Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/oS_a0wekRPANuwI-3G3dWrUi5po.roa
File: oS_a0wekRPANuwI-3G3dWrUi5po.roa (raw, json)
Hash identifier: RhgQatmMpXPKeObBB9zD/Wyjz5++2TqxnNFwBZPsU3E=
Subject key identifier: A1:2F:DA:D3:07:A4:44:F0:0D:BB:02:3E:DC:6D:DD:5A:B5:22:E6:9A
Certificate issuer: /CN=74eba0122f643adca0cbc6f6a4681b6d77e93620
Certificate serial: 01856C5C98BE425351F7FD0DD8EDE672633B
Authority key identifier: 74:EB:A0:12:2F:64:3A:DC:A0:CB:C6:F6:A4:68:1B:6D:77:E9:36:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dOugEi9kOtygy8b2pGgbbXfpNiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/oS_a0wekRPANuwI-3G3dWrUi5po.roa
Signing time: Sun 01 Jan 2023 08:04:45 +0000
ROA not before: Sun 01 Jan 2023 08:04:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51011
IP address blocks: 178.217.24.0/21 maxlen: 21
194.60.244.0/23 maxlen: 23
176.101.56.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:5c:98:be:42:53:51:f7:fd:0d:d8:ed:e6:72:63:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74eba0122f643adca0cbc6f6a4681b6d77e93620
Validity
Not Before: Jan 1 08:04:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a12fdad307a444f00dbb023edc6ddd5ab522e69a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b1:c0:82:17:2b:2c:92:35:0a:e3:60:5b:1f:
86:58:1d:b0:48:1d:82:48:d3:aa:25:d7:50:2a:e1:
b9:29:44:ba:0c:80:5e:73:15:05:8e:56:70:0b:62:
8c:31:9c:d0:ce:61:1e:3c:d0:cb:b1:51:8d:1d:8a:
80:54:26:ed:29:7c:05:3a:49:94:5b:fd:43:2c:0c:
f3:58:09:72:a7:30:bc:44:19:38:eb:7d:9b:bf:b6:
7a:55:f4:6e:44:4b:0e:e8:2c:3e:3a:e9:e2:7e:73:
a6:2c:85:2e:4e:a3:23:17:cc:7a:2e:bf:5f:a2:05:
2a:40:bc:38:ea:69:99:d6:cc:0e:02:ed:5c:9c:bb:
f0:68:a1:71:42:68:be:e5:09:6e:88:cb:83:87:93:
a6:8c:60:dd:2a:57:6c:51:0f:54:5e:96:a2:3f:4e:
d9:66:fb:9b:61:25:97:0e:ba:a8:a3:3b:7c:73:ed:
71:73:08:47:6e:85:4e:9e:00:25:0a:2b:98:62:23:
b0:65:97:02:f5:c1:d4:12:94:b3:07:eb:40:3c:e1:
5d:46:fd:ff:ad:42:85:1e:3d:be:f3:05:01:76:58:
d2:f8:f9:aa:36:fe:22:b5:b1:47:7c:b4:d1:ea:d2:
bc:a7:9b:c3:3a:fc:81:4a:f7:5d:6d:bd:7a:3c:1f:
ff:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:2F:DA:D3:07:A4:44:F0:0D:BB:02:3E:DC:6D:DD:5A:B5:22:E6:9A
X509v3 Authority Key Identifier:
keyid:74:EB:A0:12:2F:64:3A:DC:A0:CB:C6:F6:A4:68:1B:6D:77:E9:36:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOugEi9kOtygy8b2pGgbbXfpNiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/oS_a0wekRPANuwI-3G3dWrUi5po.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dOugEi9kOtygy8b2pGgbbXfpNiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.101.56.0/21
178.217.24.0/21
194.60.244.0/23
