Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/EgdTNgYg4fGpU5TpRm7UWn-3Mro.roa
File: EgdTNgYg4fGpU5TpRm7UWn-3Mro.roa (raw, json)
Hash identifier: n0mfdfH5ME2DLL++dqVAEs1yNLEwz06/PKOv4BjePJ0=
Subject key identifier: 12:07:53:36:06:20:E1:F1:A9:53:94:E9:46:6E:D4:5A:7F:B7:32:BA
Certificate issuer: /CN=b169a49700e0c3b8e39a79130c987a5000ccffe2
Certificate serial: 01856D787E74529B0EC5AD84C8F241B955A2
Authority key identifier: B1:69:A4:97:00:E0:C3:B8:E3:9A:79:13:0C:98:7A:50:00:CC:FF:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sWmklwDgw7jjmnkTDJh6UADM_-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/EgdTNgYg4fGpU5TpRm7UWn-3Mro.roa
Signing time: Sun 01 Jan 2023 13:14:51 +0000
ROA not before: Sun 01 Jan 2023 13:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206364
IP address blocks: 37.153.133.0/24 maxlen: 24
185.163.13.0/24 maxlen: 24
2a00:1197::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:78:7e:74:52:9b:0e:c5:ad:84:c8:f2:41:b9:55:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b169a49700e0c3b8e39a79130c987a5000ccffe2
Validity
Not Before: Jan 1 13:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=120753360620e1f1a95394e9466ed45a7fb732ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:9f:b9:f5:ee:5f:b1:b0:ef:d9:b3:09:69:9a:
85:46:20:86:6c:85:2b:04:79:c6:53:2c:fd:ba:83:
4d:2a:1f:e9:17:4e:2a:a2:d1:b9:dd:a2:ec:cc:00:
82:40:54:79:c2:2f:9f:7a:c0:1b:c3:89:71:75:1e:
6d:de:c9:d5:a1:e3:f8:3e:ec:ee:f4:d7:4d:fa:b2:
6f:fa:f8:20:d7:79:52:f8:c3:81:f0:eb:c2:53:4d:
a4:37:57:99:67:5f:9a:01:1e:f5:eb:fc:09:b6:49:
68:4e:8a:9a:93:2f:5d:13:36:30:57:0b:42:30:38:
eb:03:b8:b8:33:50:ae:0d:05:0a:a4:7b:21:7e:e0:
69:8f:55:94:7d:47:8d:d3:b0:d3:51:0a:38:78:c2:
70:e0:e5:6f:37:78:ec:99:11:1b:fe:21:f2:e3:67:
2d:d4:aa:32:f6:55:97:8b:75:50:e7:5c:1a:8e:79:
07:38:58:9d:1c:01:f5:ba:77:0b:fc:64:6c:a3:a9:
a7:14:09:88:63:c0:33:57:b3:af:64:c8:bd:43:8f:
d6:9e:44:60:ef:bb:04:5b:99:c7:90:ba:df:bd:5a:
0e:8d:69:fb:d3:49:9d:dc:d5:b1:08:17:3e:42:a8:
5f:8d:c0:38:fc:42:a0:1d:93:ba:b0:c1:7b:1c:a1:
c1:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:07:53:36:06:20:E1:F1:A9:53:94:E9:46:6E:D4:5A:7F:B7:32:BA
X509v3 Authority Key Identifier:
keyid:B1:69:A4:97:00:E0:C3:B8:E3:9A:79:13:0C:98:7A:50:00:CC:FF:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWmklwDgw7jjmnkTDJh6UADM_-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/EgdTNgYg4fGpU5TpRm7UWn-3Mro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/39081f-5003-41ed-b80a-3fae034c489e/1/sWmklwDgw7jjmnkTDJh6UADM_-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.153.133.0/24
