Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/dko8s8XOBd8d0drGzizJpB2hixM.roa
File: dko8s8XOBd8d0drGzizJpB2hixM.roa (raw, json)
Hash identifier: 9FJCtP4GuIWRLupugl+cX9HmO+FydBOXaIoNbfzdkVI=
Subject key identifier: 76:4A:3C:B3:C5:CE:05:DF:1D:D1:DA:C6:CE:2C:C9:A4:1D:A1:8B:13
Certificate issuer: /CN=8fa71283d8973409d960800f6f7fcdc8d3a30acb
Certificate serial: 018572C359E1E44407FB73E375D1E880726C
Authority key identifier: 8F:A7:12:83:D8:97:34:09:D9:60:80:0F:6F:7F:CD:C8:D3:A3:0A:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j6cSg9iXNAnZYIAPb3_NyNOjCss.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/dko8s8XOBd8d0drGzizJpB2hixM.roa
Signing time: Mon 02 Jan 2023 13:54:43 +0000
ROA not before: Mon 02 Jan 2023 13:54:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202793
IP address blocks: 185.153.172.0/22 maxlen: 22
2a05:e00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:c3:59:e1:e4:44:07:fb:73:e3:75:d1:e8:80:72:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8fa71283d8973409d960800f6f7fcdc8d3a30acb
Validity
Not Before: Jan 2 13:54:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=764a3cb3c5ce05df1dd1dac6ce2cc9a41da18b13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:0b:51:9d:17:80:5f:ce:ba:24:12:6b:c2:3a:
8a:98:5c:34:8e:66:27:83:47:64:05:23:ed:60:19:
ef:7a:d6:3d:0b:9f:f6:09:59:2e:38:75:18:2e:0d:
60:26:38:01:2a:e1:2d:60:10:e3:26:87:92:e6:09:
f5:01:b8:53:66:f1:2c:bb:48:a9:30:41:f7:32:95:
45:0a:ce:fe:56:82:ad:56:ac:c8:54:d3:0f:67:31:
19:00:3f:d0:51:21:35:8d:9a:09:f6:b5:f0:01:de:
f1:1b:07:20:2b:7f:a3:1b:96:65:4b:13:8f:a0:07:
12:4c:0e:04:8f:fe:fe:fb:5d:aa:8d:8b:ac:64:64:
a5:f0:2a:47:88:16:ea:c9:96:8e:93:55:00:0b:e8:
3b:f8:90:1a:18:1b:41:da:b6:d8:51:0b:69:16:06:
b4:bf:11:2b:be:1b:f4:82:52:1a:d7:c9:b7:fd:a1:
31:ae:22:ec:76:b0:9e:10:51:be:6a:96:2d:ba:8c:
3e:46:4e:51:c3:cc:34:d0:d6:12:df:18:a6:1c:a1:
19:86:db:cc:5e:fc:85:00:fa:a8:d9:c3:ad:0e:c8:
c1:fe:10:d9:4e:02:58:00:11:e9:9f:5d:bf:7e:c1:
46:05:39:c6:a7:28:ec:64:e0:61:29:62:76:e6:d8:
3d:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:4A:3C:B3:C5:CE:05:DF:1D:D1:DA:C6:CE:2C:C9:A4:1D:A1:8B:13
X509v3 Authority Key Identifier:
keyid:8F:A7:12:83:D8:97:34:09:D9:60:80:0F:6F:7F:CD:C8:D3:A3:0A:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6cSg9iXNAnZYIAPb3_NyNOjCss.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/dko8s8XOBd8d0drGzizJpB2hixM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b66121-7d8f-48d7-a093-c603cf2f7412/1/j6cSg9iXNAnZYIAPb3_NyNOjCss.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.153.172.0/22
IPv6:
2a05:e00::/29
