Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/BxNuWdSnurVPkPaTFNIaC8cctDM.roa
File: BxNuWdSnurVPkPaTFNIaC8cctDM.roa (raw, json)
Hash identifier: fkd7ihIB8wq85EAp5h5QARhcoVQKQ5mdfVM6kvNNDS0=
Subject key identifier: 07:13:6E:59:D4:A7:BA:B5:4F:90:F6:93:14:D2:1A:0B:C7:1C:B4:33
Certificate issuer: /CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Certificate serial: 1BCBE492
Authority key identifier: 16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/BxNuWdSnurVPkPaTFNIaC8cctDM.roa
Signing time: Sat 01 Jan 2022 10:02:04 +0000
ROA not before: Sat 01 Jan 2022 10:02:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 16154
IP address blocks: 88.213.192.0/20 maxlen: 24
88.213.192.0/21 maxlen: 24
80.95.24.0/21 maxlen: 24
217.79.64.0/19 maxlen: 24
2a02:7900::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 466347154 (0x1bcbe492)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16241dd83d8ac080b66504bf937459ffcec4ccc4
Validity
Not Before: Jan 1 10:02:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=07136e59d4a7bab54f90f69314d21a0bc71cb433
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:3c:5c:06:7a:e4:41:c4:a5:b8:69:57:16:c5:
ee:ec:44:8b:60:6a:26:41:90:c6:27:91:ce:f5:9a:
5b:7c:67:fa:b0:40:06:97:0c:ab:04:6d:93:82:81:
94:fc:14:29:e5:07:7e:56:55:75:37:f1:c9:c8:ae:
b5:4c:8b:b5:20:24:fc:bf:7f:13:26:b9:95:d7:60:
c6:4d:d7:a6:17:21:69:05:6c:c3:26:d8:b6:43:6f:
67:4d:0a:6b:16:0f:bb:ec:15:ba:10:0b:e2:79:00:
86:c9:cd:fa:1f:e3:bc:7d:db:6a:59:4e:a7:22:e7:
81:e0:8f:69:bb:83:ec:55:b9:b3:db:b4:e5:49:80:
a0:98:2d:9c:40:25:98:b8:2a:7e:c9:08:3d:7b:06:
66:79:f2:7d:55:e6:47:1c:a4:eb:a6:05:f4:43:fa:
a1:8a:1e:61:05:72:48:58:85:90:16:4a:e9:b9:86:
0d:fb:ae:79:9d:14:bd:88:a0:91:af:9a:8f:30:7d:
c6:ab:94:4b:85:be:a5:bd:e8:8f:74:74:de:9c:d2:
e5:70:d2:cb:94:88:a4:0d:a9:4e:ee:c6:c3:cb:7c:
05:09:6e:19:c6:a0:10:4b:3a:ee:0c:4c:86:ae:fa:
c4:89:69:54:6f:84:6b:da:ed:cc:b8:96:15:10:29:
90:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:13:6E:59:D4:A7:BA:B5:4F:90:F6:93:14:D2:1A:0B:C7:1C:B4:33
X509v3 Authority Key Identifier:
keyid:16:24:1D:D8:3D:8A:C0:80:B6:65:04:BF:93:74:59:FF:CE:C4:CC:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/BxNuWdSnurVPkPaTFNIaC8cctDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b90060-5aaa-43ea-bceb-5e749f4341a4/1/FiQd2D2KwIC2ZQS_k3RZ_87EzMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.95.24.0/21
88.213.192.0/20
217.79.64.0/19
IPv6:
2a02:7900::/32
Signature Algorithm: sha256WithRSAEncryption
2d:6a:75:4c:99:5d:de:f1:5a:92:86:18:01:88:56:f3:85:95:
