Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tPjsMyJKO7Dr5tCoTPN5cieFMgo.roa
File: tPjsMyJKO7Dr5tCoTPN5cieFMgo.roa (raw, json)
Hash identifier: F1W65te1zPpXHJRuR7Lg+LxamFdEKxiN8Q+9CkvyAgY=
Subject key identifier: B4:F8:EC:33:22:4A:3B:B0:EB:E6:D0:A8:4C:F3:79:72:27:85:32:0A
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 37F1C382
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tPjsMyJKO7Dr5tCoTPN5cieFMgo.roa
Signing time: Tue 05 Apr 2022 14:40:45 +0000
ROA not before: Tue 05 Apr 2022 14:40:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 30738
IP address blocks: 195.211.53.0/24 maxlen: 24
195.2.226.0/23 maxlen: 23
188.130.254.0/24 maxlen: 24
188.130.182.0/24 maxlen: 24
2001:1468:8000::/36 maxlen: 36
2001:1468::/32 maxlen: 33
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 938591106 (0x37f1c382)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Apr 5 14:40:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b4f8ec33224a3bb0ebe6d0a84cf379722785320a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:ff:15:45:f1:d0:46:c3:01:8d:ea:2b:3f:1d:
e2:ec:c8:2e:6f:09:7a:b6:71:3a:b8:e5:f6:e4:39:
33:f8:1d:c1:c5:09:13:29:ac:1d:38:ae:dd:7d:24:
ef:a3:75:61:92:e7:14:29:cc:e3:37:a0:6b:57:73:
a9:21:f8:b4:dc:2f:1a:12:4f:df:05:6e:6f:fb:02:
6b:04:ed:7e:66:80:d7:c4:b6:af:5b:b3:71:7e:78:
ef:3e:f4:9f:45:8a:af:03:af:3a:b9:48:ce:5b:f0:
61:c9:32:a8:27:79:45:79:b1:43:ae:c3:9b:31:29:
84:57:de:6b:64:3c:bd:a2:ea:a2:6a:cf:ba:2c:11:
2f:bb:ba:2c:ce:ad:d9:35:d1:6f:5f:72:0f:69:af:
e6:2a:39:d5:16:ab:67:df:fe:96:da:72:bb:4c:8b:
38:e8:bf:3f:24:31:e3:ad:f1:a3:d7:4f:dd:c1:b6:
c9:b8:5f:86:dc:46:cb:50:39:40:f9:88:09:08:0f:
ba:46:b9:96:93:76:d4:7d:f5:3f:b8:21:28:88:65:
5d:87:02:77:89:69:e1:3d:10:4d:62:40:c7:0b:5c:
a4:67:e7:4e:0e:c4:1f:0d:fe:31:99:c3:b9:7c:5b:
61:f6:eb:42:5d:bf:70:47:22:d7:44:b8:13:60:3b:
49:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:F8:EC:33:22:4A:3B:B0:EB:E6:D0:A8:4C:F3:79:72:27:85:32:0A
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tPjsMyJKO7Dr5tCoTPN5cieFMgo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.130.182.0/24
188.130.254.0/24
195.2.226.0/23
195.211.53.0/24
IPv6:
2001:1468::/32
Signature Algorithm: sha256WithRSAEncryption
09:a6:94:b8:d6:3a:eb:c3:52:5a:37:11:1a:ef:db:48:a7:3b:
c8:c8:27:69:51:21:50:4f:53:91:64:3a:3d:31:c9:19:a3:45:
a9:9e:36:42:e7:d0:94:ef:1b:da:39:fa:95:3c:3f:8c:c2:da:
55:9e:db:78:5a:91:a2:75:d7:cb:48:27:9f:23:ad:66:b5:8f:
e6:7d:b6:85:76:58:66:a6:4b:f1:73:04:91:be:cf:d1:f3:36:
da:3f:61:8e:16:7d:fa:54:ca:db:42:6f:5f:af:d4:ef:9d:3f:
91:6f:db:59:51:8d:a1:c9:13:04:78:2d:ac:fd:22:fc:fa:b2:
fd:e0:2f:16:db:79:41:70:d3:1c:96:17:68:fe:8b:25:7b:5a:
14:19:41:7b:3b:6e:18:01:77:b3:36:46:d4:e0:17:6a:bd:21:
71:2e:06:06:50:30:de:2d:49:95:0e:a2:73:d4:86:e2:5a:75:
62:23:f3:d8:bb:a5:ed:bd:49:de:4c:ee:7f:dd:5c:24:ec:e8:
4c:c8:51:cb:5b:81:5e:4e:13:7a:c2:84:24:1a:54:63:e5:0b:
fb:1b:1c:6d:48:82:8f:6d:b2:3c:36:4a:d0:89:5d:58:e0:ae:
f6:f6:3b:49:6c:1f:c2:de:20:c7:b6:90:15:c0:9b:71:d5:cf:
03:11:85:8a
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEN/HDgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDQw
NTE0NDA0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjRmOGVjMzMyMjRh
M2JiMGViZTZkMGE4NGNmMzc5NzIyNzg1MzIwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ3/FUXx0EbDAY3qKz8d4uzILm8JerZxOrjl9uQ5M/gdwcUJ
EymsHTiu3X0k76N1YZLnFCnM4zega1dzqSH4tNwvGhJP3wVub/sCawTtfmaA18S2
r1uzcX547z70n0WKrwOvOrlIzlvwYckyqCd5RXmxQ67DmzEphFfea2Q8vaLqomrP
uiwRL7u6LM6t2TXRb19yD2mv5io51RarZ9/+ltpyu0yLOOi/PyQx463xo9dP3cG2
ybhfhtxGy1A5QPmICQgPuka5lpN21H31P7ghKIhlXYcCd4lp4T0QTWJAxwtcpGfn
Tg7EHw3+MZnDuXxbYfbrQl2/cEci10S4E2A7SdECAwEAAaOCAiowggImMB0GA1Ud
DgQWBBS0+OwzIko7sOvm0KhM83lyJ4UyCjAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L3RQanNNeUpLTzdEcjV0Q29UUE41Y2llRk1nby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEALyCtgMEALyC/gMEAcMC4gMEAMPT
NTANBAIAAjAHAwUAIAEUaDANBgkqhkiG9w0BAQsFAAOCAQEACaaUuNY668NSWjcR
Gu/bSKc7yMgnaVEhUE9TkWQ6PTHJGaNFqZ42QufQlO8b2jn6lTw/jMLaVZ7beFqR
onXXy0gnnyOtZrWP5n22hXZYZqZL8XMEkb7P0fM22j9hjhZ9+lTK20JvX6/U750/
kW/bWVGNockTBHgtrP0i/Pqy/eAvFtt5QXDTHJYXaP6LJXtaFBlBeztuGAF3szZG
1OAXar0hcS4GBlAw3i1JlQ6ic9SG4lp1YiPz2Lul7b1J3kzuf91cJOzoTMhRy1uB
Xk4TesKEJBpUY+UL+xscbUiCj22yPDZK0IldWOCu9vY7SWwfwt4gx7aQFcCbcdXP
AxGFig==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org