Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/3Z0gFpx9X9hUnwfiD2CDJ2LS9N8.roa
File: 3Z0gFpx9X9hUnwfiD2CDJ2LS9N8.roa (raw, json)
Hash identifier: ARgVEhu6pMmgj2o5+B5SoI2sBdAvyy/qxFSZxmW46lg=
Subject key identifier: DD:9D:20:16:9C:7D:5F:D8:54:9F:07:E2:0F:60:83:27:62:D2:F4:DF
Certificate issuer: /CN=f753a19b5dce1d4159352229426a9fdb7d9f9a3b
Certificate serial: 018B46BA26DAD7C116D285C8B0D446118FB0
Authority key identifier: F7:53:A1:9B:5D:CE:1D:41:59:35:22:29:42:6A:9F:DB:7D:9F:9A:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/91Ohm13OHUFZNSIpQmqf232fmjs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/3Z0gFpx9X9hUnwfiD2CDJ2LS9N8.roa
Signing time: Thu 19 Oct 2023 06:58:06 +0000
ROA not before: Thu 19 Oct 2023 06:58:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30830
IP address blocks: 80.73.130.0/23 maxlen: 24
80.73.132.0/23 maxlen: 24
80.73.128.0/23 maxlen: 24
80.73.128.0/21 maxlen: 21
2a01:5140::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:46:ba:26:da:d7:c1:16:d2:85:c8:b0:d4:46:11:8f:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f753a19b5dce1d4159352229426a9fdb7d9f9a3b
Validity
Not Before: Oct 19 06:58:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd9d20169c7d5fd8549f07e20f60832762d2f4df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:e6:2c:82:9b:e3:fa:d8:01:2c:3a:a3:33:8a:
3d:4e:43:55:2c:23:58:08:0e:ab:7a:bb:04:90:67:
30:29:e2:85:a9:23:d2:dc:a8:82:dc:3b:b9:0f:13:
24:6f:9c:1f:92:25:76:5a:6b:9b:db:c3:d5:24:10:
ff:38:79:b2:65:d3:f5:84:08:b6:ec:77:20:dd:76:
73:a3:28:e7:35:e9:b4:a0:17:3e:de:b1:24:6a:67:
1b:35:f8:bb:b7:14:a7:83:92:98:91:d0:4f:00:50:
bc:8b:78:53:b5:e4:e6:07:7f:20:68:3d:eb:ef:74:
f7:8d:91:cd:2d:47:bf:21:61:6a:a3:97:67:a8:49:
bb:3d:a9:3a:06:7e:a8:08:fe:bc:a5:d2:c1:0e:ab:
e8:7a:0a:a5:63:1e:c8:15:56:29:14:00:ac:c5:5d:
c2:dd:9a:9e:9b:60:f7:de:b8:ed:d2:cd:f3:4e:71:
32:fc:38:03:2d:85:67:19:c3:2f:07:94:d6:57:65:
3e:d6:8f:87:cf:4e:ae:60:e9:f1:b2:33:c7:21:ac:
6b:3c:3b:60:d5:9c:15:c5:fe:9f:1c:dc:4e:90:b3:
95:7b:07:4d:d3:c6:27:97:dd:1f:a5:aa:04:6e:50:
6e:1b:99:42:a0:8b:98:48:f9:4e:2e:9b:5c:33:44:
4a:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:9D:20:16:9C:7D:5F:D8:54:9F:07:E2:0F:60:83:27:62:D2:F4:DF
X509v3 Authority Key Identifier:
keyid:F7:53:A1:9B:5D:CE:1D:41:59:35:22:29:42:6A:9F:DB:7D:9F:9A:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/91Ohm13OHUFZNSIpQmqf232fmjs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/3Z0gFpx9X9hUnwfiD2CDJ2LS9N8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/91Ohm13OHUFZNSIpQmqf232fmjs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.73.128.0/21
