Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hIZjmXNRZigyJkv_mkJ7ZAmRRsA.roa
File: hIZjmXNRZigyJkv_mkJ7ZAmRRsA.roa (raw, json)
Hash identifier: Uvyi5uAnjh1/7UZvoa2d8RJIneoWw5Ec+hdmQJamxrU=
Subject key identifier: 84:86:63:99:73:51:66:28:32:26:4B:FF:9A:42:7B:64:09:91:46:C0
Certificate issuer: /CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Certificate serial: 0185CA2470F4A34C9D61CA13A7C03E38BA88
Authority key identifier: F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hIZjmXNRZigyJkv_mkJ7ZAmRRsA.roa
Signing time: Thu 19 Jan 2023 13:07:43 +0000
ROA not before: Thu 19 Jan 2023 13:07:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211467
IP address blocks: 193.34.83.0/24 maxlen: 24
185.98.216.0/24 maxlen: 24
185.98.219.0/24 maxlen: 24
185.98.218.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ca:24:70:f4:a3:4c:9d:61:ca:13:a7:c0:3e:38:ba:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Validity
Not Before: Jan 19 13:07:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=848663997351662832264bff9a427b64099146c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:e8:e0:9a:4b:e3:ef:e1:df:b7:af:1d:ee:8e:
68:aa:ad:49:93:ef:cd:2b:b4:d3:ae:03:cf:d3:09:
25:fc:d3:78:32:d4:e5:1f:07:47:02:1d:07:1c:18:
68:05:f5:62:cb:ea:13:d2:04:85:2d:79:dd:3f:e7:
c8:62:31:04:0c:65:7d:a3:41:c1:eb:1f:44:f1:e7:
0b:91:db:12:75:73:23:33:c3:24:3e:c7:74:f8:62:
3a:e4:0a:8c:03:4a:51:b4:9a:6f:98:e8:7c:5f:1f:
ac:08:bd:08:8a:e4:91:64:98:06:13:35:9f:7c:95:
95:24:24:83:17:3a:96:93:cd:2b:73:7f:78:1b:92:
2c:00:11:60:c9:c4:5a:ef:08:80:6e:42:7c:25:77:
8a:7f:0c:9a:b6:fc:90:1c:93:ae:49:c5:c0:89:3a:
1e:78:96:57:7d:5a:14:e2:b6:a9:07:c6:8a:61:68:
23:c2:fd:5d:a7:d4:09:6c:8b:7a:c5:fb:08:07:aa:
52:cb:44:f2:67:b9:cd:7d:93:8e:b1:72:20:29:17:
a1:d3:3a:f3:ab:04:0b:8b:eb:c2:23:9d:45:10:db:
6b:f1:e4:4e:8a:5b:3a:8a:7e:0d:9b:13:26:b8:8a:
50:2f:d7:0a:57:94:0d:ad:9f:db:f2:76:4a:d2:25:
a9:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:86:63:99:73:51:66:28:32:26:4B:FF:9A:42:7B:64:09:91:46:C0
X509v3 Authority Key Identifier:
keyid:F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hIZjmXNRZigyJkv_mkJ7ZAmRRsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.98.216.0/24
185.98.218.0/23
193.34.83.0/24
Signature Algorithm: sha256WithRSAEncryption
39:3c:71:05:6c:7b:a9:17:c4:6d:9a:7e:f3:1e:d8:38:4e:f8:
60:fc:76:52:6e:2b:cd:45:cf:af:b4:c6:95:74:60:b3:f5:ce:
