Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iseEfZsN-FpVV3szEUp42RiR7MU.roa
File: iseEfZsN-FpVV3szEUp42RiR7MU.roa (raw, json)
Hash identifier: kEG2DACd1O5+CCy+3qLGoInOUSbBdqKmlGO0L/9BFLI=
Subject key identifier: 8A:C7:84:7D:9B:0D:F8:5A:55:57:7B:33:11:4A:78:D9:18:91:EC:C5
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0185727A2BF7F0EF4874A585B04F9FB65574
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iseEfZsN-FpVV3szEUp42RiR7MU.roa
Signing time: Mon 02 Jan 2023 12:34:47 +0000
ROA not before: Mon 02 Jan 2023 12:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 185.220.236.0/22 maxlen: 24
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:7a:2b:f7:f0:ef:48:74:a5:85:b0:4f:9f:b6:55:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 12:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ac7847d9b0df85a55577b33114a78d91891ecc5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:cf:59:d7:a4:8a:98:01:f9:1f:76:6d:40:f8:
59:3a:54:7d:95:09:14:c5:a7:ed:d1:d3:ce:4b:54:
39:75:fb:69:5f:82:56:4d:aa:78:cd:71:95:15:9d:
a5:7a:be:10:52:7d:54:f1:5f:d8:83:d6:ef:73:83:
53:8d:64:2a:66:6c:3e:3f:53:17:14:11:65:0d:d3:
0b:d3:02:bb:55:be:1d:4e:b7:61:9f:b9:0c:9c:7d:
ef:e4:81:01:c9:31:f1:83:da:5b:94:f7:43:97:fe:
de:08:04:65:ee:51:f9:ee:e2:77:cb:58:ea:38:8b:
1a:02:ec:be:f5:ba:a0:e7:de:26:2f:8a:62:bf:c5:
67:7a:65:54:ca:89:b6:69:08:93:8e:6d:0c:4e:8d:
30:28:f8:2a:22:03:5f:d7:e8:34:88:6e:26:32:e9:
16:bc:cd:3b:09:13:d6:a3:69:0c:8d:98:79:d2:a9:
7e:30:2c:9b:0f:ab:9c:dd:ea:51:a8:97:55:62:7e:
ac:7c:99:73:62:3e:b3:54:f9:5b:32:73:67:35:af:
4d:93:9f:d1:2b:e4:6a:de:4b:cd:f3:48:cc:ef:04:
d4:21:eb:ed:aa:21:0c:e5:6f:a9:a1:f9:89:a3:cb:
e2:23:41:c2:49:fc:27:d6:24:7f:be:7e:34:2a:ee:
35:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:C7:84:7D:9B:0D:F8:5A:55:57:7B:33:11:4A:78:D9:18:91:EC:C5
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iseEfZsN-FpVV3szEUp42RiR7MU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.116.0/22
185.220.236.0/22
Signature Algorithm: sha256WithRSAEncryption
20:31:db:61:af:1c:0c:d1:1c:73:72:8c:b9:78:27:bd:86:29:
32:5e:26:82:13:e4:d9:c7:87:bb:f7:3a:94:7d:96:4a:63:18:
1c:cd:79:5b:d5:b0:c2:e6:44:7c:9e:93:51:04:cc:b7:39:a3:
9f:ad:d2:57:d4:c5:78:ba:af:2a:08:e2:d0:eb:6c:83:0d:e6:
b3:81:b3:54:f0:eb:5b:d3:2b:06:12:b6:a2:e6:a0:5f:ed:e6:
3b:5b:6b:12:7c:d0:08:5c:d5:08:b8:84:d6:f3:36:2b:7c:23:
89:df:81:24:a0:3d:66:5c:f3:ad:1a:92:ea:2b:d1:13:15:de:
92:ff:5c:78:3e:9c:c2:1b:4f:58:11:ae:53:20:b8:71:8f:7b:
3a:38:25:df:28:5e:4e:1e:6c:52:7d:c1:80:df:48:96:40:8b:
bf:eb:14:48:3d:2d:2e:a9:d1:e6:17:e0:c2:5c:8e:15:78:cc:
9f:68:ff:eb:99:6d:9a:82:c6:d5:85:53:6e:54:cb:df:13:be:
02:13:62:d8:ff:a5:ed:e7:d8:99:fd:08:f0:e4:2a:00:d3:f3:
7f:4e:77:ec:c6:e7:dc:a5:dd:3a:34:69:8a:34:71:5b:f0:d1:
eb:f9:fa:1f:2b:23:5d:56:43:1e:37:5d:35:4e:1b:6d:a6:d0:
ca:7d:27:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyeiv38O9IdKWFsE+ftlV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTAyMTIzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWM3ODQ3ZDliMGRmODVhNTU1NzdiMzMxMTRhNzhkOTE4OTFlY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms9Z16SKmAH5H3ZtQPhZOlR9lQkU
xaft0dPOS1Q5dftpX4JWTap4zXGVFZ2ler4QUn1U8V/Yg9bvc4NTjWQqZmw+P1MX
FBFlDdML0wK7Vb4dTrdhn7kMnH3v5IEByTHxg9pblPdDl/7eCARl7lH57uJ3y1jq
OIsaAuy+9bqg594mL4piv8VnemVUyom2aQiTjm0MTo0wKPgqIgNf1+g0iG4mMukW
vM07CRPWo2kMjZh50ql+MCybD6uc3epRqJdVYn6sfJlzYj6zVPlbMnNnNa9Nk5/R
K+Rq3kvN80jM7wTUIevtqiEM5W+pofmJo8viI0HCSfwn1iR/vn40Ku41zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIrHhH2bDfhaVVd7MxFKeNkYkezFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaXNlRWZac04tRnBWVjNzekVVcDQyUmlSN01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYF0AwQC
udzsMA0GCSqGSIb3DQEBCwUAA4IBAQAgMdthrxwM0Rxzcoy5eCe9hikyXiaCE+TZ
x4e79zqUfZZKYxgczXlb1bDC5kR8npNRBMy3OaOfrdJX1MV4uq8qCOLQ62yDDeaz
gbNU8Otb0ysGErai5qBf7eY7W2sSfNAIXNUIuITW8zYrfCOJ34EkoD1mXPOtGpLq
K9ETFd6S/1x4PpzCG09YEa5TILhxj3s6OCXfKF5OHmxSfcGA30iWQIu/6xRIPS0u
qdHmF+DCXI4VeMyfaP/rmW2agsbVhVNuVMvfE74CE2LY/6Xt59iZ/Qjw5CoA0/N/
Tnfsxufcpd06NGmKNHFb8NHr+fofKyNdVkMeN101ThttptDKfSfo
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:45 2023 by rpki-client on console-fra.rpki-client.org