Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/bM61yCef2YahQycXEp23yauicYU.roa
File: bM61yCef2YahQycXEp23yauicYU.roa (raw, json)
Hash identifier: YnLASt5KYce1AZ+J9wS2ayITn8mwvjbP8/0Zewhdd+w=
Subject key identifier: 6C:CE:B5:C8:27:9F:D9:86:A1:43:27:17:12:9D:B7:C9:AB:A2:71:85
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 01856CCAE6BF75F2CBA0ACD1A2C7F74CF36F
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/bM61yCef2YahQycXEp23yauicYU.roa
Signing time: Sun 01 Jan 2023 10:05:14 +0000
ROA not before: Sun 01 Jan 2023 10:05:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 396982
IP address blocks: 185.56.85.0/24 maxlen: 24
185.56.84.0/24 maxlen: 24
185.56.86.0/24 maxlen: 24
185.56.87.0/24 maxlen: 24
146.66.122.0/24 maxlen: 24
146.66.121.0/24 maxlen: 24
146.66.123.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ca:e6:bf:75:f2:cb:a0:ac:d1:a2:c7:f7:4c:f3:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Jan 1 10:05:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cceb5c8279fd986a1432717129db7c9aba27185
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:08:69:26:aa:f3:98:ea:9c:2c:d8:93:06:01:
6e:ba:b8:79:9c:5c:76:26:bd:63:68:b5:b2:6a:0a:
87:21:77:01:34:d7:80:3d:88:a0:ba:f6:c0:da:0f:
cc:70:64:2b:7d:20:4e:eb:0f:03:32:49:c1:c0:19:
63:7a:be:5a:9e:c2:57:d1:d3:4d:f2:c5:ae:5e:f0:
61:3b:82:6d:d6:a7:20:6a:e5:e9:96:37:c4:ed:bb:
bd:ab:91:6f:b4:e3:97:a8:36:75:0f:dd:94:59:43:
30:88:a9:ab:97:7c:e2:38:30:39:4f:fe:62:63:98:
ed:ad:23:ae:7a:65:42:78:f8:2e:6d:c8:a1:ae:50:
c4:b0:49:8f:1c:27:17:dd:7d:5a:a9:a4:42:e3:bf:
5e:9c:f2:5f:b7:41:cb:e3:83:42:32:07:fd:7c:21:
5f:8a:91:03:45:99:a4:44:fa:9c:8d:63:95:01:19:
c1:10:bd:7e:2a:ef:db:92:ef:87:e4:28:b9:77:7a:
18:6b:11:31:6a:7c:06:10:75:59:8f:08:88:70:c4:
04:c7:1f:60:40:08:44:8f:96:92:6d:da:42:54:25:
6b:f9:0c:c7:a9:55:ac:6f:f5:d2:7e:c7:4b:ea:79:
bb:77:ca:83:75:a8:86:85:5e:e9:47:d0:8b:77:1a:
45:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:CE:B5:C8:27:9F:D9:86:A1:43:27:17:12:9D:B7:C9:AB:A2:71:85
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/bM61yCef2YahQycXEp23yauicYU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.66.121.0-146.66.123.255
185.56.84.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:2d:e7:d7:ef:e7:25:f0:10:0e:91:32:d2:98:d4:68:e3:59:
5a:a8:56:1e:66:b0:32:52:db:56:4a:8a:17:5e:0c:2e:da:e8:
6e:d5:27:e1:ff:17:1f:2c:9d:22:ba:5a:59:68:01:b0:79:0d:
33:1c:79:f8:eb:90:d9:36:f0:53:cd:d7:19:fa:ad:33:28:68:
58:1c:7f:fe:9b:1c:a1:7f:12:9b:fb:75:37:be:83:fe:a5:04:
18:52:a7:51:7b:08:ae:f8:3c:d0:ae:d2:7b:2f:85:d7:3b:46:
21:8b:d9:3d:a7:c8:cd:d1:8e:45:90:f5:93:41:00:88:5e:1c:
59:d7:e6:95:9d:f1:cc:17:66:41:e5:4c:a0:12:1f:02:53:a2:
b3:a5:da:89:0e:3a:26:71:f6:96:11:45:cc:62:36:43:a3:6b:
6a:77:17:82:79:25:a5:43:5b:04:a4:c9:b9:2f:35:a2:21:6a:
31:cc:e4:2e:e9:4d:c7:8b:44:2c:76:c4:e5:1a:96:b4:fa:28:
80:3d:95:a3:ad:af:cc:a5:6d:cc:54:e9:0d:36:5b:2e:b3:64:
78:3f:d2:7f:32:39:9f:37:61:0c:e7:ca:eb:cb:39:98:4c:f6:
20:e6:36:f2:4b:7d:45:9a:fc:0a:41:fc:86:72:20:9e:a3:5d:
2d:22:db:2f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVsyua/dfLLoKzRosf3TPNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2NlYjVjODI3OWZkOTg2YTE0MzI3MTcxMjlkYjdjOWFiYTI3MTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwhpJqrzmOqcLNiTBgFuurh5nFx2
Jr1jaLWyagqHIXcBNNeAPYiguvbA2g/McGQrfSBO6w8DMknBwBljer5ansJX0dNN
8sWuXvBhO4Jt1qcgauXpljfE7bu9q5FvtOOXqDZ1D92UWUMwiKmrl3ziODA5T/5i
Y5jtrSOuemVCePgubcihrlDEsEmPHCcX3X1aqaRC479enPJft0HL44NCMgf9fCFf
ipEDRZmkRPqcjWOVARnBEL1+Ku/bku+H5Ci5d3oYaxExanwGEHVZjwiIcMQExx9g
QAhEj5aSbdpCVCVr+QzHqVWsb/XSfsdL6nm7d8qDdaiGhV7pR9CLdxpFcwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGzOtcgnn9mGoUMnFxKdt8mronGFMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvYk02MXlDZWYyWWFoUXljWEVwMjN5YXVpY1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACSQnkD
BAKSQngDBAK5OFQwDQYJKoZIhvcNAQELBQADggEBAA4t59fv5yXwEA6RMtKY1Gjj
WVqoVh5msDJS21ZKihdeDC7a6G7VJ+H/Fx8snSK6WlloAbB5DTMcefjrkNk28FPN
1xn6rTMoaFgcf/6bHKF/Epv7dTe+g/6lBBhSp1F7CK74PNCu0nsvhdc7RiGL2T2n
yM3RjkWQ9ZNBAIheHFnX5pWd8cwXZkHlTKASHwJTorOl2okOOiZx9pYRRcxiNkOj
a2p3F4J5JaVDWwSkybkvNaIhajHM5C7pTceLRCx2xOUalrT6KIA9laOtr8ylbcxU
6Q02Wy6zZHg/0n8yOZ83YQznyuvLOZhM9iDmNvJLfUWa/ApB/IZyIJ6jXS0i2y8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org