Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/caJNc_Dh-Wbq4zflCD1cRvSzUAY.roa
File: caJNc_Dh-Wbq4zflCD1cRvSzUAY.roa (raw, json)
Hash identifier: exWCAdvm2K29lp932Swo2L1BBqT8fl9IqlKtLYZc0zE=
Subject key identifier: 71:A2:4D:73:F0:E1:F9:66:EA:E3:37:E5:08:3D:5C:46:F4:B3:50:06
Certificate issuer: /CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Certificate serial: 01856F54B8EF6C8B73277A56D5CCDF1438B0
Authority key identifier: F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/caJNc_Dh-Wbq4zflCD1cRvSzUAY.roa
Signing time: Sun 01 Jan 2023 21:55:01 +0000
ROA not before: Sun 01 Jan 2023 21:55:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211467
IP address blocks: 193.34.83.0/24 maxlen: 24
185.98.216.0/24 maxlen: 24
185.98.219.0/24 maxlen: 24
185.98.217.0/24 maxlen: 24
185.98.218.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:54:b8:ef:6c:8b:73:27:7a:56:d5:cc:df:14:38:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Validity
Not Before: Jan 1 21:55:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=71a24d73f0e1f966eae337e5083d5c46f4b35006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a1:aa:a4:8b:1c:7f:2b:8f:73:41:46:ee:27:
bf:36:7b:c1:43:26:f2:01:ec:1e:74:80:78:d1:87:
3e:5c:c6:10:30:20:e5:72:a1:3c:3a:76:0a:fb:fe:
af:db:39:54:93:79:aa:65:c5:9f:5a:c3:64:35:73:
ab:cf:6c:32:d5:ec:c8:e5:b3:86:18:f8:86:dd:c0:
05:dd:48:6d:48:cd:b7:c1:f8:2c:f1:8f:0c:35:68:
70:e0:f2:18:0f:a7:69:3c:46:8b:39:ca:8f:22:b8:
7d:13:af:49:2e:f5:61:7c:c8:d9:fb:bb:fd:85:f0:
d1:95:c0:7c:d8:b6:95:90:f1:77:be:2d:fc:bd:96:
40:5f:f4:a8:a1:85:f0:f8:35:01:62:dd:d3:9c:8d:
cc:84:08:56:74:49:6c:04:15:42:bf:08:bb:7b:8a:
8d:38:60:df:f7:c1:96:db:56:a3:67:1a:04:84:63:
12:ac:e7:2b:93:6b:1b:46:1f:38:00:d2:aa:1c:2d:
72:eb:4f:ac:1b:9f:2a:f9:f1:1f:04:95:cf:78:65:
78:49:d3:e3:cb:8e:5c:2d:cc:83:bd:a9:13:4d:a5:
83:cb:6f:3b:3e:53:b9:c9:c5:82:4c:1f:44:72:e0:
da:34:ff:1e:03:14:ae:1a:f3:ac:85:e2:2f:fc:9b:
de:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:A2:4D:73:F0:E1:F9:66:EA:E3:37:E5:08:3D:5C:46:F4:B3:50:06
X509v3 Authority Key Identifier:
keyid:F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/caJNc_Dh-Wbq4zflCD1cRvSzUAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.98.216.0/22
193.34.83.0/24
Signature Algorithm: sha256WithRSAEncryption
24:06:66:a2:dd:bd:a2:4e:5d:c4:a1:9d:77:68:9c:d0:b2:d5:
0c:d1:21:96:42:44:b8:df:28:88:b1:e0:3c:34:83:c8:52:16:
