Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9hOdXg0aEh-MEgVl5jz2Jg73Zyo.roa
File: 9hOdXg0aEh-MEgVl5jz2Jg73Zyo.roa (raw, json)
Hash identifier: dp5KAXGmhnHzKO+oOc4Ym5gJp9ojvi5C/s7dzON/ijo=
Subject key identifier: F6:13:9D:5E:0D:1A:12:1F:8C:12:05:65:E6:3C:F6:26:0E:F7:67:2A
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 3702375E
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9hOdXg0aEh-MEgVl5jz2Jg73Zyo.roa
Signing time: Sat 01 Jan 2022 11:00:18 +0000
ROA not before: Sat 01 Jan 2022 11:00:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 30738
IP address blocks: 195.211.53.0/24 maxlen: 24
195.2.226.0/23 maxlen: 23
188.130.182.0/24 maxlen: 24
2001:1468:8000::/36 maxlen: 36
2001:1468::/32 maxlen: 33
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 922892126 (0x3702375e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Jan 1 11:00:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f6139d5e0d1a121f8c120565e63cf6260ef7672a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:09:66:5e:f5:6a:7b:28:42:ed:60:c4:3e:f3:
6f:98:70:b7:bb:ac:60:82:2c:af:6e:1a:57:05:67:
d4:85:16:4c:18:f9:56:50:3c:00:71:72:76:8c:40:
39:37:ea:06:3b:4c:06:f5:cd:b8:96:33:5e:b1:60:
a7:29:54:d4:0b:85:ca:6a:ce:13:25:7f:85:df:ef:
6a:1b:52:f2:3e:7a:b3:73:2b:5e:bc:f4:37:ca:b6:
53:fd:4e:e8:27:e4:3d:76:a1:95:12:14:77:bd:29:
1b:b3:2c:85:1b:e4:f7:77:aa:57:90:67:79:2e:f7:
09:96:7b:43:3a:6d:24:cf:a6:30:04:eb:b6:12:a4:
a3:e8:c4:21:44:d2:bb:9a:aa:24:35:16:f9:e8:67:
4b:9e:99:23:6f:49:b1:57:5b:6b:21:e4:0c:bd:d6:
47:4a:52:ab:67:e2:11:08:da:ff:30:48:cb:2a:20:
19:71:55:fa:99:ef:91:a2:19:ee:59:c9:e2:ce:57:
bd:bd:e4:34:8c:ae:ba:74:88:95:cd:b6:aa:75:e7:
13:f7:6c:1f:38:79:f1:3c:6a:cd:2e:d2:26:fe:d6:
4a:46:a9:e3:60:70:8d:24:cd:85:72:7f:7e:56:30:
83:94:e3:bf:2b:c7:a6:f6:70:ce:8a:87:f8:b5:00:
b6:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:13:9D:5E:0D:1A:12:1F:8C:12:05:65:E6:3C:F6:26:0E:F7:67:2A
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/9hOdXg0aEh-MEgVl5jz2Jg73Zyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.130.182.0/24
195.2.226.0/23
195.211.53.0/24
IPv6:
2001:1468::/32
Signature Algorithm: sha256WithRSAEncryption
1a:84:48:ae:f7:fd:81:d8:21:ba:66:83:48:b8:8d:4c:7c:8f:
e7:3b:3d:c5:d8:6d:bd:25:d9:87:62:bc:e5:08:59:d3:f3:bb:
b9:3e:99:2a:0b:d3:b1:56:cd:53:5b:23:cb:87:b0:5e:8d:5e:
ab:b3:4c:5e:18:0c:01:ab:2e:61:fb:d9:be:44:2b:92:db:32:
81:48:d3:78:48:12:e3:06:90:5d:84:2b:aa:72:2f:66:03:0f:
25:d0:f6:f5:79:65:d0:d6:31:4f:4d:16:9e:e3:3a:39:f0:66:
f8:4b:69:f2:19:58:f3:a4:e2:a6:cf:5f:1a:be:c6:05:21:e7:
e0:8b:b5:64:18:47:69:07:92:08:d6:b7:45:21:1b:5e:99:76:
b7:f4:8e:05:d8:61:ee:5f:f9:8f:ee:e1:e8:68:dc:48:83:27:
4b:2b:89:c6:e3:b9:a5:4a:0d:cb:d9:10:25:e3:d4:4b:68:41:
c8:6a:56:72:da:4f:76:9f:c2:96:46:26:9a:b7:cd:a2:35:b9:
b5:64:5d:f7:96:bd:f0:e7:fe:05:4c:09:12:21:4f:07:c9:74:
a8:27:a5:4e:b2:da:43:8d:6c:08:ce:cc:f4:39:4c:6b:16:ab:
d8:a7:8e:bb:48:a9:55:75:f9:db:9f:81:85:5f:9e:53:89:47:
0d:d8:0e:b5
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIENwI3XjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDEw
MTExMDAxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjYxMzlkNWUwZDFh
MTIxZjhjMTIwNTY1ZTYzY2Y2MjYwZWY3NjcyYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIYJZl71ansoQu1gxD7zb5hwt7usYIIsr24aVwVn1IUWTBj5
VlA8AHFydoxAOTfqBjtMBvXNuJYzXrFgpylU1AuFymrOEyV/hd/vahtS8j56s3Mr
Xrz0N8q2U/1O6CfkPXahlRIUd70pG7MshRvk93eqV5BneS73CZZ7QzptJM+mMATr
thKko+jEIUTSu5qqJDUW+ehnS56ZI29JsVdbayHkDL3WR0pSq2fiEQja/zBIyyog
GXFV+pnvkaIZ7lnJ4s5Xvb3kNIyuunSIlc22qnXnE/dsHzh58TxqzS7SJv7WSkap
42BwjSTNhXJ/flYwg5TjvyvHpvZwzoqH+LUAtn8CAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBT2E51eDRoSH4wSBWXmPPYmDvdnKjAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
LzloT2RYZzBhRWgtTUVnVmw1anoySmc3M1p5by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEALyCtgMEAcMC4gMEAMPTNTANBAIA
AjAHAwUAIAEUaDANBgkqhkiG9w0BAQsFAAOCAQEAGoRIrvf9gdghumaDSLiNTHyP
5zs9xdhtvSXZh2K85QhZ0/O7uT6ZKgvTsVbNU1sjy4ewXo1eq7NMXhgMAasuYfvZ
vkQrktsygUjTeEgS4waQXYQrqnIvZgMPJdD29Xll0NYxT00WnuM6OfBm+Etp8hlY
86Tips9fGr7GBSHn4Iu1ZBhHaQeSCNa3RSEbXpl2t/SOBdhh7l/5j+7h6GjcSIMn
SyuJxuO5pUoNy9kQJePUS2hByGpWctpPdp/ClkYmmrfNojW5tWRd95a98Of+BUwJ
EiFPB8l0qCelTrLaQ41sCM7M9DlMaxar2KeOu0ipVXX525+BhV+eU4lHDdgOtQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:10 2023 by rpki-client on console-fra.rpki-client.org