2a:e4:86:c7:b3:73:dd:d2:ce:bb:52:38:40:a4:d1:f6:88:14:
54:23:db:7f:55:87:97:7e:b6:fe:e0:13:d9:c9:31:5f:2d:f3:
9c:f8:81:4a:59:6b:85:7b:8f:35:c8:5e:56:d4:3b:c1:8f:89:
3a:34:b8:43:53:a9:2b:97:35:9f:d4:d0:72:cd:7d:f3:46:af:
91:96:70:39:e9:ac:ea:0e:dc:d0:bc:f6:35:3a:97:d7:ea:e7:
5a:65:42:01:3b:db:1b:6f:e9:58:f8:b0:a2:d2:69:9a:f9:89:
b6:33:61:41:7c:13:e5:f0:8d:a6:2c:00:e5:02:6c:3b:73:7d:
f7:5f:56:52:ea:03:49:e1:94:1c:2e:71:6a:9e:cd:df:e7:61:
12:69:b7:96:b3:95:41:24:10:46:f4:b2:67:f7:31:b0:19:f7:
af:90:f7:ea:5d:bf:2c:c2:a9:49:e4:0d:4e:f5:61:38:0d:14:
e6:bc:00:cb:3d:c7:43:fa:a3:75:57:a9:be:14:82:2e:1f:5a:
36:bb:3d:b9:af:3f:af:78:7c:8e:52:2f:0b:b8:84:f7:e4:bd:
72:d4:fe:a5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYXKJHD0o0ydYcoTp8A+OLqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2FhNzk3YjkwMGZjMzU1ZmMyNDEyNDY3NzUxZWViMmMx
YzY0YmUwHhcNMjMwMTE5MTMwNzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDg2NjM5OTczNTE2NjI4MzIyNjRiZmY5YTQyN2I2NDA5OTE0NmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+jgmkvj7+Hft68d7o5oqq1Jk+/N
K7TTrgPP0wkl/NN4MtTlHwdHAh0HHBhoBfViy+oT0gSFLXndP+fIYjEEDGV9o0HB
6x9E8ecLkdsSdXMjM8MkPsd0+GI65AqMA0pRtJpvmOh8Xx+sCL0IiuSRZJgGEzWf
fJWVJCSDFzqWk80rc394G5IsABFgycRa7wiAbkJ8JXeKfwyatvyQHJOuScXAiToe
eJZXfVoU4rapB8aKYWgjwv1dp9QJbIt6xfsIB6pSy0TyZ7nNfZOOsXIgKReh0zrz
qwQLi+vCI51FENtr8eROils6in4NmxMmuIpQL9cKV5QNrZ/b8nZK0iWpcwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFISGY5lzUWYoMiZL/5pCe2QJkUbAMB8GA1UdIwQY
MBaAFPjKp5e5APw1X8JBJGd1HussHGS+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NcW5sN2tBX0RWZndrRWtaM1VlNnl3Y1pMNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4
LTlkYjNkNDRjNmQyZi8xL2hJWmptWE5SWmlneUprdl9ta0o3WkFtUlJzQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4LTlkYjNkNDRjNmQy
Zi8xLzEtTXFubDdrQV9EVmZ3a0VrWjNVZTZ5d2NaTDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC5YtgD
BAG5YtoDBADBIlMwDQYJKoZIhvcNAQELBQADggEBADk8cQVse6kXxG2afvMe2DhO
+GD8dlJuK81Fz6+0xpV0YLP1zirkhsezc93SzrtSOECk0faIFFQj239Vh5d+tv7g
E9nJMV8t85z4gUpZa4V7jzXIXlbUO8GPiTo0uENTqSuXNZ/U0HLNffNGr5GWcDnp
rOoO3NC89jU6l9fq51plQgE72xtv6Vj4sKLSaZr5ibYzYUF8E+XwjaYsAOUCbDtz
ffdfVlLqA0nhlBwucWqezd/nYRJpt5azlUEkEEb0smf3MbAZ96+Q9+pdvyzCqUnk
DU71YTgNFOa8AMs9x0P6o3VXqb4Ugi4fWja7PbmvP694fI5SLwu4hPfkvXLU/qU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:17 2024 by rpki-client on console-ams.rpki-client.org