Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/1-tWfX3OsG7VN9TxiBfSZo-GQOOk.roa
File: 1-tWfX3OsG7VN9TxiBfSZo-GQOOk.roa (raw, json)
Hash identifier: EH9+V/pL7zhxSxQI0cc3MS6moHcW7y1y3dacn1Fn8xc=
Subject key identifier: FA:D5:9F:5F:73:AC:1B:B5:4D:F5:3C:62:05:F4:99:A3:E1:90:38:E9
Certificate issuer: /CN=43b0105bccb9e6093120767354a8b8493cbe4cd6
Certificate serial: 0186A12D8446FFB9060536BB5C1258D747F3
Authority key identifier: 43:B0:10:5B:CC:B9:E6:09:31:20:76:73:54:A8:B8:49:3C:BE:4C:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q7AQW8y55gkxIHZzVKi4STy-TNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/1-tWfX3OsG7VN9TxiBfSZo-GQOOk.roa
Signing time: Thu 02 Mar 2023 07:15:59 +0000
ROA not before: Thu 02 Mar 2023 07:15:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34688
IP address blocks: 194.116.252.0/23 maxlen: 23
194.187.72.0/22 maxlen: 22
185.2.60.0/22 maxlen: 22
2a01:5e00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a1:2d:84:46:ff:b9:06:05:36:bb:5c:12:58:d7:47:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43b0105bccb9e6093120767354a8b8493cbe4cd6
Validity
Not Before: Mar 2 07:15:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fad59f5f73ac1bb54df53c6205f499a3e19038e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:51:a6:7b:02:ff:19:96:db:8b:5d:77:4d:09:
7c:31:c7:b5:3e:63:37:b2:dd:1e:84:a9:f3:0d:0e:
69:5b:c3:70:e2:2e:02:15:5b:e6:71:3d:65:a9:7d:
65:a5:32:3b:4c:a7:c0:79:28:20:ab:c1:2e:21:a0:
62:83:99:87:b8:3a:a6:b9:aa:4d:05:71:10:7b:70:
f5:78:f8:20:92:f6:cb:52:3e:bd:ea:dd:09:e0:2b:
4f:59:1e:d1:a7:f2:3b:22:98:1e:16:96:2e:a7:b9:
a9:28:15:72:8a:52:92:f9:5c:7a:f3:6e:da:1e:3e:
3e:73:5a:8c:ad:83:0c:e2:c5:da:f6:ff:04:75:8b:
56:de:74:a7:9e:88:00:99:08:23:62:6d:5f:06:04:
80:d7:16:a5:32:17:8d:97:18:07:cd:09:b9:29:f7:
b9:a9:ed:ee:18:8f:b7:3f:6e:d0:df:d3:94:44:0e:
84:08:10:4d:4b:15:c3:84:8d:81:29:ab:89:57:98:
20:56:f9:e2:46:d1:86:23:43:a0:e0:24:a8:b0:83:
c4:a2:9a:55:f2:e1:43:65:89:76:cf:e1:4f:6c:cd:
10:a2:13:19:aa:4c:66:33:61:e9:6c:85:17:bf:7f:
5c:cb:aa:83:9c:b4:71:6e:ec:25:7a:d3:b9:15:44:
61:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:D5:9F:5F:73:AC:1B:B5:4D:F5:3C:62:05:F4:99:A3:E1:90:38:E9
X509v3 Authority Key Identifier:
keyid:43:B0:10:5B:CC:B9:E6:09:31:20:76:73:54:A8:B8:49:3C:BE:4C:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q7AQW8y55gkxIHZzVKi4STy-TNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/1-tWfX3OsG7VN9TxiBfSZo-GQOOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f75c65-885e-417d-8076-bf7d8fca46e1/1/Q7AQW8y55gkxIHZzVKi4STy-TNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.2.60.0/22
194.116.252.0/23
194.187.72.0/22
IPv6:
2a01:5e00::/32
