/WjNU4I=
Subject key identifier: 5F:3A:C1:61:F3:24:D9:47:48:88:D0:F7:81:5F:94:EB:80:CE:86:D0
Certificate issuer: /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial: 018978337D9755FA7A54F33EDC97DA0A653B
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/XzrBYfMk2UdIiND3gV-U64DOhtA.roa
Signing time: Fri 21 Jul 2023 11:26:27 +0000
ROA not before: Fri 21 Jul 2023 11:26:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60840
IP address blocks: 195.54.166.0/24 maxlen: 24
195.54.167.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:78:33:7d:97:55:fa:7a:54:f3:3e:dc:97:da:0a:65:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Validity
Not Before: Jul 21 11:26:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f3ac161f324d9474888d0f7815f94eb80ce86d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:3a:8b:42:44:89:49:d5:b9:a1:42:3b:73:db:
09:28:47:6b:72:b7:4c:35:08:78:44:b4:7b:69:9a:
69:5a:9a:e0:cf:1b:c1:48:e8:3e:d8:87:9e:22:dd:
ea:1b:fb:24:d9:80:47:53:0c:14:52:c1:a3:a0:da:
bc:3d:62:00:f9:51:c1:f7:3e:7e:f5:8f:f1:be:54:
6b:fa:e8:16:93:16:ed:8f:e0:6c:d9:66:2e:1f:87:
84:9b:57:e2:0c:03:0b:3f:82:5e:db:a1:00:0c:2b:
dc:d7:5d:d9:b8:fa:5b:5e:55:c7:a0:00:c5:71:a4:
e4:26:06:eb:bd:4f:25:59:ad:fc:4e:27:c0:4a:67:
0c:f4:4a:e1:fd:7b:74:d9:50:b6:89:d7:ab:82:6a:
9e:56:50:f9:c9:0d:78:2f:f2:55:b7:96:6d:d7:26:
5e:6f:85:c7:b6:1a:0a:91:e0:b3:49:08:30:ce:ef:
1a:1e:31:73:5a:2b:c2:51:5b:1a:43:9e:d7:2f:91:
fc:95:04:b2:76:37:41:54:8f:7d:e3:33:39:cf:c8:
3e:36:5d:a8:79:78:d0:78:86:e4:5d:44:f7:bc:7d:
42:c9:58:ab:5f:25:fd:cd:3c:53:8f:8d:3c:3c:d7:
30:c1:3a:1a:78:83:66:c5:6a:30:45:e8:ec:0d:66:
38:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:3A:C1:61:F3:24:D9:47:48:88:D0:F7:81:5F:94:EB:80:CE:86:D0
X509v3 Authority Key Identifier:
keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/XzrBYfMk2UdIiND3gV-U64DOhtA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.54.166.0/23
Signature Algorithm: sha256WithRSAEncryption
37:6b:db:15:2c:35:92:67:bb:2a:5f:63:18:ce:22:af:6d:46:
a1:8e:ce:88:8d:59:45:6f:37:5c:7e:b4:3c:a4:42:af:6f:f6:
b9:03:d0:fc:3d:03:43:a6:0d:af:1c:8a:cf:5c:95:92:f7:bb:
ec:2b:f6:5c:98:ad:ce:48:28:74:c8:c1:94:4f:0f:5a:d1:fe:
11:70:ff:c4:21:aa:2c:47:9e:20:0a:96:d6:85:43:ab:4e:3d:
80:c4:83:df:b0:f2:c6:e9:cf:55:24:47:b2:f1:7c:e0:40:d2:
10:26:99:99:af:3b:1e:6c:78:96:56:fe:d0:53:59:e7:c9:51:
d2:1b:d8:a3:65:0b:c6:84:7d:7a:df:ba:41:ab:77:6c:f6:03:
4c:81:88:59:90:a3:13:b8:6d:64:94:79:4b:ad:26:f6:82:11:
b1:b4:8f:b9:f7:b1:4f:ed:49:ae:c6:09:f5:af:36:4b:c3:0f:
b9:4a:5a:b8:57:e9:8b:5f:e8:33:aa:11:f9:f3:ca:2a:c0:1f:
31:dd:10:10:c8:35:60:30:57:e2:3f:09:58:4b:d7:2f:9d:aa:
bb:45:cb:13:ac:27:8c:cc:eb:f4:94:da:4a:03:4a:5e:1c:57:
26:aa:39:13:1e:39:29:bc:83:d9:de:31:07:be:c6:4f:6b:6a:
7d:17:2c:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYl4M32XVfp6VPM+3JfaCmU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjMwNzIxMTEyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNhYzE2MWYzMjRkOTQ3NDg4OGQwZjc4MTVmOTRlYjgwY2U4NmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDqLQkSJSdW5oUI7c9sJKEdrcrdM
NQh4RLR7aZppWprgzxvBSOg+2IeeIt3qG/sk2YBHUwwUUsGjoNq8PWIA+VHB9z5+
9Y/xvlRr+ugWkxbtj+Bs2WYuH4eEm1fiDAMLP4Je26EADCvc113ZuPpbXlXHoADF
caTkJgbrvU8lWa38TifASmcM9Erh/Xt02VC2idergmqeVlD5yQ14L/JVt5Zt1yZe
b4XHthoKkeCzSQgwzu8aHjFzWivCUVsaQ57XL5H8lQSydjdBVI994zM5z8g+Nl2o
eXjQeIbkXUT3vH1CyVirXyX9zTxTj408PNcwwToaeINmxWowRejsDWY4oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF86wWHzJNlHSIjQ94FflOuAzobQMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvWHpyQllmTWsyVWRJaU5EM2dWLVU2NERPaHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzamMA0G
CSqGSIb3DQEBCwUAA4IBAQA3a9sVLDWSZ7sqX2MYziKvbUahjs6IjVlFbzdcfrQ8
pEKvb/a5A9D8PQNDpg2vHIrPXJWS97vsK/ZcmK3OSCh0yMGUTw9a0f4RcP/EIaos
R54gCpbWhUOrTj2AxIPfsPLG6c9VJEey8XzgQNIQJpmZrzsebHiWVv7QU1nnyVHS
G9ijZQvGhH1637pBq3ds9gNMgYhZkKMTuG1klHlLrSb2ghGxtI+597FP7Umuxgn1
rzZLww+5Slq4V+mLX+gzqhH588oqwB8x3RAQyDVgMFfiPwlYS9cvnaq7RcsTrCeM
zOv0lNpKA0peHFcmqjkTHjkpvIPZ3jEHvsZPa2p9Fyy7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:54 2024 by rpki-client on console-fra.rpki-client.org