Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bk1hAYupLiEOLlJQgnKSxutP6Vc.roa
File: bk1hAYupLiEOLlJQgnKSxutP6Vc.roa (raw, json)
Hash identifier: 90lGJI22BRv/2vQWkounoLdDy/CfkBSlrlCu3v7QYQA=
Subject key identifier: 6E:4D:61:01:8B:A9:2E:21:0E:2E:52:50:82:72:92:C6:EB:4F:E9:57
Certificate issuer: /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial: 0184AA154003EED4906BF23F558B641DE8D6
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bk1hAYupLiEOLlJQgnKSxutP6Vc.roa
Signing time: Thu 24 Nov 2022 14:40:30 +0000
ROA not before: Thu 24 Nov 2022 14:40:30 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29470
IP address blocks: 87.245.192.0/20 maxlen: 20
139.45.216.0/21 maxlen: 21
139.45.224.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:aa:15:40:03:ee:d4:90:6b:f2:3f:55:8b:64:1d:e8:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
Validity
Not Before: Nov 24 14:40:30 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6e4d61018ba92e210e2e5250827292c6eb4fe957
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:b0:67:7b:88:f6:69:0f:e9:54:3a:72:de:32:
9b:ef:79:81:e5:12:5d:a9:23:66:8a:39:ba:2a:25:
74:bd:45:bb:f2:63:f4:d0:ad:ab:65:53:84:ee:f4:
d5:b5:c7:8e:91:8a:6f:7c:fe:3b:73:5c:bc:21:4b:
b6:2a:7d:c5:dc:66:e5:f5:69:d2:2a:45:3d:17:7f:
b2:d7:12:0a:73:d7:b6:f6:0c:48:52:a4:3a:d8:ab:
d7:6f:b2:7e:1e:9c:4e:98:0e:9c:1d:0f:0b:b1:f8:
9a:8b:d9:2a:d0:7c:c9:9e:cc:07:d8:e5:6c:ca:1f:
13:64:73:4d:85:83:4b:37:9b:1d:3b:71:bc:38:b4:
68:07:71:64:79:93:84:05:90:73:fa:77:b3:fc:fa:
5e:ab:a0:d0:bf:71:88:1f:14:c6:d7:ff:a4:2c:7f:
96:15:6d:cd:7d:c5:28:ae:2b:79:4c:e6:1f:02:b3:
1f:3c:28:5f:ed:47:51:11:00:88:21:6b:c0:00:9e:
dd:da:b1:65:25:7a:fc:7e:d5:72:15:bd:75:c0:47:
55:e3:de:7a:c6:15:d0:05:e7:51:e4:f4:a7:1a:bd:
89:0c:4c:50:6e:c7:b0:28:ab:42:d4:08:06:33:43:
d3:b9:a5:2a:28:bb:45:68:f4:49:0f:9a:10:00:ef:
b8:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:4D:61:01:8B:A9:2E:21:0E:2E:52:50:82:72:92:C6:EB:4F:E9:57
X509v3 Authority Key Identifier:
keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bk1hAYupLiEOLlJQgnKSxutP6Vc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.245.192.0/20
139.45.216.0-139.45.239.255
Signature Algorithm: sha256WithRSAEncryption
66:d2:1a:26:f7:e2:0a:e4:a1:25:d0:88:31:7b:43:c9:55:32:
ac:50:1f:13:99:dc:55:ea:10:34:37:f1:00:4f:67:e9:71:09:
44:6f:ba:81:56:d8:9a:2b:e0:49:c1:24:db:82:2a:5c:08:7f:
f2:c6:50:f0:93:1b:8b:38:df:c4:29:96:eb:57:bd:ca:11:3c:
34:5b:34:67:f7:2e:cb:23:23:95:4e:3e:c2:5a:ce:29:4f:4a:
2a:d5:cd:3e:11:04:08:b0:1b:43:63:ce:4e:37:4b:1e:6f:b5:
68:17:f1:66:f4:f1:f8:0d:a7:02:0c:d7:f7:20:05:1c:2a:b7:
25:96:fb:04:f9:a8:ea:d0:1a:f9:32:e6:58:81:ff:90:a1:34:
c3:e3:3b:a1:f7:d7:d6:b3:b6:1d:3c:46:e5:2e:b1:cd:7c:68:
8e:37:8b:48:f7:89:8b:94:56:eb:e3:e9:da:59:8d:6b:07:4a:
07:06:ca:11:35:03:17:16:3b:bb:76:10:95:99:e2:fb:77:f3:
6e:e0:4b:9c:35:5f:31:bd:ab:8f:20:0f:81:0a:80:dc:00:60:
34:cd:0d:10:a4:ae:db:0f:94:9b:8d:a5:f0:f6:e5:da:24:87:
29:3d:29:d4:d1:ac:a1:bf:00:62:01:d6:df:58:2d:dc:63:78:
8b:82:aa:50
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYSqFUAD7tSQa/I/VYtkHejWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI0MTQ0MDMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTRkNjEwMThiYTkyZTIxMGUyZTUyNTA4MjcyOTJjNmViNGZlOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrBne4j2aQ/pVDpy3jKb73mB5RJd
qSNmijm6KiV0vUW78mP00K2rZVOE7vTVtceOkYpvfP47c1y8IUu2Kn3F3Gbl9WnS
KkU9F3+y1xIKc9e29gxIUqQ62KvXb7J+HpxOmA6cHQ8Lsfiai9kq0HzJnswH2OVs
yh8TZHNNhYNLN5sdO3G8OLRoB3FkeZOEBZBz+nez/Ppeq6DQv3GIHxTG1/+kLH+W
FW3NfcUorit5TOYfArMfPChf7UdREQCIIWvAAJ7d2rFlJXr8ftVyFb11wEdV4956
xhXQBedR5PSnGr2JDExQbsewKKtC1AgGM0PTuaUqKLtFaPRJD5oQAO+4QQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG5NYQGLqS4hDi5SUIJyksbrT+lXMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvYmsxaEFZdXBMaUVPTGxKUWduS1N4dXRQNlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQEV/XAMAwD
BAOLLdgDBASLLeAwDQYJKoZIhvcNAQELBQADggEBAGbSGib34grkoSXQiDF7Q8lV
MqxQHxOZ3FXqEDQ38QBPZ+lxCURvuoFW2Jor4EnBJNuCKlwIf/LGUPCTG4s438Qp
lutXvcoRPDRbNGf3LssjI5VOPsJazilPSirVzT4RBAiwG0Njzk43Sx5vtWgX8Wb0
8fgNpwIM1/cgBRwqtyWW+wT5qOrQGvky5liB/5ChNMPjO6H319azth08RuUusc18
aI43i0j3iYuUVuvj6dpZjWsHSgcGyhE1AxcWO7t2EJWZ4vt3827gS5w1XzG9q48g
D4EKgNwAYDTNDRCkrtsPlJuNpfD25dokhyk9KdTRrKG/AGIB1t9YLdxjeIuCqlA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:17 2024 by rpki-client on console-fra.rpki-client.org