Signature Algorithm: sha256WithRSAEncryption
87:b0:cc:5b:72:1e:5f:45:77:7f:fe:cc:02:b2:d9:ed:47:a9:
32:fd:26:a2:8d:50:94:03:ba:0b:04:74:35:6c:d5:3e:e2:49:
e2:f8:e7:7b:0d:9f:b5:73:49:b9:47:77:e4:a5:56:fc:6b:37:
58:5e:74:b8:c1:76:33:6d:60:28:7e:f3:97:41:56:29:d4:d1:
fe:b4:48:24:b8:1c:36:73:df:aa:48:bc:f5:00:4b:07:74:df:
3a:d3:7c:6c:1e:f6:b7:53:f1:c8:b8:03:de:89:f9:f4:00:f0:
38:03:c3:1b:2b:b6:ef:8c:aa:4f:14:97:34:de:e8:42:29:2c:
bf:18:08:ec:f7:42:64:92:b1:f5:62:78:54:c4:36:8d:af:c1:
7c:94:2a:c4:01:27:7e:0a:5f:79:7f:5b:bb:0c:c3:f1:a2:06:
32:61:48:fe:4a:8c:42:43:76:a2:25:ed:87:a7:47:cf:90:16:
4f:af:f8:2b:69:27:57:58:bd:0a:d7:ba:25:4e:0e:13:ab:09:
1f:b6:a5:20:b1:a3:9f:32:01:79:95:c5:55:ca:7d:3a:39:20:
4d:e1:a5:0b:2f:ff:94:f8:d0:91:73:d1:05:a3:62:80:f9:61:
a6:29:38:d2:fc:10:78:05:29:77:b1:d1:cf:3d:d3:47:f7:6a:
e4:c3:4e:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyw1nh5EQH+3PjddHogHJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYTcxMjgzZDg5NzM0MDlkOTYwODAwZjZmN2ZjZGM4ZDNh
MzBhY2IwHhcNMjMwMTAyMTM1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjRhM2NiM2M1Y2UwNWRmMWRkMWRhYzZjZTJjYzlhNDFkYTE4YjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgtRnReAX866JBJrwjqKmFw0jmYn
g0dkBSPtYBnvetY9C5/2CVkuOHUYLg1gJjgBKuEtYBDjJoeS5gn1AbhTZvEsu0ip
MEH3MpVFCs7+VoKtVqzIVNMPZzEZAD/QUSE1jZoJ9rXwAd7xGwcgK3+jG5ZlSxOP
oAcSTA4Ej/7++12qjYusZGSl8CpHiBbqyZaOk1UAC+g7+JAaGBtB2rbYUQtpFga0
vxErvhv0glIa18m3/aExriLsdrCeEFG+apYtuow+Rk5Rw8w00NYS3ximHKEZhtvM
XvyFAPqo2cOtDsjB/hDZTgJYABHpn12/fsFGBTnGpyjsZOBhKWJ25tg9twIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHZKPLPFzgXfHdHaxs4syaQdoYsTMB8GA1UdIwQY
MBaAFI+nEoPYlzQJ2WCAD29/zcjTowrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZjU2c5aVhOQW5aWUlBUGIzX055Tk9qQ3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iNjYxMjEtN2Q4Zi00OGQ3LWEwOTMt
YzYwM2NmMmY3NDEyLzEvZGtvOHM4WE9CZDhkMGRyR3ppekpwQjJoaXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iNjYxMjEtN2Q4Zi00OGQ3LWEwOTMtYzYwM2NmMmY3NDEy
LzEvajZjU2c5aVhOQW5aWUlBUGIzX055Tk9qQ3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZmsMA0E
AgACMAcDBQMqBQ4AMA0GCSqGSIb3DQEBCwUAA4IBAQCHsMxbch5fRXd//swCstnt
R6ky/SaijVCUA7oLBHQ1bNU+4kni+Od7DZ+1c0m5R3fkpVb8azdYXnS4wXYzbWAo
fvOXQVYp1NH+tEgkuBw2c9+qSLz1AEsHdN8603xsHva3U/HIuAPeifn0APA4A8Mb
K7bvjKpPFJc03uhCKSy/GAjs90JkkrH1YnhUxDaNr8F8lCrEASd+Cl95f1u7DMPx
ogYyYUj+SoxCQ3aiJe2Hp0fPkBZPr/graSdXWL0K17olTg4TqwkftqUgsaOfMgF5
lcVVyn06OSBN4aULL/+U+NCRc9EFo2KA+WGmKTjS/BB4BSl3sdHPPdNH92rkw07i
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:50 2024 by rpki-client on console-ams.rpki-client.org