Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/d1fkw-5SYhnioXeBdVzzYJqzyJA.roa
File: d1fkw-5SYhnioXeBdVzzYJqzyJA.roa (raw, json)
Hash identifier: 9uBgO1JS00g+5+ZC/rXGslUMetarCHIQwV9ZJFVEjj4=
Subject key identifier: 77:57:E4:C3:EE:52:62:19:E2:A1:77:81:75:5C:F3:60:9A:B3:C8:90
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018C102C349E4A30331A308C6B30AA31E94B
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/d1fkw-5SYhnioXeBdVzzYJqzyJA.roa
Signing time: Mon 27 Nov 2023 09:46:21 +0000
ROA not before: Mon 27 Nov 2023 09:46:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213296
IP address blocks: 185.151.236.0/22 maxlen: 22
185.129.108.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:10:2c:34:9e:4a:30:33:1a:30:8c:6b:30:aa:31:e9:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Nov 27 09:46:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7757e4c3ee526219e2a17781755cf3609ab3c890
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:07:e0:72:ca:ea:62:0b:39:72:58:17:dc:b5:
39:44:5a:fd:56:31:77:ac:bd:de:3b:13:02:9b:b2:
c7:40:4e:14:9d:20:dd:14:6c:18:fa:15:9b:17:d7:
8e:85:2d:68:8e:bf:53:ed:7b:7a:27:05:1c:53:22:
a8:5d:e0:9c:ab:a0:fd:40:67:06:6b:ab:65:7f:f7:
b4:0d:00:58:41:be:69:6e:0d:9e:6d:e8:d0:95:dd:
a0:5a:fa:29:f6:85:6b:19:31:17:b8:89:08:dd:6f:
f4:03:6e:00:c9:8b:59:0f:18:84:d1:15:7b:4e:7f:
c3:ef:b7:5f:19:82:bd:48:6a:78:d0:38:d5:01:4a:
1d:18:2e:6a:0a:f4:51:d7:09:ec:c6:da:ff:01:76:
3a:22:60:4f:05:4d:d1:4c:d1:82:11:41:0c:c2:de:
b5:f2:bd:7e:03:be:d6:ec:cc:76:5f:77:5e:e7:58:
c1:aa:24:7e:e3:67:d4:67:c0:b5:b0:eb:bc:ca:bd:
48:05:b9:19:1a:d7:81:76:67:5d:23:f1:b1:ea:4d:
1e:60:6a:9b:06:08:25:a1:3e:c7:bd:88:69:76:0d:
b5:67:17:33:89:12:6f:a9:63:c9:41:b9:45:cf:c9:
3a:a5:55:6a:13:72:82:98:88:8d:40:39:ce:38:a8:
71:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:57:E4:C3:EE:52:62:19:E2:A1:77:81:75:5C:F3:60:9A:B3:C8:90
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/d1fkw-5SYhnioXeBdVzzYJqzyJA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.108.0/22
185.151.236.0/22
Signature Algorithm: sha256WithRSAEncryption
71:e4:c4:3e:07:0c:fd:83:d2:1c:9a:a9:c5:60:2e:59:57:49:
32:0d:f5:d2:dc:9f:1e:c1:91:da:dc:87:65:08:c7:90:4d:c3:
9f:8d:f3:14:e7:28:1c:9c:f8:9c:61:7f:55:a8:a9:66:15:dc:
65:6b:ba:de:f8:0c:99:3e:a4:7f:39:67:66:84:41:30:cb:30:
89:81:6e:c8:32:73:50:d1:21:29:99:c7:98:d0:2c:e1:b1:b9:
10:c2:2d:f7:da:1d:1a:0b:64:19:72:88:50:bd:4e:41:92:e0:
78:07:20:d7:01:25:fb:87:a1:f7:86:44:8a:0b:76:e7:b7:0b:
4e:1f:31:6a:a5:78:fd:94:86:f3:25:cb:71:13:e6:88:f4:4f:
8b:36:5d:fe:39:65:0e:a5:d6:c8:32:07:55:b0:d7:e5:f8:7e:
48:5b:90:49:42:c6:8c:e7:5e:90:ea:72:72:7e:e8:24:c7:13:
1d:72:2d:a8:79:d8:23:5b:5d:ed:fe:e1:1a:ea:43:4b:d4:4a:
54:d4:b8:97:ef:b2:02:6a:0f:81:36:20:89:3d:fb:f9:28:c0:
0e:c4:6a:88:d0:76:53:bd:be:3b:fb:2f:8b:1e:b0:a5:c5:16:
ca:4e:56:0b:3f:ec:12:cf:ed:30:c7:84:0b:95:cb:09:73:b6:
c9:f9:2f:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwQLDSeSjAzGjCMazCqMelLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMTI3MDk0NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU3ZTRjM2VlNTI2MjE5ZTJhMTc3ODE3NTVjZjM2MDlhYjNjODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgfgcsrqYgs5clgX3LU5RFr9VjF3
rL3eOxMCm7LHQE4UnSDdFGwY+hWbF9eOhS1ojr9T7Xt6JwUcUyKoXeCcq6D9QGcG
a6tlf/e0DQBYQb5pbg2ebejQld2gWvop9oVrGTEXuIkI3W/0A24AyYtZDxiE0RV7
Tn/D77dfGYK9SGp40DjVAUodGC5qCvRR1wnsxtr/AXY6ImBPBU3RTNGCEUEMwt61
8r1+A77W7Mx2X3de51jBqiR+42fUZ8C1sOu8yr1IBbkZGteBdmddI/Gx6k0eYGqb
BggloT7HvYhpdg21ZxcziRJvqWPJQblFz8k6pVVqE3KCmIiNQDnOOKhxUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHdX5MPuUmIZ4qF3gXVc82Cas8iQMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvZDFma3ctNVNZaG5pb1hlQmRWenpZSnF6eUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYFsAwQC
uZfsMA0GCSqGSIb3DQEBCwUAA4IBAQBx5MQ+Bwz9g9IcmqnFYC5ZV0kyDfXS3J8e
wZHa3IdlCMeQTcOfjfMU5ygcnPicYX9VqKlmFdxla7re+AyZPqR/OWdmhEEwyzCJ
gW7IMnNQ0SEpmceY0CzhsbkQwi332h0aC2QZcohQvU5BkuB4ByDXASX7h6H3hkSK
C3bntwtOHzFqpXj9lIbzJctxE+aI9E+LNl3+OWUOpdbIMgdVsNfl+H5IW5BJQsaM
516Q6nJyfugkxxMdci2oedgjW13t/uEa6kNL1EpU1LiX77ICag+BNiCJPfv5KMAO
xGqI0HZTvb47+y+LHrClxRbKTlYLP+wSz+0wx4QLlcsJc7bJ+S+W
-----END CERTIFICATE-----
Generated at Mon Dec 4 15:44:27 2023 by rpki-client on console-fra.rpki-client.org