Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/7aZpDgzb6UARFt9a7tYhMB7Q3l4.roa
File: 7aZpDgzb6UARFt9a7tYhMB7Q3l4.roa (raw, json)
Hash identifier: 4MUH0P4V6r0kbpMI0MD5Ku+ZEbJExPwODMl/6UV6ovQ=
Subject key identifier: ED:A6:69:0E:0C:DB:E9:40:11:16:DF:5A:EE:D6:21:30:1E:D0:DE:5E
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 018692CFD04BF146D825360971668B93A32B
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/7aZpDgzb6UARFt9a7tYhMB7Q3l4.roa
Signing time: Mon 27 Feb 2023 12:18:58 +0000
ROA not before: Mon 27 Feb 2023 12:18:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205516
IP address blocks: 193.106.99.0/24 maxlen: 24
91.198.101.0/24 maxlen: 24
193.43.250.0/24 maxlen: 24
2a0e:6600::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:92:cf:d0:4b:f1:46:d8:25:36:09:71:66:8b:93:a3:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Feb 27 12:18:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eda6690e0cdbe9401116df5aeed621301ed0de5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:c4:c9:42:95:0a:3f:95:87:e8:52:4c:10:41:
4c:23:6d:b5:2b:62:72:ae:9c:48:ec:a3:8d:cb:06:
33:5c:98:2e:77:8f:6a:3d:aa:e9:e4:fd:0a:c0:07:
6b:1d:6d:39:ae:fc:d0:5e:f3:8e:f0:c7:85:59:40:
36:5f:36:db:16:37:c6:43:43:ba:67:1f:eb:64:c5:
42:84:b3:de:45:8d:26:d7:85:60:9a:c3:db:96:63:
af:32:7a:7b:12:73:bc:c4:fc:a6:d4:75:02:78:92:
15:69:b2:6d:c8:aa:3e:a1:fe:27:97:c6:75:85:0e:
91:e2:68:bc:dc:a7:d1:e3:2f:ee:ec:d0:44:67:b8:
56:60:6f:e0:3f:18:41:4c:a8:17:64:6e:63:aa:b1:
d1:8e:4e:7a:c6:b6:7e:94:24:44:c5:5f:b5:88:80:
37:49:93:94:f7:55:47:60:0c:63:f4:cf:c7:a7:4a:
19:5c:f4:45:40:05:f1:cb:c5:d4:01:96:12:68:d0:
df:a9:17:a3:91:fc:bc:76:20:ab:3c:5a:12:c5:ce:
de:db:fc:9a:ea:3f:61:cc:f5:a0:b0:8c:96:4c:f9:
86:db:bc:f4:75:a2:9b:df:85:fb:69:85:07:ab:fb:
75:1c:db:0e:25:32:26:0a:1e:1f:45:fa:11:6d:70:
4d:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:A6:69:0E:0C:DB:E9:40:11:16:DF:5A:EE:D6:21:30:1E:D0:DE:5E
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/7aZpDgzb6UARFt9a7tYhMB7Q3l4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.101.0/24
193.43.250.0/24
193.106.99.0/24
IPv6:
2a0e:6600::/29
Signature Algorithm: sha256WithRSAEncryption
3f:12:e1:a8:17:bf:de:91:57:7f:e3:d1:42:8f:66:6f:5a:95:
8a:72:c8:bf:7a:0e:39:25:30:ba:35:b9:76:81:8e:15:4f:4b:
b9:23:a5:46:13:c9:c5:c5:a8:1f:c8:65:32:f9:d5:0d:f7:c5:
0f:fc:bf:dc:a0:39:d8:55:ec:35:0b:a8:2f:41:40:0e:d6:b6:
3a:3b:2c:c8:d7:ee:7f:b7:28:9e:90:ef:ee:9b:9e:20:aa:31:
2e:e6:1d:35:e9:ac:a8:36:a6:25:21:82:de:01:47:b6:fe:fe:
f4:93:d5:e3:d1:a2:93:51:d9:64:7f:62:0f:73:1b:fb:bb:5d:
7a:74:2b:2c:7f:d6:3e:e3:64:3c:c3:03:c9:f9:dc:2a:66:ba:
95:c4:d3:e4:33:b0:db:28:40:11:02:7a:64:50:b5:ea:71:84:
bb:c8:c1:87:ff:78:bd:d3:a9:5b:79:aa:cc:03:33:c1:0a:8b:
08:59:fa:62:2a:15:15:6a:1b:da:07:69:c3:0a:91:14:2c:0f:
01:bc:b3:8c:58:5c:4c:39:0f:29:93:23:bd:11:6c:78:27:97:
8f:88:5f:5b:9e:7b:96:cb:a5:2f:98:ee:d0:12:be:24:cb:01:
1b:71:a8:27:07:35:1d:f7:37:d1:7a:13:db:eb:b2:42:92:41:
5c:96:e1:26
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYaSz9BL8UbYJTYJcWaLk6MrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjMwMjI3MTIxODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGE2NjkwZTBjZGJlOTQwMTExNmRmNWFlZWQ2MjEzMDFlZDBkZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8TJQpUKP5WH6FJMEEFMI221K2Jy
rpxI7KONywYzXJgud49qParp5P0KwAdrHW05rvzQXvOO8MeFWUA2XzbbFjfGQ0O6
Zx/rZMVChLPeRY0m14VgmsPblmOvMnp7EnO8xPym1HUCeJIVabJtyKo+of4nl8Z1
hQ6R4mi83KfR4y/u7NBEZ7hWYG/gPxhBTKgXZG5jqrHRjk56xrZ+lCRExV+1iIA3
SZOU91VHYAxj9M/Hp0oZXPRFQAXxy8XUAZYSaNDfqRejkfy8diCrPFoSxc7e2/ya
6j9hzPWgsIyWTPmG27z0daKb34X7aYUHq/t1HNsOJTImCh4fRfoRbXBNcwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFO2maQ4M2+lAERbfWu7WITAe0N5eMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvN2FacERnemI2VUFSRnQ5YTd0WWhNQjdRM2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW8ZlAwQA
wSv6AwQAwWpjMA0EAgACMAcDBQMqDmYAMA0GCSqGSIb3DQEBCwUAA4IBAQA/EuGo
F7/ekVd/49FCj2ZvWpWKcsi/eg45JTC6Nbl2gY4VT0u5I6VGE8nFxagfyGUy+dUN
98UP/L/coDnYVew1C6gvQUAO1rY6OyzI1+5/tyiekO/um54gqjEu5h016ayoNqYl
IYLeAUe2/v70k9Xj0aKTUdlkf2IPcxv7u116dCssf9Y+42Q8wwPJ+dwqZrqVxNPk
M7DbKEARAnpkULXqcYS7yMGH/3i906lbearMAzPBCosIWfpiKhUVahvaB2nDCpEU
LA8BvLOMWFxMOQ8pkyO9EWx4J5ePiF9bnnuWy6UvmO7QEr4kywEbcagnBzUd9zfR
ehPb67JCkkFcluEm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:06 2024 by rpki-client on console-ams.rpki-client.org