Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/utqcZV-jn9_rJilZDMAd9ohoxJs.roa
File: utqcZV-jn9_rJilZDMAd9ohoxJs.roa (raw, json)
Hash identifier: yDzjyvBdoTwRqbbzRKvDYJC5ctNsdGBCaSnzvkeYTHI=
Subject key identifier: BA:DA:9C:65:5F:A3:9F:DF:EB:26:29:59:0C:C0:1D:F6:88:68:C4:9B
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 01856CCAE0593E9C6718E1F0E62DDDB78C7C
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/utqcZV-jn9_rJilZDMAd9ohoxJs.roa
Signing time: Sun 01 Jan 2023 10:05:13 +0000
ROA not before: Sun 01 Jan 2023 10:05:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16509
IP address blocks: 185.225.236.0/22 maxlen: 24
146.66.125.0/24 maxlen: 24
77.104.128.0/18 maxlen: 24
146.66.64.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ca:e0:59:3e:9c:67:18:e1:f0:e6:2d:dd:b7:8c:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Jan 1 10:05:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bada9c655fa39fdfeb2629590cc01df68868c49b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:42:ce:c1:93:df:7c:fa:44:47:2e:a1:62:90:
a7:e5:4d:26:1e:d2:b3:12:46:21:41:2d:2d:d7:a4:
ac:37:d8:a2:ec:86:9c:1b:19:3a:96:72:02:ef:b7:
23:4f:05:d1:9c:43:ab:0a:68:c5:80:20:55:ec:66:
39:5a:4b:f7:94:95:1b:7d:b0:c4:74:22:d8:26:66:
eb:7e:fc:8d:0e:b8:b7:13:ee:d3:13:7b:d7:ce:31:
7e:6c:3a:97:2f:b7:dc:85:23:e7:10:33:d4:99:ec:
f7:ac:b5:97:51:61:33:6f:77:16:89:89:6f:44:6b:
97:0f:b0:e7:ed:94:34:79:60:c3:b8:3e:c6:8f:f4:
85:1b:5b:ec:85:df:bd:df:68:fb:e8:b7:83:d7:3f:
5f:d3:94:cc:7e:31:71:71:b2:50:79:96:e4:df:56:
49:a7:e3:3f:7e:b0:b4:79:e2:7b:06:2e:09:50:76:
a6:52:8e:63:55:94:de:3a:ee:ea:05:59:9c:19:44:
e4:27:ce:a6:e6:2f:41:ac:ba:21:90:47:c2:31:12:
77:0a:25:a6:e8:11:3c:56:9c:dc:63:25:31:ba:0b:
c2:cf:d2:e6:5d:f1:a2:4c:e6:06:70:bf:4f:aa:df:
45:23:a3:11:05:c2:a6:0a:4c:ea:b1:5e:1d:d2:dd:
11:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:DA:9C:65:5F:A3:9F:DF:EB:26:29:59:0C:C0:1D:F6:88:68:C4:9B
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/utqcZV-jn9_rJilZDMAd9ohoxJs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.104.128.0/18
146.66.64.0/18
185.225.236.0/22
Signature Algorithm: sha256WithRSAEncryption
42:3a:14:0b:0e:cb:31:b6:0e:b8:a0:e4:c5:9d:4e:5c:ce:0c:
75:c6:88:c5:b6:44:d6:60:c7:39:44:4a:c1:ae:45:24:41:0f:
f5:67:7f:a2:d9:92:e5:1c:f2:4a:1a:2d:6c:c0:ea:95:8a:3e:
d0:a6:10:a7:eb:79:14:6f:c1:e1:80:28:1a:70:1d:46:92:66:
be:47:11:d5:44:35:73:d6:2a:7b:d5:62:8a:6f:b6:17:81:ce:
db:ee:17:80:75:33:57:a8:fe:a4:0e:f0:73:1f:ca:22:26:c9:
cf:e5:93:2a:d5:7a:d8:86:03:07:52:07:e7:61:82:09:ba:fe:
dd:66:9d:05:35:f8:54:05:5a:4e:a8:95:77:5e:45:98:92:f4:
a6:bc:7d:a4:b3:3e:ba:b3:cd:4f:0d:07:3d:d2:e7:02:fe:be:
c9:37:a6:41:85:4f:d1:3f:23:e1:35:8f:45:71:24:44:d3:ef:
b9:ed:17:57:a2:ce:09:c5:e0:d8:88:85:c2:95:42:a2:71:74:
ab:b1:92:73:7c:e3:7c:ee:01:37:77:84:43:be:70:a7:5b:56:
6f:dd:ae:f3:d3:31:c5:4a:b2:d4:61:61:03:c7:f0:00:5e:12:
64:76:4d:01:32:e5:bd:46:f3:e5:88:3a:d1:8b:2d:6d:63:f0:
87:ac:6b:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVsyuBZPpxnGOHw5i3dt4x8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRhOWM2NTVmYTM5ZmRmZWIyNjI5NTkwY2MwMWRmNjg4NjhjNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjELOwZPffPpERy6hYpCn5U0mHtKz
EkYhQS0t16SsN9ii7IacGxk6lnIC77cjTwXRnEOrCmjFgCBV7GY5Wkv3lJUbfbDE
dCLYJmbrfvyNDri3E+7TE3vXzjF+bDqXL7fchSPnEDPUmez3rLWXUWEzb3cWiYlv
RGuXD7Dn7ZQ0eWDDuD7Gj/SFG1vshd+932j76LeD1z9f05TMfjFxcbJQeZbk31ZJ
p+M/frC0eeJ7Bi4JUHamUo5jVZTeOu7qBVmcGUTkJ86m5i9BrLohkEfCMRJ3CiWm
6BE8VpzcYyUxugvCz9LmXfGiTOYGcL9Pqt9FI6MRBcKmCkzqsV4d0t0RcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLranGVfo5/f6yYpWQzAHfaIaMSbMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvdXRxY1pWLWpuOV9ySmlsWkRNQWQ5b2hveEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGTWiAAwQG
kkJAAwQCueHsMA0GCSqGSIb3DQEBCwUAA4IBAQBCOhQLDssxtg64oOTFnU5czgx1
xojFtkTWYMc5RErBrkUkQQ/1Z3+i2ZLlHPJKGi1swOqVij7QphCn63kUb8HhgCga
cB1Gkma+RxHVRDVz1ip71WKKb7YXgc7b7heAdTNXqP6kDvBzH8oiJsnP5ZMq1XrY
hgMHUgfnYYIJuv7dZp0FNfhUBVpOqJV3XkWYkvSmvH2ksz66s81PDQc90ucC/r7J
N6ZBhU/RPyPhNY9FcSRE0++57RdXos4JxeDYiIXClUKicXSrsZJzfON87gE3d4RD
vnCnW1Zv3a7z0zHFSrLUYWEDx/AAXhJkdk0BMuW9RvPliDrRiy1tY/CHrGvA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org