Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/m_2uEGBwF1XuonDSuEJEAxKrvdI.roa
File: m_2uEGBwF1XuonDSuEJEAxKrvdI.roa (raw, json)
Hash identifier: lHo9vTZfh7mU1L9Sz9ySF3fiAEgpRKdg7XdtywdRWYc=
Subject key identifier: 9B:FD:AE:10:60:70:17:55:EE:A2:70:D2:B8:42:44:03:12:AB:BD:D2
Certificate issuer: /CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Certificate serial: 018573685F8FB59ADF5E5ABC4DD862952D53
Authority key identifier: 1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/m_2uEGBwF1XuonDSuEJEAxKrvdI.roa
Signing time: Mon 02 Jan 2023 16:54:58 +0000
ROA not before: Mon 02 Jan 2023 16:54:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209653
IP address blocks: 87.121.16.0/23 maxlen: 24
87.120.160.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:68:5f:8f:b5:9a:df:5e:5a:bc:4d:d8:62:95:2d:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Validity
Not Before: Jan 2 16:54:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9bfdae1060701755eea270d2b842440312abbdd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:a3:ce:39:0c:c8:d6:e2:e5:7c:9d:86:d2:73:
c7:91:ce:e3:56:97:e1:87:8b:5a:3c:ad:bf:4a:49:
f7:dc:2e:3a:62:d6:e0:f1:8d:92:3e:6a:93:1c:71:
08:d7:f2:75:6a:84:ca:5a:b3:04:e8:0b:e0:22:e3:
b9:59:44:ed:c8:39:e4:5f:fa:2d:dd:db:86:d0:4d:
23:de:54:9d:1f:56:a8:d5:9b:53:20:f6:35:b9:8c:
50:03:f3:94:22:1b:5e:bf:90:d8:a3:3d:95:13:61:
8b:a8:a4:5c:c5:b1:c7:42:2f:50:aa:9c:1c:b3:4a:
6a:23:ce:11:df:a8:90:c4:a9:f3:7b:a4:03:e5:47:
18:a8:8a:d3:3e:4e:79:64:42:30:4d:cf:86:96:ef:
a7:1e:15:39:01:93:89:5c:47:16:6f:5f:9a:11:41:
78:ba:e6:51:ed:87:d8:18:4a:d2:1f:fa:54:b3:fa:
65:d3:01:46:43:dc:84:06:cb:74:b4:f7:1c:4a:e8:
e7:3c:21:03:eb:db:fe:dc:87:07:85:15:e9:ce:37:
c5:4a:72:c4:f4:2f:b1:6e:44:56:5c:2e:62:3d:16:
77:cd:16:a9:54:74:72:71:91:6e:47:21:b8:cc:3b:
12:64:e5:34:98:72:68:08:1a:a7:99:f7:14:72:57:
d9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:FD:AE:10:60:70:17:55:EE:A2:70:D2:B8:42:44:03:12:AB:BD:D2
X509v3 Authority Key Identifier:
keyid:1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/m_2uEGBwF1XuonDSuEJEAxKrvdI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.160.0/23
87.121.16.0/23
Signature Algorithm: sha256WithRSAEncryption
ab:2a:ff:f0:aa:61:7f:8d:ba:27:28:21:40:9a:47:cc:54:7d:
05:a1:b3:8d:8c:12:56:ef:11:69:4b:78:b2:a3:ae:f4:7c:62:
57:df:38:76:13:d0:65:c9:a7:d7:d4:97:35:b4:67:30:e7:b6:
03:b3:92:db:53:06:a4:60:c6:99:75:25:b5:a8:71:5c:21:30:
e1:08:ce:b1:fd:2f:d8:6f:df:5c:65:24:96:6a:30:ce:4b:61:
1e:41:b7:39:94:19:85:22:26:ed:4c:1b:20:ae:9f:b4:6a:4b:
89:12:5a:d2:1c:4a:6b:a1:05:f0:ce:d3:17:7c:d3:2d:f1:3d:
36:d8:c0:24:d3:e0:c3:e4:fa:10:81:c3:2d:8f:e3:f0:2c:d9:
5d:12:21:f1:41:c6:a4:25:ca:c5:f5:c9:8f:f3:80:ad:b9:dc:
2d:4c:1d:7a:08:50:c4:52:7b:cc:a2:bd:ea:bf:99:dd:a9:66:
e6:e5:fb:5f:e5:8e:40:fd:5c:fc:67:60:b0:7c:e3:47:1a:ee:
33:51:7a:5f:13:7d:2a:9a:f2:88:4e:16:53:88:c9:50:1e:93:
03:06:3e:b9:48:ad:25:46:e9:25:b8:25:e9:d0:07:06:ac:74:
6f:47:9c:63:d7:96:97:87:94:10:23:e8:3e:34:0b:ae:65:ad:
59:c0:2f:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVzaF+PtZrfXlq8TdhilS1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZTlkYjI5YWE5MzA4ZTE3NTFiMDNkMGQ2OTk5YmI4Njg4
MDU4ODYwHhcNMjMwMTAyMTY1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmZkYWUxMDYwNzAxNzU1ZWVhMjcwZDJiODQyNDQwMzEyYWJiZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaPOOQzI1uLlfJ2G0nPHkc7jVpfh
h4taPK2/Skn33C46Ytbg8Y2SPmqTHHEI1/J1aoTKWrME6AvgIuO5WUTtyDnkX/ot
3duG0E0j3lSdH1ao1ZtTIPY1uYxQA/OUIhtev5DYoz2VE2GLqKRcxbHHQi9Qqpwc
s0pqI84R36iQxKnze6QD5UcYqIrTPk55ZEIwTc+Glu+nHhU5AZOJXEcWb1+aEUF4
uuZR7YfYGErSH/pUs/pl0wFGQ9yEBst0tPccSujnPCED69v+3IcHhRXpzjfFSnLE
9C+xbkRWXC5iPRZ3zRapVHRycZFuRyG4zDsSZOU0mHJoCBqnmfcUclfZvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJv9rhBgcBdV7qJw0rhCRAMSq73SMB8GA1UdIwQY
MBaAFBrp2ymqkwjhdRsD0NaZm7hogFiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODIt
ZWQ5MjMxZmJhZWQxLzEvbV8ydUVHQndGMVh1b25EU3VFSkVBeEtydmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODItZWQ5MjMxZmJhZWQx
LzEvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV3igAwQB
V3kQMA0GCSqGSIb3DQEBCwUAA4IBAQCrKv/wqmF/jbonKCFAmkfMVH0FobONjBJW
7xFpS3iyo670fGJX3zh2E9BlyafX1Jc1tGcw57YDs5LbUwakYMaZdSW1qHFcITDh
CM6x/S/Yb99cZSSWajDOS2EeQbc5lBmFIibtTBsgrp+0akuJElrSHEproQXwztMX
fNMt8T022MAk0+DD5PoQgcMtj+PwLNldEiHxQcakJcrF9cmP84CtudwtTB16CFDE
UnvMor3qv5ndqWbm5ftf5Y5A/Vz8Z2CwfONHGu4zUXpfE30qmvKIThZTiMlQHpMD
Bj65SK0lRukluCXp0AcGrHRvR5xj15aXh5QQI+g+NAuuZa1ZwC9N
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:58 2024 by rpki-client on console-fra.rpki-client.org