34:d2:ec:a2:c5:4b:7e:56:aa:63:fe:b5:90:35:e9:e2:e9:22:
2b:5a:12:22:ce:21:d6:71:29:9a:28:4c:ff:e8:5d:ea:f4:28:
99:c3:13:a4:1c:37:51:b7:db:11:07:2e:6e:60:98:f7:ed:2e:
a2:9d:9e:ee:4a:00:e7:d1:5b:63:c6:e4:06:0b:d8:15:73:f5:
ec:7d:87:5a:bb:9d:c0:64:ee:00:2a:df:ff:0d:f1:26:72:9e:
94:07:54:ac:b8:ce:55:40:5e:be:d8:dc:5b:02:4e:ac:69:a0:
2c:b3:02:43:81:38:01:86:24:7f:13:7a:43:9e:78:b3:f2:8a:
d3:77:3d:a9:79:1a:75:a5:f8:44:2f:7f:6e:e4:5a:ad:ca:f1:
34:b1:ca:cf:29:be:f9:c6:5c:8c:9e:18:88:55:c9:04:a3:03:
88:31:2c:22:46:84:14:2d:9a:46:46:27:07:46:93:11:5b:a9:
dd:fc:54:b2:f7:91:a9:46:c6:de:63:3b:e7:1e:7f:97:79:8e:
c2:0c:9d:36:f3:60:5d:e9:b8:4e:f5:dc:ea:90:07:2c:11:b1:
3a:c1:21:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVvVLjvbItzJ3pW1czfFDiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2FhNzk3YjkwMGZjMzU1ZmMyNDEyNDY3NzUxZWViMmMx
YzY0YmUwHhcNMjMwMTAxMjE1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWEyNGQ3M2YwZTFmOTY2ZWFlMzM3ZTUwODNkNWM0NmY0YjM1MDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6GqpIscfyuPc0FG7ie/NnvBQyby
AewedIB40Yc+XMYQMCDlcqE8OnYK+/6v2zlUk3mqZcWfWsNkNXOrz2wy1ezI5bOG
GPiG3cAF3UhtSM23wfgs8Y8MNWhw4PIYD6dpPEaLOcqPIrh9E69JLvVhfMjZ+7v9
hfDRlcB82LaVkPF3vi38vZZAX/SooYXw+DUBYt3TnI3MhAhWdElsBBVCvwi7e4qN
OGDf98GW21ajZxoEhGMSrOcrk2sbRh84ANKqHC1y60+sG58q+fEfBJXPeGV4SdPj
y45cLcyDvakTTaWDy287PlO5ycWCTB9EcuDaNP8eAxSuGvOsheIv/JvelQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHGiTXPw4flm6uM35Qg9XEb0s1AGMB8GA1UdIwQY
MBaAFPjKp5e5APw1X8JBJGd1HussHGS+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NcW5sN2tBX0RWZndrRWtaM1VlNnl3Y1pMNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4
LTlkYjNkNDRjNmQyZi8xL2NhSk5jX0RoLVdicTR6ZmxDRDFjUnZTelVBWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4LTlkYjNkNDRjNmQy
Zi8xLzEtTXFubDdrQV9EVmZ3a0VrWjNVZTZ5d2NaTDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK5YtgD
BADBIlMwDQYJKoZIhvcNAQELBQADggEBACQGZqLdvaJOXcShnXdonNCy1QzRIZZC
RLjfKIix4Dw0g8hSFjTS7KLFS35WqmP+tZA16eLpIitaEiLOIdZxKZooTP/oXer0
KJnDE6QcN1G32xEHLm5gmPftLqKdnu5KAOfRW2PG5AYL2BVz9ex9h1q7ncBk7gAq
3/8N8SZynpQHVKy4zlVAXr7Y3FsCTqxpoCyzAkOBOAGGJH8TekOeeLPyitN3Pal5
GnWl+EQvf27kWq3K8TSxys8pvvnGXIyeGIhVyQSjA4gxLCJGhBQtmkZGJwdGkxFb
qd38VLL3kalGxt5jO+cef5d5jsIMnTbzYF3puE713OqQBywRsTrBITc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:17 2024 by rpki-client on console-ams.rpki-client.org