Signature Algorithm: sha256WithRSAEncryption
4f:40:30:32:64:22:01:68:44:9b:ee:6f:c6:10:53:63:58:20:
4d:e2:e5:63:36:84:e6:b9:2d:46:3d:2a:31:00:2a:4d:d5:23:
12:90:09:41:54:73:2a:1b:a2:42:af:bf:da:8e:45:48:b1:a0:
79:3b:23:6b:4b:cd:2e:0b:0d:21:4a:9d:de:5d:96:9f:ea:83:
dc:02:d4:c4:31:7b:e9:3c:f5:3c:22:cc:8a:b8:50:51:78:d4:
53:3e:99:c1:00:18:28:cd:f8:ec:21:b9:8b:83:80:8b:35:15:
4c:d2:cc:08:68:68:c3:15:d2:00:0a:2d:6c:63:7c:2a:b8:9c:
d7:96:62:b6:2a:f4:47:3a:47:be:59:9b:ba:29:63:ce:d1:dc:
e0:c5:d6:5d:05:9d:2d:56:51:f2:12:e4:44:97:38:71:a6:d7:
25:0e:0a:8c:ef:3e:4f:32:50:eb:2d:cb:b9:78:c1:37:cd:90:
1f:e9:be:76:a9:cb:f1:a6:b3:1a:95:03:3a:e0:34:ae:39:3f:
fe:9a:cf:e3:2b:96:f6:11:43:99:91:a5:db:58:61:83:63:a2:
e1:43:01:7f:66:a4:97:ba:88:38:ee:ca:0d:6a:21:6b:04:73:
a0:3e:c2:8c:c8:62:df:db:d0:b3:23:5b:87:fa:77:0f:f9:0e:
ae:93:4d:b1
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYahLYRG/7kGBTa7XBJY10fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYjAxMDViY2NiOWU2MDkzMTIwNzY3MzU0YThiODQ5M2Ni
ZTRjZDYwHhcNMjMwMzAyMDcxNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWQ1OWY1ZjczYWMxYmI1NGRmNTNjNjIwNWY0OTlhM2UxOTAzOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFGmewL/GZbbi113TQl8Mce1PmM3
st0ehKnzDQ5pW8Nw4i4CFVvmcT1lqX1lpTI7TKfAeSggq8EuIaBig5mHuDqmuapN
BXEQe3D1ePggkvbLUj696t0J4CtPWR7Rp/I7IpgeFpYup7mpKBVyilKS+Vx6827a
Hj4+c1qMrYMM4sXa9v8EdYtW3nSnnogAmQgjYm1fBgSA1xalMheNlxgHzQm5Kfe5
qe3uGI+3P27Q39OURA6ECBBNSxXDhI2BKauJV5ggVvniRtGGI0Og4CSosIPEoppV
8uFDZYl2z+FPbM0QohMZqkxmM2HpbIUXv39cy6qDnLRxbuwletO5FURhgQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPrVn19zrBu1TfU8YgX0maPhkDjpMB8GA1UdIwQY
MBaAFEOwEFvMueYJMSB2c1SouEk8vkzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTdBUVc4eTU1Z2t4SUhaelZLaTRTVHktVE5ZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mNzVjNjUtODg1ZS00MTdkLTgwNzYt
YmY3ZDhmY2E0NmUxLzEvMS10V2ZYM09zRzdWTjlUeGlCZlNaby1HUU9Pay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvZjc1YzY1LTg4NWUtNDE3ZC04MDc2LWJmN2Q4ZmNhNDZl
MS8xL1E3QVFXOHk1NWdreElIWnpWS2k0U1R5LVROWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA6BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEArkCPAME
AcJ0/AMEAsK7SDANBAIAAjAHAwUAKgFeADANBgkqhkiG9w0BAQsFAAOCAQEAT0Aw
MmQiAWhEm+5vxhBTY1ggTeLlYzaE5rktRj0qMQAqTdUjEpAJQVRzKhuiQq+/2o5F
SLGgeTsja0vNLgsNIUqd3l2Wn+qD3ALUxDF76Tz1PCLMirhQUXjUUz6ZwQAYKM34
7CG5i4OAizUVTNLMCGhowxXSAAotbGN8Kric15Zitir0RzpHvlmbuiljztHc4MXW
XQWdLVZR8hLkRJc4cabXJQ4KjO8+TzJQ6y3LuXjBN82QH+m+dqnL8aazGpUDOuA0
rjk//prP4yuW9hFDmZGl21hhg2Oi4UMBf2akl7qIOO7KDWohawRzoD7CjMhi39vQ
syNbh/p3D/kOrpNNsQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:40 2023 by rpki-client on console-fra.rpki-client.org