Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/G_pbTzYpDL1WzLNN4XnG-mZZLX0.roa
File: G_pbTzYpDL1WzLNN4XnG-mZZLX0.roa (raw, json)
Hash identifier: HW0EPZnvs+AoyTRuvVA20eMgvHNE9KbIxRVMyt4UE38=
Subject key identifier: 1B:FA:5B:4F:36:29:0C:BD:56:CC:B3:4D:E1:79:C6:FA:66:59:2D:7D
Certificate issuer: /CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Certificate serial: 01856DCB02D4C677020044590BCABE906F6B
Authority key identifier: B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/G_pbTzYpDL1WzLNN4XnG-mZZLX0.roa
Signing time: Sun 01 Jan 2023 14:44:59 +0000
ROA not before: Sun 01 Jan 2023 14:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25459
IP address blocks: 83.172.128.0/18 maxlen: 18
2a02:cec0::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:cb:02:d4:c6:77:02:00:44:59:0b:ca:be:90:6f:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Validity
Not Before: Jan 1 14:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1bfa5b4f36290cbd56ccb34de179c6fa66592d7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:f3:31:d7:0f:99:1d:99:d6:e3:ec:2d:8f:45:
5c:f1:61:61:63:4a:6f:cc:a3:50:da:51:8a:d6:db:
95:d3:a9:0f:29:20:10:af:39:6b:1a:27:99:74:9b:
89:cd:46:43:ef:bc:7a:4c:1e:ab:29:db:d5:8e:ad:
ef:e6:39:fe:6c:4e:0c:25:d2:c8:99:b5:d1:2b:bf:
71:96:a6:57:59:ec:51:dd:27:3f:85:82:c6:6e:a3:
37:d7:6f:2c:b6:e1:ee:b5:a5:a0:2f:a3:82:d6:90:
17:23:7d:5a:4b:a3:bf:b4:49:8a:6b:d7:71:a9:bc:
00:6a:b0:62:5c:b2:66:90:c9:88:58:2f:23:a9:6f:
df:5a:90:45:82:00:b4:c2:f2:02:1f:9a:90:5a:ec:
18:82:b9:ab:ac:b9:b5:fd:57:ba:62:64:c8:87:6e:
5a:a8:03:48:a6:36:48:00:0f:92:d4:3e:40:f0:88:
7c:80:71:40:30:77:6e:0f:67:60:eb:32:9a:18:63:
95:57:22:3c:59:db:a1:b4:c0:16:23:d7:fa:56:62:
d0:46:18:05:da:4a:3b:f2:44:31:c7:d7:4c:e4:c1:
1c:ae:bc:fb:93:c9:fa:83:32:92:ad:f5:88:8f:ac:
cf:1e:8f:da:28:d7:fd:19:25:b2:a6:3d:fe:31:1a:
9e:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:FA:5B:4F:36:29:0C:BD:56:CC:B3:4D:E1:79:C6:FA:66:59:2D:7D
X509v3 Authority Key Identifier:
keyid:B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/G_pbTzYpDL1WzLNN4XnG-mZZLX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/syj-JYobm_YUimzg6KcS8YhAkEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.172.128.0/18
IPv6:
2a02:cec0::/30
Signature Algorithm: sha256WithRSAEncryption
68:bf:1b:f0:10:37:37:45:d4:87:3c:dc:4f:c3:8d:3b:d8:21:
e4:7a:98:de:97:8b:a7:f7:e8:c3:44:aa:9b:5c:51:45:da:3b:
62:ce:b3:f9:e9:a5:4a:b4:3d:49:a9:e8:0f:5a:3f:9d:71:d7:
01:be:9a:6b:4e:95:90:7a:08:3c:26:9b:3e:72:d6:a0:f3:80:
cd:2a:a0:0b:2a:78:54:5c:57:8a:4a:8a:01:1d:c1:e2:37:a6:
18:a4:dd:5d:8f:98:68:c2:03:23:26:1a:a7:76:72:81:4d:42:
7d:32:13:da:06:fb:39:77:ef:83:01:f6:38:35:c5:ea:3e:a0:
41:29:63:92:5a:8a:88:fb:d4:52:db:bb:03:31:4f:ae:fd:b7:
24:62:cf:74:8b:c3:ce:da:fc:a6:bd:e5:a8:9c:f9:fb:55:e6:
5c:0a:5d:9c:da:f1:11:c9:62:29:9a:ee:53:32:87:e9:e9:ab:
61:a0:48:c8:dd:c9:29:8d:c8:a4:98:2f:99:d3:64:b6:5b:78:
95:6b:04:ec:50:ab:fa:0e:9b:85:82:ea:a6:33:c4:39:cf:67:
5b:00:62:91:5a:01:c6:32:41:2c:90:d5:9a:2e:c0:7c:e8:0f:
e9:21:5b:19:9f:a0:18:36:a7:15:1f:2b:34:62:84:99:1e:59:
75:98:56:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtywLUxncCAERZC8q+kG9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjhmZTI1OGExYjliZjYxNDhhNmNlMGU4YTcxMmYxODg0
MDkwNGMwHhcNMjMwMTAxMTQ0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZhNWI0ZjM2MjkwY2JkNTZjY2IzNGRlMTc5YzZmYTY2NTkyZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifMx1w+ZHZnW4+wtj0Vc8WFhY0pv
zKNQ2lGK1tuV06kPKSAQrzlrGieZdJuJzUZD77x6TB6rKdvVjq3v5jn+bE4MJdLI
mbXRK79xlqZXWexR3Sc/hYLGbqM3128stuHutaWgL6OC1pAXI31aS6O/tEmKa9dx
qbwAarBiXLJmkMmIWC8jqW/fWpBFggC0wvICH5qQWuwYgrmrrLm1/Ve6YmTIh25a
qANIpjZIAA+S1D5A8Ih8gHFAMHduD2dg6zKaGGOVVyI8WduhtMAWI9f6VmLQRhgF
2ko78kQxx9dM5MEcrrz7k8n6gzKSrfWIj6zPHo/aKNf9GSWypj3+MRqe7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBv6W082KQy9VsyzTeF5xvpmWS19MB8GA1UdIwQY
MBaAFLMo/iWKG5v2FIps4OinEvGIQJBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODkt
ZWQ4NGEwMDU4YTlmLzEvR19wYlR6WXBETDFXekxOTjRYbkctbVpaTFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODktZWQ4NGEwMDU4YTlm
LzEvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGU6yAMA0E
AgACMAcDBQIqAs7AMA0GCSqGSIb3DQEBCwUAA4IBAQBovxvwEDc3RdSHPNxPw407
2CHkepjel4un9+jDRKqbXFFF2jtizrP56aVKtD1JqegPWj+dcdcBvpprTpWQegg8
Jps+ctag84DNKqALKnhUXFeKSooBHcHiN6YYpN1dj5howgMjJhqndnKBTUJ9MhPa
Bvs5d++DAfY4NcXqPqBBKWOSWoqI+9RS27sDMU+u/bckYs90i8PO2vymveWonPn7
VeZcCl2c2vERyWIpmu5TMofp6athoEjI3ckpjcikmC+Z02S2W3iVawTsUKv6DpuF
guqmM8Q5z2dbAGKRWgHGMkEskNWaLsB86A/pIVsZn6AYNqcVHys0YoSZHll1mFa7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:51 2024 by rpki-client on console-ams.rpki-client.org