Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBTgH_XGlDVHHQ9D4z7rNZDgGZk.roa
File: CBTgH_XGlDVHHQ9D4z7rNZDgGZk.roa (raw, json)
Hash identifier: NfgDi739nh7q/AXpgVT6vLAO4g5O6O+iGPzeiD+BHK4=
Subject key identifier: 08:14:E0:1F:F5:C6:94:35:47:1D:0F:43:E3:3E:EB:35:90:E0:19:99
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018412E1B60FA4CB59D2A97C6F0BE2D24758
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBTgH_XGlDVHHQ9D4z7rNZDgGZk.roa
Signing time: Wed 26 Oct 2022 06:01:32 +0000
ROA not before: Wed 26 Oct 2022 06:01:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 133206
IP address blocks: 194.127.98.0/23 maxlen: 24
193.36.84.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:12:e1:b6:0f:a4:cb:59:d2:a9:7c:6f:0b:e2:d2:47:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 26 06:01:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0814e01ff5c69435471d0f43e33eeb3590e01999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ac:26:29:a3:20:3c:7e:a4:0d:db:56:93:3c:
a0:06:88:41:bc:07:87:0f:c7:b6:e9:dc:a7:74:58:
bc:a5:84:0d:5d:47:8f:81:4e:27:2e:20:e1:ee:89:
58:37:87:aa:a2:1b:e6:50:ee:20:7e:7d:5f:dd:5e:
fe:8c:32:d6:b5:fa:1a:d4:dc:b6:4f:69:19:13:31:
6c:ec:f7:b4:44:df:fe:9c:5e:74:cc:9b:77:5f:94:
21:e8:af:31:44:01:d2:89:f9:09:13:34:c4:ae:17:
b5:61:cb:ac:59:e9:3e:81:54:85:5c:30:c8:6d:25:
7c:45:6f:a8:63:4b:c4:68:be:50:7f:09:8e:1d:52:
d1:a0:fb:c1:16:f4:f3:3d:49:da:7c:57:91:fc:d4:
db:7c:68:04:42:27:a6:08:84:4b:5a:1d:2c:cf:bf:
15:05:39:92:e1:8f:cc:eb:b5:9e:18:42:88:c0:f2:
2c:b6:11:0b:e8:16:19:05:dd:cd:f4:8b:62:58:34:
19:fe:f1:36:10:4d:ac:d9:95:39:29:76:ad:32:20:
ed:0f:8e:85:64:c4:ce:e2:74:aa:7f:66:0f:eb:0c:
89:c1:14:12:ed:e4:7b:a6:a4:25:30:bc:df:f9:54:
2a:4a:f6:27:39:fd:86:aa:e2:76:68:74:16:68:e2:
5c:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:14:E0:1F:F5:C6:94:35:47:1D:0F:43:E3:3E:EB:35:90:E0:19:99
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBTgH_XGlDVHHQ9D4z7rNZDgGZk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.36.84.0/23
194.127.98.0/23
Signature Algorithm: sha256WithRSAEncryption
26:7c:46:55:14:89:95:ac:47:6d:d8:61:61:aa:00:e6:73:bc:
d6:63:e0:0c:f5:49:0a:6f:13:b7:55:33:ad:51:15:b6:96:d3:
ca:f9:42:c2:79:8c:e7:65:69:1e:1e:4a:96:fd:03:4e:42:39:
a0:40:ab:f5:89:99:f0:52:85:96:5b:0b:52:42:63:56:f1:4f:
28:ea:9d:08:15:58:db:e9:72:bf:4d:d7:67:61:da:62:58:ff:
54:e3:f8:e5:c2:e1:94:68:5b:16:1c:b9:d9:f1:a8:fe:d8:6a:
75:9e:92:5b:5c:4e:90:e7:1c:69:3a:1f:be:5c:1c:a8:d6:b6:
3c:30:0f:3b:c3:45:7a:9d:19:18:03:d5:f9:57:00:7e:43:56:
31:2c:4e:b4:5a:c3:a4:f9:89:47:ce:91:45:d0:7a:10:14:79:
87:00:77:67:31:36:4c:00:db:ab:0b:13:85:38:09:f8:8e:60:
9e:a2:e2:31:ea:22:fa:3e:ee:46:e1:ff:4b:ac:94:bc:8d:77:
41:9a:bd:24:39:2e:e3:48:29:e5:c2:87:ce:42:f3:7a:ed:6c:
4f:ab:b7:1e:4a:25:fc:1e:de:a5:67:77:09:56:e3:ed:d3:66:
2b:35:e3:6a:10:59:19:c8:8b:cc:e0:41:db:b7:d8:85:b0:30:
80:68:10:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYQS4bYPpMtZ0ql8bwvi0kdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDI2MDYwMTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE0ZTAxZmY1YzY5NDM1NDcxZDBmNDNlMzNlZWIzNTkwZTAxOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqwmKaMgPH6kDdtWkzygBohBvAeH
D8e26dyndFi8pYQNXUePgU4nLiDh7olYN4eqohvmUO4gfn1f3V7+jDLWtfoa1Ny2
T2kZEzFs7Pe0RN/+nF50zJt3X5Qh6K8xRAHSifkJEzTErhe1YcusWek+gVSFXDDI
bSV8RW+oY0vEaL5QfwmOHVLRoPvBFvTzPUnafFeR/NTbfGgEQiemCIRLWh0sz78V
BTmS4Y/M67WeGEKIwPIsthEL6BYZBd3N9ItiWDQZ/vE2EE2s2ZU5KXatMiDtD46F
ZMTO4nSqf2YP6wyJwRQS7eR7pqQlMLzf+VQqSvYnOf2GquJ2aHQWaOJc+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAgU4B/1xpQ1Rx0PQ+M+6zWQ4BmZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQ0JUZ0hfWEdsRFZISFE5RDR6N3JOWkRnR1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSRUAwQB
wn9iMA0GCSqGSIb3DQEBCwUAA4IBAQAmfEZVFImVrEdt2GFhqgDmc7zWY+AM9UkK
bxO3VTOtURW2ltPK+ULCeYznZWkeHkqW/QNOQjmgQKv1iZnwUoWWWwtSQmNW8U8o
6p0IFVjb6XK/TddnYdpiWP9U4/jlwuGUaFsWHLnZ8aj+2Gp1npJbXE6Q5xxpOh++
XByo1rY8MA87w0V6nRkYA9X5VwB+Q1YxLE60WsOk+YlHzpFF0HoQFHmHAHdnMTZM
ANurCxOFOAn4jmCeouIx6iL6Pu5G4f9LrJS8jXdBmr0kOS7jSCnlwofOQvN67WxP
q7ceSiX8Ht6lZ3cJVuPt02YrNeNqEFkZyIvM4EHbt9iFsDCAaBA1
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:24 2023 by rpki-client on console-ams.rpki-client.org