Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/7LQa6MbUzWewurQW8HFPDsIZ1RY.roa
File: 7LQa6MbUzWewurQW8HFPDsIZ1RY.roa (raw, json)
Hash identifier: xCqz8wezodS8vJ0PJdjC6YTJIVy61ixlUX6YNtoOIz8=
Subject key identifier: EC:B4:1A:E8:C6:D4:CD:67:B0:BA:B4:16:F0:71:4F:0E:C2:19:D5:16
Certificate issuer: /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial: 0719D774
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/7LQa6MbUzWewurQW8HFPDsIZ1RY.roa
Signing time: Sat 01 Jan 2022 08:03:00 +0000
ROA not before: Sat 01 Jan 2022 08:03:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34773
IP address blocks: 194.8.28.0/24 maxlen: 24
2a0a:1b84::/32 maxlen: 32
2a0a:1b82::/32 maxlen: 32
2a0a:1b80::/32 maxlen: 32
2a0a:1b86::/32 maxlen: 32
2a0a:1b85::/32 maxlen: 32
2a0a:1b83::/32 maxlen: 32
2a0a:1b87::/32 maxlen: 32
2a0a:1b81::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 119134068 (0x719d774)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Validity
Not Before: Jan 1 08:03:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ecb41ae8c6d4cd67b0bab416f0714f0ec219d516
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:c8:4f:d0:95:ca:fc:95:ae:12:ce:b8:55:a9:
78:21:61:1d:fb:a8:c4:4b:78:f4:be:34:6a:bd:91:
79:14:ea:c2:9a:f3:dc:37:08:31:95:cd:ca:d1:3d:
46:65:9d:d2:da:5e:ca:10:8b:97:b7:a1:b8:ba:bf:
57:27:13:e0:f8:f7:f5:80:25:6d:87:c0:72:6f:bb:
5a:97:61:a2:2b:6a:34:67:fa:ef:80:e7:7b:4a:b9:
aa:db:6d:1c:8f:26:c9:62:fb:20:f3:85:35:19:51:
ce:1d:e7:92:74:d6:af:97:bd:87:aa:04:44:bc:65:
aa:5b:e6:09:89:c0:d5:8b:62:47:16:eb:d8:0d:4a:
51:e2:17:83:31:ab:e8:40:bc:9b:de:61:f4:ff:e8:
74:86:6f:de:ac:74:4f:03:35:77:02:9a:5e:9c:59:
89:2e:07:9c:8c:f2:19:e4:92:9b:a5:96:ea:59:5b:
8a:72:b8:89:3a:b7:1c:2d:a8:6b:48:3b:8e:b7:50:
cb:ba:ba:2b:c3:6c:23:d8:31:41:6e:a9:66:fb:63:
70:32:5c:83:d1:46:5c:8e:3a:ae:cc:cf:7b:e1:e4:
97:66:9a:5f:d3:57:46:83:0e:ba:09:79:76:63:6c:
06:eb:2d:0c:95:04:ed:de:1a:63:77:d9:5d:48:b7:
74:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:B4:1A:E8:C6:D4:CD:67:B0:BA:B4:16:F0:71:4F:0E:C2:19:D5:16
X509v3 Authority Key Identifier:
keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/7LQa6MbUzWewurQW8HFPDsIZ1RY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.8.28.0/24
IPv6:
2a0a:1b80::/29
Signature Algorithm: sha256WithRSAEncryption
c6:b8:1d:e6:09:9c:98:77:32:34:25:ab:13:60:d7:ce:41:08:
1d:3f:bc:f9:69:40:70:42:a9:fb:1e:f5:13:61:f2:7d:3e:79:
