Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/MF_8KzL3erQMVYBoAXef_8YSoCg.roa
File: MF_8KzL3erQMVYBoAXef_8YSoCg.roa (raw, json)
Hash identifier: SZ77rR1O6CEmrJ6/0eH0OQyDvnDmpNqu+MvRxp/xP9Y=
Subject key identifier: 30:5F:FC:2B:32:F7:7A:B4:0C:55:80:68:01:77:9F:FF:C6:12:A0:28
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 0A10BCEA
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/MF_8KzL3erQMVYBoAXef_8YSoCg.roa
Signing time: Tue 01 Feb 2022 10:05:13 +0000
ROA not before: Tue 01 Feb 2022 10:05:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 396982
IP address blocks: 185.56.85.0/24 maxlen: 24
185.56.84.0/24 maxlen: 24
185.56.86.0/24 maxlen: 24
185.56.87.0/24 maxlen: 24
146.66.122.0/24 maxlen: 24
146.66.121.0/24 maxlen: 24
146.66.123.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 168869098 (0xa10bcea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Feb 1 10:05:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=305ffc2b32f77ab40c55806801779fffc612a028
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:bb:1f:19:15:d5:f8:fe:1c:ad:86:ce:90:ac:
80:0a:c7:72:38:b4:ee:2f:40:be:7c:94:1c:b5:55:
9a:34:9e:ec:e0:9f:4f:2d:1f:88:05:7c:41:46:91:
05:95:0b:4a:a9:7f:14:90:b0:cb:7a:8c:bd:9d:6a:
ad:cb:42:1b:f6:1d:f6:31:10:f5:85:7b:bd:00:fb:
20:5d:10:91:52:27:72:d1:6f:f6:38:69:c9:c1:95:
5a:f0:18:31:e9:dc:d5:26:06:8e:8b:ee:fd:8c:74:
1e:c4:83:ab:f3:b1:23:59:c1:5d:33:21:fe:c2:a4:
e4:13:8a:d4:b6:a0:ac:8c:0a:0d:77:87:b2:51:e3:
bc:5f:7c:c7:8a:3f:6c:e6:35:6d:7b:ce:78:06:cf:
55:51:f7:21:99:ca:0b:e0:b2:2d:e6:bb:b6:ca:31:
39:11:c1:02:5f:ae:b8:e0:b9:8e:de:b7:80:16:d1:
5f:6c:10:9e:d7:ea:d9:b6:3d:e7:d4:96:47:2b:91:
0d:10:b7:6f:bb:f0:a3:ed:b3:2d:ca:4f:db:5f:de:
68:1d:73:eb:a6:15:c2:f6:ca:b9:dc:59:c7:ce:71:
c6:b3:57:7e:bf:aa:27:39:30:b0:94:8c:5a:82:c2:
f9:7e:53:a8:b2:90:70:2d:a0:18:3c:25:60:9c:68:
46:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:5F:FC:2B:32:F7:7A:B4:0C:55:80:68:01:77:9F:FF:C6:12:A0:28
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/MF_8KzL3erQMVYBoAXef_8YSoCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.66.121.0-146.66.123.255
185.56.84.0/22
Signature Algorithm: sha256WithRSAEncryption
9b:8d:f2:36:b2:ae:4b:6f:06:20:c7:02:e3:c9:8f:34:04:26:
6a:07:17:5b:b6:b1:8d:93:0e:ab:0c:e8:fa:a0:8d:89:78:be:
00:2c:0c:97:4c:b8:ba:28:b0:53:d9:cd:93:c5:4e:b9:69:b1:
13:53:f7:70:e8:8e:be:36:b0:6f:ad:63:d9:a9:4f:52:05:1a:
30:3b:b2:82:0f:85:d1:d1:0d:e3:cc:75:08:1b:61:7b:29:ca:
b4:b5:da:ad:1d:8a:94:46:0c:e2:b0:2c:41:96:e5:28:aa:6a:
87:c7:4a:3d:70:84:b6:2c:cd:ec:83:22:ea:14:58:f2:a8:66:
fe:fa:ce:c8:0d:8d:00:b8:1c:f1:4e:d8:ab:c5:a7:04:81:6e:
33:04:5a:f3:00:05:f5:09:d0:8b:82:00:ae:64:e4:1e:49:db:
a4:0b:47:2c:80:8c:e4:52:3d:39:10:46:a0:1a:78:a8:fc:04:
f5:a1:b5:2f:81:f6:8f:9c:4d:05:db:88:bc:b3:74:9b:fd:d8:
3a:8d:7a:07:4b:43:56:2a:98:8b:3e:ac:0f:1d:76:53:9c:a7:
20:29:d9:2c:dc:0b:75:75:1a:61:66:55:d6:75:67:53:ef:e4:
d1:13:25:b7:8f:b3:b3:c3:c0:fd:71:e9:27:39:28:d8:4b:54:
da:43:a1:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEChC86jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZDg4ZWI3MzBhYjFhNTAxZWEzNmVhMzQ4MmQ3NjQ1NDRlMTQxMTExMB4XDTIyMDIw
MTEwMDUxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzA1ZmZjMmIzMmY3
N2FiNDBjNTU4MDY4MDE3NzlmZmZjNjEyYTAyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKS7HxkV1fj+HK2GzpCsgArHcji07i9AvnyUHLVVmjSe7OCf
Ty0fiAV8QUaRBZULSql/FJCwy3qMvZ1qrctCG/Yd9jEQ9YV7vQD7IF0QkVInctFv
9jhpycGVWvAYMenc1SYGjovu/Yx0HsSDq/OxI1nBXTMh/sKk5BOK1LagrIwKDXeH
slHjvF98x4o/bOY1bXvOeAbPVVH3IZnKC+CyLea7tsoxORHBAl+uuOC5jt63gBbR
X2wQntfq2bY959SWRyuRDRC3b7vwo+2zLcpP21/eaB1z66YVwvbKudxZx85xxrNX
fr+qJzkwsJSMWoLC+X5TqLKQcC2gGDwlYJxoRq8CAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBQwX/wrMvd6tAxVgGgBd5//xhKgKDAfBgNVHSMEGDAWgBRNiOtzCrGlAeo2
6jSC12RUThQRETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RZanJjd3F4cFFIcU51bzBndGRrVkU0VUVSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvYzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8x
L01GXzhLekwzZXJRTVZZQm9BWGVmXzhZU29DZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
YzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8xL1RZanJjd3F4cFFI
cU51bzBndGRrVkU0VUVSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQAkkJ5AwQCkkJ4AwQCuThUMA0G
CSqGSIb3DQEBCwUAA4IBAQCbjfI2sq5LbwYgxwLjyY80BCZqBxdbtrGNkw6rDOj6
oI2JeL4ALAyXTLi6KLBT2c2TxU65abETU/dw6I6+NrBvrWPZqU9SBRowO7KCD4XR
0Q3jzHUIG2F7Kcq0tdqtHYqURgzisCxBluUoqmqHx0o9cIS2LM3sgyLqFFjyqGb+
+s7IDY0AuBzxTtirxacEgW4zBFrzAAX1CdCLggCuZOQeSdukC0csgIzkUj05EEag
Gnio/AT1obUvgfaPnE0F24i8s3Sb/dg6jXoHS0NWKpiLPqwPHXZTnKcgKdks3At1
dRphZlXWdWdT7+TREyW3j7Ozw8D9ceknOSjYS1TaQ6E3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org