Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/KCeh6GSzdteBTAZ82ic3iqzPrSU.roa
File: KCeh6GSzdteBTAZ82ic3iqzPrSU.roa (raw, json)
Hash identifier: DnBDUHxhlZyDJL32GGsCMBmb8VWmfUl2KYANDSJ/uaE=
Subject key identifier: 28:27:A1:E8:64:B3:76:D7:81:4C:06:7C:DA:27:37:8A:AC:CF:AD:25
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 0186EABE53CB62DF029129700071BEA79478
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/KCeh6GSzdteBTAZ82ic3iqzPrSU.roa
Signing time: Thu 16 Mar 2023 14:06:27 +0000
ROA not before: Thu 16 Mar 2023 14:06:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59851
IP address blocks: 185.225.237.0/24 maxlen: 24
77.104.187.0/24 maxlen: 32
77.104.128.0/18 maxlen: 24
2a04:f280::/40 maxlen: 128
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ea:be:53:cb:62:df:02:91:29:70:00:71:be:a7:94:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Mar 16 14:06:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2827a1e864b376d7814c067cda27378aaccfad25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:82:f3:c8:bc:6f:f0:64:16:ef:d0:b4:53:6a:
41:56:12:f4:b5:1d:5b:55:3a:74:50:22:cb:da:74:
06:72:95:a1:9a:33:ea:10:0a:dd:63:2f:82:84:1f:
3c:47:09:73:f0:c9:e0:60:e6:8b:af:c0:74:f7:46:
72:4c:dc:9d:cd:87:fd:a6:65:88:24:5b:c2:4e:64:
ae:f7:9c:b3:d8:5a:7f:c9:76:a8:4c:7c:a8:d8:53:
19:13:f5:46:31:4f:24:8d:ae:ce:8c:39:54:83:1a:
e4:4c:b6:f0:9e:b8:b3:f5:59:65:11:d8:8d:d8:63:
77:bc:4f:31:7c:56:64:22:70:3f:b4:79:01:2b:df:
c2:f0:a4:45:3c:3f:0b:73:49:d1:8a:97:a7:b3:c5:
2a:86:4f:b6:29:a9:d7:a0:58:5d:9f:aa:8e:f3:0e:
eb:5b:d0:a8:8a:6e:0c:b7:40:f1:fb:86:82:6e:2a:
d3:c1:d9:db:4a:e9:86:02:06:c3:4b:2a:93:21:74:
2f:1f:e5:05:d1:65:06:18:df:77:93:93:c9:e1:e7:
20:31:76:fa:10:ca:98:aa:ed:60:62:a9:fe:f8:9c:
7e:f0:7e:cf:7c:82:92:de:c5:ca:c2:f5:e5:99:9e:
8c:34:1b:07:56:44:a9:1c:20:ff:17:50:f3:d2:4d:
90:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:27:A1:E8:64:B3:76:D7:81:4C:06:7C:DA:27:37:8A:AC:CF:AD:25
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/KCeh6GSzdteBTAZ82ic3iqzPrSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.104.128.0/18
185.225.237.0/24
IPv6:
2a04:f280::/40
Signature Algorithm: sha256WithRSAEncryption
8e:4f:78:81:3a:10:c8:bd:a1:d1:1e:0f:7e:d9:e6:fb:b1:14:
7f:6d:ec:d2:57:5b:4d:2b:b7:65:51:ff:3c:ef:9a:b0:04:ba:
86:83:e1:7f:0c:56:c7:1f:b2:e6:50:9c:d7:83:3e:1c:8e:b1:
31:4d:51:56:18:83:60:a3:44:8d:f8:24:e1:fc:97:4e:6a:1e:
cb:e4:2e:86:b2:4b:1e:87:cc:d7:5f:6a:a9:4f:42:86:ed:a0:
e8:cf:64:11:82:b0:8b:0c:c1:94:8a:8f:63:7d:bb:49:70:2b:
a8:92:04:9b:12:94:bd:5e:1d:33:9a:40:d0:9b:7f:c3:43:9b:
6a:1e:4d:97:4e:19:52:26:7c:59:44:73:04:be:b0:f3:f3:1c:
bb:1e:f4:85:66:1a:e8:a0:60:c8:e2:44:41:5c:78:46:1e:b0:
28:3f:3a:e0:ad:09:e0:5e:b5:e1:37:e3:e4:84:f8:97:3b:67:
1b:58:6a:a7:8a:85:02:d5:a5:22:30:c1:fa:c4:93:09:3d:14:
38:d8:77:a0:d0:09:ab:c4:04:46:2a:02:72:ff:01:67:a9:c2:
37:d6:e2:33:bc:f7:32:4d:e1:4a:14:fb:a5:89:51:2e:51:c5:
45:32:2a:0f:d4:54:5d:65:f1:ea:b6:6f:e5:78:74:2c:4e:c5:
88:d2:53:22
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYbqvlPLYt8CkSlwAHG+p5R4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMzE2MTQwNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODI3YTFlODY0YjM3NmQ3ODE0YzA2N2NkYTI3Mzc4YWFjY2ZhZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjILzyLxv8GQW79C0U2pBVhL0tR1b
VTp0UCLL2nQGcpWhmjPqEArdYy+ChB88Rwlz8MngYOaLr8B090ZyTNydzYf9pmWI
JFvCTmSu95yz2Fp/yXaoTHyo2FMZE/VGMU8kja7OjDlUgxrkTLbwnriz9VllEdiN
2GN3vE8xfFZkInA/tHkBK9/C8KRFPD8Lc0nRipens8Uqhk+2KanXoFhdn6qO8w7r
W9Coim4Mt0Dx+4aCbirTwdnbSumGAgbDSyqTIXQvH+UF0WUGGN93k5PJ4ecgMXb6
EMqYqu1gYqn++Jx+8H7PfIKS3sXKwvXlmZ6MNBsHVkSpHCD/F1Dz0k2Q/QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCgnoehks3bXgUwGfNonN4qsz60lMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvS0NlaDZHU3pkdGVCVEFaODJpYzNpcXpQclNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQGTWiAAwQA
ueHtMA4EAgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAjk94gToQyL2h
0R4Pftnm+7EUf23s0ldbTSu3ZVH/PO+asAS6hoPhfwxWxx+y5lCc14M+HI6xMU1R
VhiDYKNEjfgk4fyXTmoey+QuhrJLHofM119qqU9Chu2g6M9kEYKwiwzBlIqPY327
SXArqJIEmxKUvV4dM5pA0Jt/w0Obah5Nl04ZUiZ8WURzBL6w8/Mcux70hWYa6KBg
yOJEQVx4Rh6wKD864K0J4F614Tfj5IT4lztnG1hqp4qFAtWlIjDB+sSTCT0UONh3
oNAJq8QERioCcv8BZ6nCN9biM7z3Mk3hShT7pYlRLlHFRTIqD9RUXWXx6rZv5Xh0
LE7FiNJTIg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org