Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ifF26mCNBuxhmcDY5ZCTSctFOI8.roa
File: ifF26mCNBuxhmcDY5ZCTSctFOI8.roa (raw, json)
Hash identifier: ytmxrPmg+wOMH2jxZUq0to8pAmBdi5QUbyINF+vsjXg=
Subject key identifier: 89:F1:76:EA:60:8D:06:EC:61:99:C0:D8:E5:90:93:49:CB:45:38:8F
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 0184A872A44A420B7AEE10AB54CA86C72DFD
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ifF26mCNBuxhmcDY5ZCTSctFOI8.roa
Signing time: Thu 24 Nov 2022 07:03:16 +0000
ROA not before: Thu 24 Nov 2022 07:03:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41957
IP address blocks: 194.147.89.0/24 maxlen: 24
185.21.141.0/24 maxlen: 24
194.93.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a8:72:a4:4a:42:0b:7a:ee:10:ab:54:ca:86:c7:2d:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Nov 24 07:03:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=89f176ea608d06ec6199c0d8e5909349cb45388f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:7d:b5:93:e6:b3:a2:d7:5d:ea:87:9b:19:87:
98:d0:cb:91:b6:9a:b0:a9:f6:e4:c2:3a:43:1f:e4:
a0:6c:76:d6:14:4c:c4:c5:66:58:75:01:69:60:67:
df:b4:d7:20:e3:dc:05:ee:d6:22:60:d9:c9:4e:45:
ed:62:36:c4:b4:1a:ec:dc:ab:f5:09:bd:93:c3:6c:
a8:94:03:74:8e:18:63:a0:91:9c:62:c3:11:57:25:
fa:a9:f8:f1:34:fc:de:14:ca:72:2a:d9:9f:98:7a:
68:3b:17:55:33:43:dc:e0:ac:44:e7:2d:bd:ae:18:
dd:03:9a:be:52:52:99:22:89:2b:82:1d:bd:39:c1:
2a:d0:d6:01:68:65:b6:f3:8d:9d:52:2e:c7:ae:bf:
a7:d5:fe:8b:5b:65:ca:e2:52:a2:3c:f6:06:32:98:
32:91:80:d6:e5:a8:23:65:ab:5a:74:92:0c:ca:5a:
57:72:3c:98:04:f2:0d:4b:f0:b7:f9:07:66:de:a5:
21:af:69:41:51:eb:39:f3:0b:96:49:1a:90:f9:64:
9c:3a:23:20:b4:e9:a8:0a:5f:38:f3:46:0b:9a:0c:
4d:9b:56:a9:b6:ec:f1:5e:b7:18:64:ea:42:36:b8:
fe:5a:70:a0:61:91:64:c6:62:a9:ed:a3:c0:bc:19:
db:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:F1:76:EA:60:8D:06:EC:61:99:C0:D8:E5:90:93:49:CB:45:38:8F
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ifF26mCNBuxhmcDY5ZCTSctFOI8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.21.141.0/24
194.93.59.0/24
194.147.89.0/24
Signature Algorithm: sha256WithRSAEncryption
32:e5:a2:95:3f:f1:f7:8b:0a:f9:20:6d:41:07:0e:16:bf:6b:
eb:33:9e:47:5d:da:b4:b0:57:02:00:e1:99:d0:90:54:9e:3c:
38:c9:60:85:3e:69:73:9f:5b:cd:04:10:bc:b4:48:f0:11:7e:
9e:bc:a4:13:ad:73:d7:28:70:f3:7b:a1:00:55:66:83:54:a8:
11:d1:be:0f:bd:d1:92:91:ff:f8:14:df:19:cd:d3:6f:40:00:
25:a0:e2:64:03:b1:d6:9b:eb:f1:5c:ae:3e:d3:12:50:a8:f5:
25:65:8d:3b:97:40:06:a0:e3:c2:9e:5a:5b:80:a7:5e:e2:e3:
a5:28:cd:38:37:18:ae:59:60:34:7d:73:ea:36:08:75:c2:8b:
0a:62:13:41:d7:9b:e7:1e:eb:3b:31:d6:ae:a2:91:85:c4:d1:
cb:e4:df:69:bb:d7:77:1a:63:13:61:58:71:bf:d1:88:18:d8:
51:35:96:97:02:d6:ee:48:8c:22:45:e0:a9:42:43:a8:52:9b:
b6:24:ac:37:a1:fc:87:c7:0d:61:60:90:41:9e:1a:c0:fc:da:
63:1c:21:b7:da:8f:d7:14:86:7d:4d:33:1b:aa:bb:df:77:f6:
e2:0c:8c:54:cc:c0:55:f1:9f:29:60:b7:25:df:20:53:3d:20:
b9:e1:3d:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSocqRKQgt67hCrVMqGxy39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjIxMTI0MDcwMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWYxNzZlYTYwOGQwNmVjNjE5OWMwZDhlNTkwOTM0OWNiNDUzODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH21k+azotdd6oebGYeY0MuRtpqw
qfbkwjpDH+SgbHbWFEzExWZYdQFpYGfftNcg49wF7tYiYNnJTkXtYjbEtBrs3Kv1
Cb2Tw2yolAN0jhhjoJGcYsMRVyX6qfjxNPzeFMpyKtmfmHpoOxdVM0Pc4KxE5y29
rhjdA5q+UlKZIokrgh29OcEq0NYBaGW2842dUi7Hrr+n1f6LW2XK4lKiPPYGMpgy
kYDW5agjZatadJIMylpXcjyYBPINS/C3+Qdm3qUhr2lBUes58wuWSRqQ+WScOiMg
tOmoCl8480YLmgxNm1aptuzxXrcYZOpCNrj+WnCgYZFkxmKp7aPAvBnblwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFInxdupgjQbsYZnA2OWQk0nLRTiPMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvaWZGMjZtQ05CdXhobWNEWTVaQ1RTY3RGT0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuRWNAwQA
wl07AwQAwpNZMA0GCSqGSIb3DQEBCwUAA4IBAQAy5aKVP/H3iwr5IG1BBw4Wv2vr
M55HXdq0sFcCAOGZ0JBUnjw4yWCFPmlzn1vNBBC8tEjwEX6evKQTrXPXKHDze6EA
VWaDVKgR0b4PvdGSkf/4FN8ZzdNvQAAloOJkA7HWm+vxXK4+0xJQqPUlZY07l0AG
oOPCnlpbgKde4uOlKM04NxiuWWA0fXPqNgh1wosKYhNB15vnHus7MdauopGFxNHL
5N9pu9d3GmMTYVhxv9GIGNhRNZaXAtbuSIwiReCpQkOoUpu2JKw3ofyHxw1hYJBB
nhrA/NpjHCG32o/XFIZ9TTMbqrvfd/biDIxUzMBV8Z8pYLcl3yBTPSC54T12
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org