Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/_EXOSDj98sHgDhdnj5kqNGu62Bk.roa
File: _EXOSDj98sHgDhdnj5kqNGu62Bk.roa (raw, json)
Hash identifier: rqKPdKD/vU+0XakVzLz8Oh5xOVyv+dE/LpctsgG3afM=
Subject key identifier: FC:45:CE:48:38:FD:F2:C1:E0:0E:17:67:8F:99:2A:34:6B:BA:D8:19
Certificate issuer: /CN=b59be6ee549f335c728497a79f1441034e852c35
Certificate serial: 01856B40E00441C390F2533C45F094F2C5A5
Authority key identifier: B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/_EXOSDj98sHgDhdnj5kqNGu62Bk.roa
Signing time: Sun 01 Jan 2023 02:54:51 +0000
ROA not before: Sun 01 Jan 2023 02:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15576
IP address blocks: 195.137.172.0/24 maxlen: 24
185.109.164.0/22 maxlen: 22
2a06:5100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:40:e0:04:41:c3:90:f2:53:3c:45:f0:94:f2:c5:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b59be6ee549f335c728497a79f1441034e852c35
Validity
Not Before: Jan 1 02:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fc45ce4838fdf2c1e00e17678f992a346bbad819
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:67:e8:70:95:d8:b6:c1:41:a5:82:7b:89:b8:
bc:75:15:85:59:25:6b:6a:de:d4:63:fd:9a:1d:5b:
4e:31:12:0c:7d:3f:4a:2d:57:71:a7:50:f5:bf:64:
c1:ac:96:79:14:44:d6:9e:8a:45:be:9a:75:3f:64:
7e:b2:f0:ef:f4:7a:4e:25:e8:74:9f:f6:7b:09:82:
f8:4c:53:4c:a5:87:8b:cf:a1:44:52:bf:67:0c:b8:
eb:49:99:a2:f3:46:4f:3b:24:9a:c7:65:2e:67:d2:
97:3f:90:ad:c7:53:c8:55:eb:bc:29:73:01:3a:9e:
ae:33:d9:0d:a8:27:35:92:a3:cd:9f:b5:03:38:20:
33:d7:91:35:22:38:a1:55:9d:ab:99:9e:7f:ba:a2:
03:2c:e7:cf:d5:d2:1e:63:00:10:c9:f1:e8:87:35:
97:03:0e:0b:07:e1:23:ac:f8:a5:b5:83:e8:93:9e:
c5:14:c2:0c:60:e5:d2:e4:7f:97:64:e8:0e:be:44:
dd:86:b4:45:c5:69:c0:8a:0d:78:c8:b0:0a:af:77:
b2:b5:a1:46:1a:57:48:07:2b:73:1c:49:f4:2e:9c:
38:af:4f:32:41:69:16:df:d3:17:8a:70:30:32:d2:
ff:21:0a:83:d5:60:1a:8a:12:bc:0c:34:d1:c7:05:
5f:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:45:CE:48:38:FD:F2:C1:E0:0E:17:67:8F:99:2A:34:6B:BA:D8:19
X509v3 Authority Key Identifier:
keyid:B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/_EXOSDj98sHgDhdnj5kqNGu62Bk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/tZvm7lSfM1xyhJennxRBA06FLDU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.109.164.0/22
195.137.172.0/24
IPv6:
2a06:5100::/29
Signature Algorithm: sha256WithRSAEncryption
37:79:9f:de:db:ec:55:d1:dc:8a:82:ab:26:4f:a4:b2:c2:92:
2f:e4:02:ee:e9:72:31:48:e6:ab:9a:36:81:55:6e:c5:24:48:
33:a9:9d:41:2a:2c:a6:da:eb:68:31:e2:61:e0:c6:e0:31:e4:
a3:16:ee:4b:db:6b:bc:49:cc:79:f2:9a:72:8b:a7:a5:69:56:
29:de:d0:2a:c7:95:2a:7f:a5:38:17:cb:74:68:9c:27:5a:0f:
59:ac:a0:cc:18:3d:bb:c2:a9:53:20:59:36:c4:35:d2:a0:81:
81:bb:4e:ac:d5:51:34:96:cb:88:34:de:e0:9e:5f:0b:9f:08:
77:41:82:e0:0e:e6:e7:f7:4b:b1:f9:c9:11:1e:82:25:77:80:
e4:ac:6d:a1:32:4d:77:1f:c5:66:8e:9a:90:bd:52:87:3f:c6:
c1:ee:86:cb:d0:ea:47:2d:05:33:73:73:9c:45:84:3e:b8:f3:
c8:b2:57:67:31:4b:73:59:fa:fb:d3:a0:c1:42:e7:df:1e:a3:
5f:81:f4:8c:19:84:3e:73:04:19:71:67:78:c5:57:19:23:b9:
59:57:86:a7:42:2e:c9:40:bd:d4:e9:c3:08:96:a5:5d:46:f1:
e3:a0:57:96:10:2d:71:8c:51:d2:9e:00:24:96:5d:b3:10:ca:
e0:29:db:2b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVrQOAEQcOQ8lM8RfCU8sWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OWJlNmVlNTQ5ZjMzNWM3Mjg0OTdhNzlmMTQ0MTAzNGU4
NTJjMzUwHhcNMjMwMTAxMDI1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ1Y2U0ODM4ZmRmMmMxZTAwZTE3Njc4Zjk5MmEzNDZiYmFkODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWfocJXYtsFBpYJ7ibi8dRWFWSVr
at7UY/2aHVtOMRIMfT9KLVdxp1D1v2TBrJZ5FETWnopFvpp1P2R+svDv9HpOJeh0
n/Z7CYL4TFNMpYeLz6FEUr9nDLjrSZmi80ZPOySax2UuZ9KXP5Ctx1PIVeu8KXMB
Op6uM9kNqCc1kqPNn7UDOCAz15E1IjihVZ2rmZ5/uqIDLOfP1dIeYwAQyfHohzWX
Aw4LB+EjrPiltYPok57FFMIMYOXS5H+XZOgOvkTdhrRFxWnAig14yLAKr3eytaFG
GldIBytzHEn0Lpw4r08yQWkW39MXinAwMtL/IQqD1WAaihK8DDTRxwVfFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPxFzkg4/fLB4A4XZ4+ZKjRrutgZMB8GA1UdIwQY
MBaAFLWb5u5UnzNccoSXp58UQQNOhSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTct
ZjNjODg3MjgxZWJhLzEvX0VYT1NEajk4c0hnRGhkbmo1a3FOR3U2MkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTctZjNjODg3MjgxZWJh
LzEvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuW2kAwQA
w4msMA0EAgACMAcDBQMqBlEAMA0GCSqGSIb3DQEBCwUAA4IBAQA3eZ/e2+xV0dyK
gqsmT6SywpIv5ALu6XIxSOarmjaBVW7FJEgzqZ1BKiym2utoMeJh4MbgMeSjFu5L
22u8Scx58ppyi6elaVYp3tAqx5Uqf6U4F8t0aJwnWg9ZrKDMGD27wqlTIFk2xDXS
oIGBu06s1VE0lsuINN7gnl8Lnwh3QYLgDubn90ux+ckRHoIld4DkrG2hMk13H8Vm
jpqQvVKHP8bB7obL0OpHLQUzc3OcRYQ+uPPIsldnMUtzWfr706DBQuffHqNfgfSM
GYQ+cwQZcWd4xVcZI7lZV4anQi7JQL3U6cMIlqVdRvHjoFeWEC1xjFHSngAkll2z
EMrgKdsr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:33 2024 by rpki-client on console-ams.rpki-client.org