185.163.13.0/24
IPv6:
2a00:1197::/32
Signature Algorithm: sha256WithRSAEncryption
83:ae:61:ef:ec:0c:75:6b:df:52:7c:4b:76:f5:2b:19:29:35:
64:c6:d0:da:5f:9d:34:c9:83:ff:af:70:3e:98:ff:fb:bf:db:
25:13:bb:a5:2e:2d:27:ca:24:76:63:71:cc:12:dd:cb:92:83:
9d:e1:8b:99:17:2e:1b:4f:a6:1a:e9:56:64:80:b2:7e:59:05:
c7:6e:4e:a4:0e:92:1e:03:86:43:e3:79:3e:02:fe:d3:b4:40:
94:dd:85:7e:43:85:b9:7b:e8:15:32:5c:df:75:2a:10:43:84:
c7:89:fa:ac:1b:50:16:a7:2c:1e:30:87:fb:09:aa:41:4e:6d:
73:f7:e1:78:2f:b9:87:1b:d9:52:01:7e:ac:ba:dc:5c:d0:06:
b4:ea:6e:db:5c:1d:b3:3a:61:59:79:5c:d2:60:2d:f1:a7:53:
16:75:40:03:57:d7:d4:4b:0b:8d:0e:f2:12:62:78:61:90:be:
db:57:89:57:20:51:1f:ce:81:59:3b:d3:05:96:51:0c:5d:e0:
ff:25:ec:0a:b4:f4:55:09:c3:d9:a1:b6:35:a1:1c:64:6b:7d:
0f:b3:c3:e1:bc:6e:04:6d:d7:f2:03:aa:46:b3:04:97:f6:9a:
2b:6b:30:5d:27:c3:1c:f1:51:3f:e3:1a:70:b8:3b:2e:a8:1f:
a2:68:29:87
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVteH50UpsOxa2EyPJBuVWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNjlhNDk3MDBlMGMzYjhlMzlhNzkxMzBjOTg3YTUwMDBj
Y2ZmZTIwHhcNMjMwMTAxMTMxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjA3NTMzNjA2MjBlMWYxYTk1Mzk0ZTk0NjZlZDQ1YTdmYjczMmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5+59e5fsbDv2bMJaZqFRiCGbIUr
BHnGUyz9uoNNKh/pF04qotG53aLszACCQFR5wi+fesAbw4lxdR5t3snVoeP4Puzu
9NdN+rJv+vgg13lS+MOB8OvCU02kN1eZZ1+aAR716/wJtkloToqaky9dEzYwVwtC
MDjrA7i4M1CuDQUKpHshfuBpj1WUfUeN07DTUQo4eMJw4OVvN3jsmREb/iHy42ct
1Koy9lWXi3VQ51wajnkHOFidHAH1uncL/GRso6mnFAmIY8AzV7OvZMi9Q4/WnkRg
77sEW5nHkLrfvVoOjWn700md3NWxCBc+QqhfjcA4/EKgHZO6sMF7HKHBRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBIHUzYGIOHxqVOU6UZu1Fp/tzK6MB8GA1UdIwQY
MBaAFLFppJcA4MO445p5EwyYelAAzP/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1dta2x3RGd3N2pqbW5rVERKaDZVQURNXy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zOTA4MWYtNTAwMy00MWVkLWI4MGEt
M2ZhZTAzNGM0ODllLzEvRWdkVE5nWWc0ZkdwVTVUcFJtN1VXbi0zTXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zOTA4MWYtNTAwMy00MWVkLWI4MGEtM2ZhZTAzNGM0ODll
LzEvc1dta2x3RGd3N2pqbW5rVERKaDZVQURNXy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJZmFAwQA
uaMNMA0EAgACMAcDBQAqABGXMA0GCSqGSIb3DQEBCwUAA4IBAQCDrmHv7Ax1a99S
fEt29SsZKTVkxtDaX500yYP/r3A+mP/7v9slE7ulLi0nyiR2Y3HMEt3LkoOd4YuZ
Fy4bT6Ya6VZkgLJ+WQXHbk6kDpIeA4ZD43k+Av7TtECU3YV+Q4W5e+gVMlzfdSoQ
Q4THifqsG1AWpyweMIf7CapBTm1z9+F4L7mHG9lSAX6sutxc0Aa06m7bXB2zOmFZ
eVzSYC3xp1MWdUADV9fUSwuNDvISYnhhkL7bV4lXIFEfzoFZO9MFllEMXeD/JewK
tPRVCcPZobY1oRxka30Ps8PhvG4EbdfyA6pGswSX9porazBdJ8Mc8VE/4xpwuDsu
qB+iaCmH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org