19:c1:a3:bf:ce:ed:44:53:7f:96:4f:c3:93:26:1b:a7:87:76:
07:94:37:f7:93:bc:3f:7d:b0:7d:5a:35:1d:0f:69:c5:d1:b9:
52:f3:da:25:13:e4:2c:80:fd:9a:c5:ad:5e:b2:0a:22:fa:ab:
24:e3:34:ac:27:87:b1:9a:2a:45:8c:a0:38:ad:26:d1:a3:11:
d2:72:0c:1c:5d:c6:b2:6e:0c:84:78:dd:1e:76:cb:08:e3:cd:
cd:f0:7a:e9:92:d7:63:3f:31:fe:96:57:7a:45:f1:43:fa:9c:
b8:cc:d8:54:28:56:19:a6:22:25:97:1f:b1:bc:a2:95:1a:e0:
46:84:e4:01:f9:6f:38:08:64:1b:ac:37:cb:91:21:a2:10:87:
8c:34:29:82:e0:2a:4e:6e:b3:59:f8:41:26:50:e7:03:7b:a0:
84:cf:13:b8:3d:12:5e:b2:30:96:90:21:b5:2b:fc:f3:09:6a:
8f:2a:ca:ec:3e:fe:62:6f:c7:4c:f1:76:1c:c2:bb:65:a6:bb:
45:ef:3a:3d:98:bb:13:68:e9:d4:eb:4e:9b:1b:e2:f3:fe:b8:
56:82:03:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBxnXdDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YzFhZWQ5OTEzZjg4ODBhZjc1NTdlZWYzZWYwMmQ2ZTBmZjNmZDQ5MB4XDTIyMDEw
MTA4MDMwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWNiNDFhZThjNmQ0
Y2Q2N2IwYmFiNDE2ZjA3MTRmMGVjMjE5ZDUxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/IT9CVyvyVrhLOuFWpeCFhHfuoxEt49L40ar2ReRTqwprz
3DcIMZXNytE9RmWd0tpeyhCLl7ehuLq/VycT4Pj39YAlbYfAcm+7WpdhoitqNGf6
74Dne0q5qtttHI8myWL7IPOFNRlRzh3nknTWr5e9h6oERLxlqlvmCYnA1YtiRxbr
2A1KUeIXgzGr6EC8m95h9P/odIZv3qx0TwM1dwKaXpxZiS4HnIzyGeSSm6WW6llb
inK4iTq3HC2oa0g7jrdQy7q6K8NsI9gxQW6pZvtjcDJcg9FGXI46rszPe+Hkl2aa
X9NXRoMOugl5dmNsBustDJUE7d4aY3fZXUi3dK0CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTstBroxtTNZ7C6tBbwcU8OwhnVFjAfBgNVHSMEGDAWgBScGu2ZE/iICvdV
fu8+8C1uD/P9STAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25CcnRtUlA0aUFyM1ZYN3ZQdkF0Ymdfel9Vay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGYvZmY5NGYxLWJhNjMtNDBkNi1iZWNhLTVlNjI0YTMwMzhjZi8x
LzdMUWE2TWJVeldld3VyUVc4SEZQRHNJWjFSWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYv
ZmY5NGYxLWJhNjMtNDBkNi1iZWNhLTVlNjI0YTMwMzhjZi8xL25CcnRtUlA0aUFy
M1ZYN3ZQdkF0Ymdfel9Vay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAMIIHDANBAIAAjAHAwUDKgobgDAN
BgkqhkiG9w0BAQsFAAOCAQEAxrgd5gmcmHcyNCWrE2DXzkEIHT+8+WlAcEKp+x71
E2HyfT55GcGjv87tRFN/lk/DkyYbp4d2B5Q395O8P32wfVo1HQ9pxdG5UvPaJRPk
LID9msWtXrIKIvqrJOM0rCeHsZoqRYygOK0m0aMR0nIMHF3Gsm4MhHjdHnbLCOPN
zfB66ZLXYz8x/pZXekXxQ/qcuMzYVChWGaYiJZcfsbyilRrgRoTkAflvOAhkG6w3
y5EhohCHjDQpguAqTm6zWfhBJlDnA3ughM8TuD0SXrIwlpAhtSv88wlqjyrK7D7+
Ym/HTPF2HMK7Zaa7Re86PZi7E2jp1OtOmxvi8/64VoIDnQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:22 2023 by rpki-client on console-fra.rpki-client.org