IPv6:
2a01:5140::/32
Signature Algorithm: sha256WithRSAEncryption
4d:eb:0b:a2:8d:19:c0:c2:cb:28:bc:0a:8e:2f:1a:41:c4:4d:
a2:5c:27:7c:67:3e:03:a5:68:4c:b3:91:8a:ff:0f:60:df:b8:
5c:97:e0:10:1f:bd:80:ac:e8:84:e8:9f:fb:ca:b4:51:0b:5f:
5d:ef:67:a7:2e:94:42:07:89:e4:72:73:2b:a8:e9:ba:50:ba:
95:02:07:bf:53:fe:41:4a:49:38:cc:fe:d2:5b:2f:da:89:16:
c6:32:70:41:9f:df:1c:83:bb:2d:91:d6:b1:25:6f:a4:32:47:
83:ce:85:89:ef:2d:d1:51:7d:53:76:f3:4f:e6:18:cc:ed:5b:
e9:ef:4f:f7:1c:a6:f4:a4:c0:52:77:a3:40:bc:96:45:8f:31:
a3:8d:38:31:bc:c4:62:43:21:91:e9:4b:63:33:a4:67:cd:0d:
e6:f0:da:c8:8b:51:a1:41:db:97:df:19:b9:20:4a:0a:49:8f:
c9:3a:38:96:02:d5:f8:44:f1:ed:5e:bc:ff:6b:28:bb:79:33:
ec:f5:c5:1d:4d:5a:a1:07:3b:be:89:a9:42:e7:32:cd:66:ae:
7f:ee:87:ad:9b:ed:55:85:34:12:17:19:52:71:38:c6:0e:08:
36:a2:7e:0d:ab:80:95:a5:84:46:46:28:e9:d1:e9:f5:89:ba:
31:23:dc:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYtGuiba18EW0oXIsNRGEY+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NTNhMTliNWRjZTFkNDE1OTM1MjIyOTQyNmE5ZmRiN2Q5
ZjlhM2IwHhcNMjMxMDE5MDY1ODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDlkMjAxNjljN2Q1ZmQ4NTQ5ZjA3ZTIwZjYwODMyNzYyZDJmNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeYsgpvj+tgBLDqjM4o9TkNVLCNY
CA6rersEkGcwKeKFqSPS3KiC3Du5DxMkb5wfkiV2Wmub28PVJBD/OHmyZdP1hAi2
7Hcg3XZzoyjnNem0oBc+3rEkamcbNfi7txSng5KYkdBPAFC8i3hTteTmB38gaD3r
73T3jZHNLUe/IWFqo5dnqEm7Pak6Bn6oCP68pdLBDqvoegqlYx7IFVYpFACsxV3C
3Zqem2D33rjt0s3zTnEy/DgDLYVnGcMvB5TWV2U+1o+Hz06uYOnxsjPHIaxrPDtg
1ZwVxf6fHNxOkLOVewdN08Ynl90fpaoEblBuG5lCoIuYSPlOLptcM0RKywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN2dIBacfV/YVJ8H4g9ggydi0vTfMB8GA1UdIwQY
MBaAFPdToZtdzh1BWTUiKUJqn9t9n5o7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTFPaG0xM09IVUZaTlNJcFFtcWYyMzJmbWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mZmUwN2MtMTZmMC00OTk5LTg4OTQt
MTBmMDA5M2VhYWUwLzEvM1owZ0ZweDlYOWhVbndmaUQyQ0RKMkxTOU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mZmUwN2MtMTZmMC00OTk5LTg4OTQtMTBmMDA5M2VhYWUw
LzEvOTFPaG0xM09IVUZaTlNJcFFtcWYyMzJmbWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDUEmAMA0E
AgACMAcDBQAqAVFAMA0GCSqGSIb3DQEBCwUAA4IBAQBN6wuijRnAwssovAqOLxpB
xE2iXCd8Zz4DpWhMs5GK/w9g37hcl+AQH72ArOiE6J/7yrRRC19d72enLpRCB4nk
cnMrqOm6ULqVAge/U/5BSkk4zP7SWy/aiRbGMnBBn98cg7stkdaxJW+kMkeDzoWJ
7y3RUX1TdvNP5hjM7Vvp70/3HKb0pMBSd6NAvJZFjzGjjTgxvMRiQyGR6UtjM6Rn
zQ3m8NrIi1GhQduX3xm5IEoKSY/JOjiWAtX4RPHtXrz/ayi7eTPs9cUdTVqhBzu+
ialC5zLNZq5/7oetm+1VhTQSFxlScTjGDgg2on4Nq4CVpYRGRijp0en1iboxI9zx
-----END CERTIFICATE-----
Generated at Thu Dec 21 12:40:57 2023 by rpki-client on console-fra.rpki-client.org