Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa
File: dCTFlQ79ta-bj-yY-dnKedshuN8.roa (raw, json)
Hash identifier: Ru6Igsa55ZdescUtgBkldfpaKoI/rb7Wr/KjewBQx9E=
Subject key identifier: 74:24:C5:95:0E:FD:B5:AF:9B:8F:EC:98:F9:D9:CA:79:DB:21:B8:DF
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 37A5F221
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa
Signing time: Wed 09 Mar 2022 04:42:50 +0000
ROA not before: Wed 09 Mar 2022 04:42:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 30738
IP address blocks: 195.211.53.0/24 maxlen: 24
109.248.196.0/22 maxlen: 24
195.2.226.0/23 maxlen: 23
188.130.254.0/24 maxlen: 24
188.130.182.0/24 maxlen: 24
2001:1468:8000::/36 maxlen: 36
2001:1468::/32 maxlen: 33
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 933622305 (0x37a5f221)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Mar 9 04:42:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7424c5950efdb5af9b8fec98f9d9ca79db21b8df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:50:9e:6c:8d:3e:a8:75:53:89:e7:70:3c:a4:
84:0e:02:e9:d6:2c:59:95:17:6d:c0:1e:da:8b:f6:
cb:8a:0f:2e:76:42:1d:7f:7b:4c:d9:b1:a0:2e:91:
c1:92:99:b1:1c:e1:45:05:53:04:62:4d:a3:66:84:
6e:4c:a8:20:15:b3:37:4e:21:b6:61:2d:8c:5b:08:
e4:11:ea:e9:dd:21:42:d9:fb:e1:a4:30:fe:32:15:
5d:78:3d:9d:57:2e:73:a9:f0:28:c3:bf:55:a4:02:
5f:36:51:63:fa:02:9b:df:73:c7:46:c0:e8:3e:6b:
b9:0c:33:4e:b4:1d:43:ce:bd:f8:0e:7c:16:2f:4a:
e7:80:8c:f3:1a:f6:65:03:d2:39:cf:75:1a:3b:06:
c1:32:68:a5:af:20:f1:d0:91:4e:7c:23:bb:33:25:
69:54:4e:bd:bf:75:16:b9:e1:fe:cc:e4:10:8a:25:
b4:06:ca:9a:71:72:4d:fd:ba:29:d0:a9:ca:64:1d:
60:19:8f:c4:96:30:22:ec:17:6c:12:46:47:81:2c:
35:73:a3:bf:2d:ac:f5:f1:c9:dd:c4:8a:52:9b:ec:
11:46:e6:17:0a:e9:fe:87:95:94:e7:8b:2d:47:46:
67:43:d2:5e:f5:02:94:89:56:f1:b2:26:38:02:e5:
bd:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:24:C5:95:0E:FD:B5:AF:9B:8F:EC:98:F9:D9:CA:79:DB:21:B8:DF
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.248.196.0/22
188.130.182.0/24
188.130.254.0/24
195.2.226.0/23
195.211.53.0/24
IPv6:
2001:1468::/32
Signature Algorithm: sha256WithRSAEncryption
38:41:2d:44:ed:9b:d6:02:91:c5:b6:ab:b9:99:a3:f3:00:c1:
06:df:2f:e9:61:98:86:fd:d1:c6:54:b0:40:eb:96:7a:2b:8d:
b5:7f:c2:c1:49:7d:49:73:8e:14:ac:4d:65:a9:3d:d1:db:18:
27:88:fe:f4:2b:f9:2d:ce:53:6a:39:9e:76:c2:a7:7c:b6:d6:
f6:2a:95:09:5a:10:c7:20:b0:d3:7f:47:23:98:ea:86:92:b3:
32:a1:1c:39:e6:36:cc:aa:c4:dc:c3:e7:b8:ed:08:0c:eb:7c:
bc:cd:c8:36:aa:84:4a:8c:1e:cb:9e:36:55:df:a1:5d:d6:d7:
74:af:b4:4e:71:5c:6b:e5:ec:43:41:a0:61:79:92:66:6a:24:
86:90:37:06:7f:c9:52:74:7a:81:ae:3a:04:fb:09:8f:8d:ab:
16:be:06:89:82:79:ec:bd:fa:b8:7e:44:2a:28:40:0e:ae:f7:
bd:03:df:ac:ee:c1:f3:f4:fa:a4:41:1c:80:c7:e4:68:3d:49:
31:de:62:ce:eb:d4:73:3a:6c:c2:e2:a3:68:75:4a:09:89:88:
81:d7:4c:8d:8b:3a:3c:2b:b2:a6:94:f4:68:bd:29:a1:00:2c:
6c:89:15:6a:59:fc:5d:19:fc:78:ca:46:02:2a:4d:ac:06:71:
2e:58:b4:76
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEN6XyITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDMw
OTA0NDI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzQyNGM1OTUwZWZk
YjVhZjliOGZlYzk4ZjlkOWNhNzlkYjIxYjhkZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRQnmyNPqh1U4nncDykhA4C6dYsWZUXbcAe2ov2y4oPLnZC
HX97TNmxoC6RwZKZsRzhRQVTBGJNo2aEbkyoIBWzN04htmEtjFsI5BHq6d0hQtn7
4aQw/jIVXXg9nVcuc6nwKMO/VaQCXzZRY/oCm99zx0bA6D5ruQwzTrQdQ869+A58
Fi9K54CM8xr2ZQPSOc91GjsGwTJopa8g8dCRTnwjuzMlaVROvb91Frnh/szkEIol
tAbKmnFyTf26KdCpymQdYBmPxJYwIuwXbBJGR4EsNXOjvy2s9fHJ3cSKUpvsEUbm
Fwrp/oeVlOeLLUdGZ0PSXvUClIlW8bImOALlvb0CAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBR0JMWVDv21r5uP7Jj52cp52yG43zAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L2RDVEZsUTc5dGEtYmoteVktZG5LZWRzaHVOOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAm34xAMEALyCtgMEALyC/gMEAcMC
4gMEAMPTNTANBAIAAjAHAwUAIAEUaDANBgkqhkiG9w0BAQsFAAOCAQEAOEEtRO2b
1gKRxbaruZmj8wDBBt8v6WGYhv3RxlSwQOuWeiuNtX/CwUl9SXOOFKxNZak90dsY
J4j+9Cv5Lc5TajmedsKnfLbW9iqVCVoQxyCw039HI5jqhpKzMqEcOeY2zKrE3MPn
uO0IDOt8vM3INqqESowey542Vd+hXdbXdK+0TnFca+XsQ0GgYXmSZmokhpA3Bn/J
UnR6ga46BPsJj42rFr4GiYJ57L36uH5EKihADq73vQPfrO7B8/T6pEEcgMfkaD1J
Md5izuvUczpswuKjaHVKCYmIgddMjYs6PCuyppT0aL0poQAsbIkValn8XRn8eMpG
AipNrAZxLli0dg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org