46:04:dc:01:c6:aa:8c:89:68:32:c2:fc:d7:ac:7d:75:20:ba:
19:82:1a:05:83:04:c9:23:71:92:1e:31:c9:50:c0:c5:a0:ba:
15:c9:2b:99:fa:f0:2e:f7:24:de:21:f2:54:08:3a:f7:e4:06:
d2:ab:67:14:8d:c6:ee:cb:b7:65:dc:52:bf:f2:ce:59:53:c4:
f9:5c:78:1b:83:f6:ab:75:71:ff:85:e2:04:fd:ec:22:47:a3:
1e:5f:79:0f:24:e7:01:16:ac:c2:7c:f1:21:b6:bc:63:8a:97:
5c:d6:18:ff:2a:c3:24:4d:1d:81:96:67:fe:2a:c6:66:5c:94:
49:a4:69:fe:f2:83:eb:2d:d7:fd:3f:f6:74:8f:e3:7b:67:02:
d9:e6:65:9a:8d:ef:22:22:d1:30:f6:cb:3b:f2:2a:65:ad:18:
94:3a:14:86:ca:ff:7a:1e:d9:6b:f6:9b:72:5e:ae:b0:9a:7c:
a5:a5:52:55:27:99:18:56:17:3e:8b:db:b4:43:63:fe:3a:7c:
7b:f1:b1:f9:ed:55:27:20:6a:62:b6:0a:87:68:92:33:13:e1:
03:a1:07:2b:fd:5f:75:bc:75:05:81:f8:93:82:53:ed:e9:7d:
62:df:4f:4e
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEG8vkkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NjI0MWRkODNkOGFjMDgwYjY2NTA0YmY5Mzc0NTlmZmNlYzRjY2M0MB4XDTIyMDEw
MTEwMDIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDcxMzZlNTlkNGE3
YmFiNTRmOTBmNjkzMTRkMjFhMGJjNzFjYjQzMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOM8XAZ65EHEpbhpVxbF7uxEi2BqJkGQxieRzvWaW3xn+rBA
BpcMqwRtk4KBlPwUKeUHflZVdTfxyciutUyLtSAk/L9/Eya5lddgxk3XphchaQVs
wybYtkNvZ00KaxYPu+wVuhAL4nkAhsnN+h/jvH3ballOpyLngeCPabuD7FW5s9u0
5UmAoJgtnEAlmLgqfskIPXsGZnnyfVXmRxyk66YF9EP6oYoeYQVySFiFkBZK6bmG
DfuueZ0UvYigka+ajzB9xquUS4W+pb3oj3R03pzS5XDSy5SIpA2pTu7Gw8t8BQlu
GcagEEs67gxMhq76xIlpVG+Ea9rtzLiWFRApkG8CAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBQHE25Z1Ke6tU+Q9pMU0hoLxxy0MzAfBgNVHSMEGDAWgBQWJB3YPYrAgLZl
BL+TdFn/zsTMxDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0ZpUWQyRDJLd0lDMlpRU19rM1JaXzg3RXpNUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjYvYjkwMDYwLTVhYWEtNDNlYS1iY2ViLTVlNzQ5ZjQzNDFhNC8x
L0J4TnVXZFNudXJWUGtQYVRGTklhQzhjY3RETS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYv
YjkwMDYwLTVhYWEtNDNlYS1iY2ViLTVlNzQ5ZjQzNDFhNC8xL0ZpUWQyRDJLd0lD
MlpRU19rM1JaXzg3RXpNUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEA1BfGAMEBFjVwAMEBdlPQDANBAIA
AjAHAwUAKgJ5ADANBgkqhkiG9w0BAQsFAAOCAQEALWp1TJld3vFakoYYAYhW84WV
RgTcAcaqjIloMsL816x9dSC6GYIaBYMEySNxkh4xyVDAxaC6FckrmfrwLvck3iHy
VAg69+QG0qtnFI3G7su3ZdxSv/LOWVPE+Vx4G4P2q3Vx/4XiBP3sIkejHl95DyTn
ARaswnzxIba8Y4qXXNYY/yrDJE0dgZZn/irGZlyUSaRp/vKD6y3X/T/2dI/je2cC
2eZlmo3vIiLRMPbLO/IqZa0YlDoUhsr/eh7Za/abcl6usJp8paVSVSeZGFYXPovb
tENj/jp8e/Gx+e1VJyBqYrYKh2iSMxPhA6EHK/1fdbx1BYH4k4JT7el9Yt9PTg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:15 2024 by rpki-client on console-fra.rpki-client.org