Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Yi3Jjmt2W7At8gTr4XRlKO2d2J4.roa
File: Yi3Jjmt2W7At8gTr4XRlKO2d2J4.roa (raw, json)
Hash identifier: /HFk611yD1ppBycfFIg0GIXnyO6wcHzRN/4EdINp1QY=
Subject key identifier: 62:2D:C9:8E:6B:76:5B:B0:2D:F2:04:EB:E1:74:65:28:ED:9D:D8:9E
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0184C45D9FD4B4F0C735CD1C9FDD83178DCC
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Yi3Jjmt2W7At8gTr4XRlKO2d2J4.roa
Signing time: Tue 29 Nov 2022 17:09:40 +0000
ROA not before: Tue 29 Nov 2022 17:09:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 185.220.236.0/22 maxlen: 24
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c4:5d:9f:d4:b4:f0:c7:35:cd:1c:9f:dd:83:17:8d:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Nov 29 17:09:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=622dc98e6b765bb02df204ebe1746528ed9dd89e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:89:cd:eb:b6:3f:da:39:4b:ae:61:1e:58:d9:
3d:1a:12:e4:aa:11:8e:24:e9:81:e9:33:ab:ab:f7:
b1:5c:f2:66:65:6c:93:6b:3c:a6:7f:74:ea:2e:36:
b2:f6:2d:e3:bb:1e:c1:5e:ab:42:61:68:e9:03:d7:
a0:d5:ae:50:4b:1e:4e:81:54:dc:8c:1b:86:50:28:
0c:e3:4f:dc:a8:87:61:2a:2c:87:72:10:f6:f6:be:
d7:05:3d:39:16:72:be:03:08:a9:b7:30:e1:ec:f0:
d5:d3:38:52:ec:c2:fb:72:b0:47:58:d3:ff:92:65:
5e:01:1d:10:ff:a6:74:a3:49:28:13:a0:c6:c9:7b:
9a:44:bc:68:b8:4f:51:6c:66:e4:c5:3e:71:22:64:
71:92:04:99:be:0d:6a:ef:65:19:ad:74:35:f9:3c:
b7:13:0e:ee:69:82:28:08:0d:57:70:d3:f0:c2:4d:
f1:2d:fd:ee:a6:94:a1:02:62:49:2b:70:36:2c:fb:
5b:99:1c:bc:72:48:68:c9:f9:2f:24:46:8e:72:1c:
be:53:e9:f4:19:4d:4c:d8:47:ae:1f:d4:27:56:5c:
46:17:e4:3e:48:98:20:e3:2f:7a:68:fa:f2:cc:86:
a5:c2:b8:67:41:48:84:fb:bd:bd:09:a2:5f:70:22:
25:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:2D:C9:8E:6B:76:5B:B0:2D:F2:04:EB:E1:74:65:28:ED:9D:D8:9E
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Yi3Jjmt2W7At8gTr4XRlKO2d2J4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.116.0/22
185.220.236.0/22
Signature Algorithm: sha256WithRSAEncryption
19:e2:9d:21:50:c4:c5:2f:ce:a2:d0:03:b0:76:2a:15:b2:0b:
13:b1:53:87:8d:05:d7:59:f5:21:25:50:b0:93:a2:5d:00:1d:
27:b4:75:17:37:44:60:8d:e1:a6:00:ad:ce:b7:1c:5a:9a:e0:
92:e8:ef:c8:7c:08:56:ca:43:9a:41:97:30:2b:8d:3f:16:b8:
ae:d8:0e:f4:91:70:52:18:3e:1d:d2:ea:fe:5c:c7:2e:43:3e:
7a:3b:02:44:2b:8f:9e:df:01:3e:6c:59:00:37:51:26:38:ea:
63:9b:c5:28:34:1d:49:b8:90:fd:cf:b7:94:45:19:d8:38:8e:
15:7c:53:74:90:47:f7:85:cc:db:6b:77:86:b3:f5:83:c0:11:
ec:b1:b5:5c:06:8c:15:d2:50:51:8f:c6:d2:89:b7:44:9b:25:
8a:8b:e4:ff:7e:39:a6:ae:dc:57:14:6f:36:dd:df:e8:f2:6a:
e0:d9:e8:21:f8:14:3e:5f:cc:bb:d1:1e:ce:9b:79:a7:a4:8a:
a0:11:08:9b:62:fe:3e:02:60:eb:76:76:98:f9:6f:69:fe:5b:
b0:98:aa:45:03:6d:1c:9d:c3:d4:18:b7:20:a4:75:60:c5:50:
ed:44:6a:ae:f8:4c:0c:5e:46:7d:cd:15:0b:01:49:62:de:b6:
7b:ac:17:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTEXZ/UtPDHNc0cn92DF43MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMTI5MTcwOTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJkYzk4ZTZiNzY1YmIwMmRmMjA0ZWJlMTc0NjUyOGVkOWRkODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqInN67Y/2jlLrmEeWNk9GhLkqhGO
JOmB6TOrq/exXPJmZWyTazymf3TqLjay9i3jux7BXqtCYWjpA9eg1a5QSx5OgVTc
jBuGUCgM40/cqIdhKiyHchD29r7XBT05FnK+AwiptzDh7PDV0zhS7ML7crBHWNP/
kmVeAR0Q/6Z0o0koE6DGyXuaRLxouE9RbGbkxT5xImRxkgSZvg1q72UZrXQ1+Ty3
Ew7uaYIoCA1XcNPwwk3xLf3uppShAmJJK3A2LPtbmRy8ckhoyfkvJEaOchy+U+n0
GU1M2EeuH9QnVlxGF+Q+SJgg4y96aPryzIalwrhnQUiE+729CaJfcCIliwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGItyY5rdluwLfIE6+F0ZSjtndieMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWWkzSmptdDJXN0F0OGdUcjRYUmxLTzJkMko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYF0AwQC
udzsMA0GCSqGSIb3DQEBCwUAA4IBAQAZ4p0hUMTFL86i0AOwdioVsgsTsVOHjQXX
WfUhJVCwk6JdAB0ntHUXN0RgjeGmAK3OtxxamuCS6O/IfAhWykOaQZcwK40/Friu
2A70kXBSGD4d0ur+XMcuQz56OwJEK4+e3wE+bFkAN1EmOOpjm8UoNB1JuJD9z7eU
RRnYOI4VfFN0kEf3hczba3eGs/WDwBHssbVcBowV0lBRj8bSibdEmyWKi+T/fjmm
rtxXFG823d/o8mrg2egh+BQ+X8y70R7Om3mnpIqgEQibYv4+AmDrdnaY+W9p/luw
mKpFA20cncPUGLcgpHVgxVDtRGqu+EwMXkZ9zRULAUli3rZ7rBcV
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:45 2023 by rpki-client on console-fra.rpki-client.org