Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/O80RgHRTuukHnK7AxOdmq3ebFPw.roa
File: O80RgHRTuukHnK7AxOdmq3ebFPw.roa (raw, json)
Hash identifier: tFJCnwdhg+2BTnC+GZfyXVLQvguBJo1So7Bi+0E/Ph0=
Subject key identifier: 3B:CD:11:80:74:53:BA:E9:07:9C:AE:C0:C4:E7:66:AB:77:9B:14:FC
Certificate issuer: /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial: 018B15443EA51A66BB5DE12AA0E61681778D
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/O80RgHRTuukHnK7AxOdmq3ebFPw.roa
Signing time: Mon 09 Oct 2023 16:27:55 +0000
ROA not before: Mon 09 Oct 2023 16:27:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209466
IP address blocks: 77.92.143.0/24 maxlen: 24
188.132.184.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:15:44:3e:a5:1a:66:bb:5d:e1:2a:a0:e6:16:81:77:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Validity
Not Before: Oct 9 16:27:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3bcd11807453bae9079caec0c4e766ab779b14fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:2e:4a:aa:76:93:87:4f:74:59:d4:c8:80:82:
e9:98:12:9d:13:45:d2:6f:30:84:45:f7:1b:47:1d:
78:99:2a:94:b8:5d:80:13:87:40:5f:3c:06:4e:f4:
e0:86:30:d7:d8:67:be:71:e9:24:c8:07:cf:64:f3:
72:76:07:ff:ed:d7:ef:5d:94:98:2d:ec:5e:06:59:
4b:4a:d8:03:e5:42:ec:c6:c6:e7:6d:25:3f:c4:41:
2f:e4:b8:79:a9:75:3b:64:ce:03:99:1d:b1:50:4e:
50:28:3b:fa:9e:94:f3:f0:e8:aa:e6:e8:cd:13:f6:
dc:a2:aa:5e:55:b5:58:85:9a:5f:8c:fd:81:3e:af:
ad:d6:1d:27:9a:48:4b:f5:69:7a:44:d3:d8:f4:99:
68:bf:81:eb:4b:12:3d:f5:2d:f5:df:11:5a:65:c4:
48:dc:6c:a6:f2:dd:c9:da:52:9a:75:30:29:e4:b2:
90:e6:ca:6c:5b:ee:2c:f6:9c:4a:8a:80:10:18:84:
cd:03:92:2a:0a:f2:aa:a1:8f:07:9f:c8:74:cb:bf:
1e:f8:fb:03:66:ff:b7:bb:53:21:8e:15:a3:4d:08:
29:4e:e6:5c:de:51:e8:15:be:7c:9e:be:5b:d0:d4:
b0:c1:be:2c:ae:ac:bc:26:35:bb:16:39:a2:f1:0f:
4a:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:CD:11:80:74:53:BA:E9:07:9C:AE:C0:C4:E7:66:AB:77:9B:14:FC
X509v3 Authority Key Identifier:
keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/O80RgHRTuukHnK7AxOdmq3ebFPw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.92.143.0/24
188.132.184.0/24
Signature Algorithm: sha256WithRSAEncryption
d4:80:a1:3c:d7:cb:c0:02:5b:b8:68:64:58:ed:bb:5d:61:ad:
39:ce:a3:0a:07:7f:8c:97:0e:d3:0c:f5:3f:4b:8c:74:ba:9f:
f1:22:ec:52:01:24:cf:fc:f2:b0:83:07:60:13:b5:77:e7:84:
93:ac:15:22:73:7b:d4:e7:dd:73:bf:e3:d7:fe:fe:bc:9e:1b:
05:33:77:ac:06:20:5e:99:e6:e5:46:f5:f0:b5:08:1f:40:04:
22:7a:4d:24:f3:40:29:3a:34:e0:d8:74:89:14:8a:dc:79:be:
8d:a5:28:92:82:52:66:a5:a0:5d:f5:8a:2d:85:5d:af:95:b5:
bb:d0:a5:82:5a:be:0f:3c:02:0f:2b:56:b3:fd:a1:a7:7f:22:
a9:85:d4:00:55:28:d3:af:e6:cc:5a:1d:ab:1e:00:34:0b:1f:
88:77:2f:9d:06:aa:cc:99:ae:4e:76:92:4e:a5:df:4c:e7:d3:
8e:fd:91:14:83:d4:15:99:a4:98:54:07:cc:34:48:dd:66:c6:
78:3b:0a:d1:93:03:5c:d2:91:51:ff:62:eb:58:5f:35:3c:82:
01:64:cc:27:c0:19:d2:f6:35:ae:b0:0a:25:09:13:97:47:1f:
96:55:dd:b9:c3:4b:8a:c7:ff:4e:dd:f3:d4:8d:6a:45:cd:e1:
f9:15:31:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYsVRD6lGma7XeEqoOYWgXeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMDA5MTYyNzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNkMTE4MDc0NTNiYWU5MDc5Y2FlYzBjNGU3NjZhYjc3OWIxNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC5KqnaTh090WdTIgILpmBKdE0XS
bzCERfcbRx14mSqUuF2AE4dAXzwGTvTghjDX2Ge+cekkyAfPZPNydgf/7dfvXZSY
LexeBllLStgD5ULsxsbnbSU/xEEv5Lh5qXU7ZM4DmR2xUE5QKDv6npTz8Oiq5ujN
E/bcoqpeVbVYhZpfjP2BPq+t1h0nmkhL9Wl6RNPY9Jlov4HrSxI99S313xFaZcRI
3Gym8t3J2lKadTAp5LKQ5spsW+4s9pxKioAQGITNA5IqCvKqoY8Hn8h0y78e+PsD
Zv+3u1MhjhWjTQgpTuZc3lHoFb58nr5b0NSwwb4srqy8JjW7Fjmi8Q9KZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDvNEYB0U7rpB5yuwMTnZqt3mxT8MB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvTzgwUmdIUlR1dWtIbks3QXhPZG1xM2ViRlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVyPAwQA
vIS4MA0GCSqGSIb3DQEBCwUAA4IBAQDUgKE818vAAlu4aGRY7btdYa05zqMKB3+M
lw7TDPU/S4x0up/xIuxSASTP/PKwgwdgE7V354STrBUic3vU591zv+PX/v68nhsF
M3esBiBemeblRvXwtQgfQAQiek0k80ApOjTg2HSJFIrceb6NpSiSglJmpaBd9Yot
hV2vlbW70KWCWr4PPAIPK1az/aGnfyKphdQAVSjTr+bMWh2rHgA0Cx+Idy+dBqrM
ma5OdpJOpd9M59OO/ZEUg9QVmaSYVAfMNEjdZsZ4OwrRkwNc0pFR/2LrWF81PIIB
ZMwnwBnS9jWusAolCROXRx+WVd25w0uKx/9O3fPUjWpFzeH5FTF5
-----END CERTIFICATE-----
Generated at Wed Oct 25 11:20:31 2023 by rpki-client on console-ams.rpki-client.org