Signature Algorithm: sha256WithRSAEncryption
20:c3:da:9d:56:59:b3:9e:c3:63:0c:6e:eb:ac:0c:17:de:b9:
2e:95:ef:38:0c:f8:3b:89:d4:4d:d5:54:c7:0a:78:a2:29:51:
14:da:9c:ce:8d:46:dc:d3:e4:cd:77:54:ae:5d:62:50:a3:1f:
07:37:b7:b9:f9:af:9d:1f:98:e7:0d:b5:8d:ae:b2:6e:5b:11:
74:71:fb:31:10:f8:c5:62:4e:13:70:34:c9:84:1e:67:60:2a:
4d:1c:55:b0:21:b0:bf:95:6a:4e:61:07:a7:22:3c:5f:53:86:
86:04:ec:78:f0:3b:e2:2f:ee:f2:dd:1c:90:b4:55:4a:86:db:
f0:74:a0:70:01:03:8b:38:7a:f3:44:ac:41:39:46:eb:c1:fe:
69:ad:89:1f:8e:0d:5b:24:75:45:09:e4:5e:d6:27:54:64:bd:
a8:28:2e:64:78:41:f9:53:02:8d:74:6a:84:11:d7:00:08:6e:
47:ef:cd:19:dd:cc:99:bd:b6:ea:28:ce:cd:1c:6a:e8:8f:b7:
20:7d:7c:dc:e8:a3:ed:d8:23:ae:ab:92:36:a9:1a:62:5e:d4:
72:43:06:12:4a:b1:dd:ea:5b:9e:27:ab:81:9d:05:d3:1d:b5:
53:53:22:dc:7b:d6:e0:5a:55:3d:74:44:03:cc:5e:8f:ec:aa:
a9:19:0f:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVsXJi+QlNR9/0N2O3mcmM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZWJhMDEyMmY2NDNhZGNhMGNiYzZmNmE0NjgxYjZkNzdl
OTM2MjAwHhcNMjMwMTAxMDgwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJmZGFkMzA3YTQ0NGYwMGRiYjAyM2VkYzZkZGQ1YWI1MjJlNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbHAghcrLJI1CuNgWx+GWB2wSB2C
SNOqJddQKuG5KUS6DIBecxUFjlZwC2KMMZzQzmEePNDLsVGNHYqAVCbtKXwFOkmU
W/1DLAzzWAlypzC8RBk4632bv7Z6VfRuREsO6Cw+OunifnOmLIUuTqMjF8x6Lr9f
ogUqQLw46mmZ1swOAu1cnLvwaKFxQmi+5QluiMuDh5OmjGDdKldsUQ9UXpaiP07Z
ZvubYSWXDrqoozt8c+1xcwhHboVOngAlCiuYYiOwZZcC9cHUEpSzB+tAPOFdRv3/
rUKFHj2+8wUBdljS+PmqNv4itbFHfLTR6tK8p5vDOvyBSvddbb16PB//jwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKEv2tMHpETwDbsCPtxt3Vq1IuaaMB8GA1UdIwQY
MBaAFHTroBIvZDrcoMvG9qRoG2136TYgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE91Z0VpOWtPdHlneThiMnBHZ2JiWGZwTmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iOTc2OTMtMWQwMi00MGRjLTlhZjct
YTAxNTE2OGMzMzIzLzEvb1NfYTB3ZWtSUEFOdXdJLTNHM2RXclVpNXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iOTc2OTMtMWQwMi00MGRjLTlhZjctYTAxNTE2OGMzMzIz
LzEvZE91Z0VpOWtPdHlneThiMnBHZ2JiWGZwTmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDsGU4AwQD
stkYAwQBwjz0MA0GCSqGSIb3DQEBCwUAA4IBAQAgw9qdVlmznsNjDG7rrAwX3rku
le84DPg7idRN1VTHCniiKVEU2pzOjUbc0+TNd1SuXWJQox8HN7e5+a+dH5jnDbWN
rrJuWxF0cfsxEPjFYk4TcDTJhB5nYCpNHFWwIbC/lWpOYQenIjxfU4aGBOx48Dvi
L+7y3RyQtFVKhtvwdKBwAQOLOHrzRKxBOUbrwf5prYkfjg1bJHVFCeRe1idUZL2o
KC5keEH5UwKNdGqEEdcACG5H780Z3cyZvbbqKM7NHGroj7cgfXzc6KPt2COuq5I2
qRpiXtRyQwYSSrHd6lueJ6uBnQXTHbVTUyLce9bgWlU9dEQDzF6P7KqpGQ/T
-----END CERTIFICATE-----
Generated at Fri Dec 29 16:35:39 2023 by rpki-client on console-ams.rpki-client.org