Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vKubj2ztrVzhA6MZhN0km4WnFgA.roa
File: vKubj2ztrVzhA6MZhN0km4WnFgA.roa (raw, json)
Hash identifier: al9eyL9tplR5AuSo8qbZ+3G72OQn2m+4IFplhM70kp4=
Subject key identifier: BC:AB:9B:8F:6C:ED:AD:5C:E1:03:A3:19:84:DD:24:9B:85:A7:16:00
Certificate issuer: /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial: 018D13D7F021CDA552AAA404855E49BA5D7F
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vKubj2ztrVzhA6MZhN0km4WnFgA.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 185.212.112.0/24 maxlen: 24
193.3.18.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:f0:21:cd:a5:52:aa:a4:04:85:5e:49:ba:5d:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bcab9b8f6cedad5ce103a31984dd249b85a71600
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:1e:a2:b4:60:ff:1e:32:bb:9b:af:66:4f:05:
91:13:db:cd:9c:13:7a:de:c0:03:0d:f8:f9:37:03:
ea:f5:95:5e:e7:6a:57:ed:f2:77:86:c3:29:de:bb:
37:ea:fa:e8:ab:e1:f4:f3:8e:f1:96:52:1e:e4:f5:
ce:f5:09:93:c3:ec:61:be:16:5a:1f:be:14:2c:cd:
b1:40:a4:80:10:96:c9:c7:59:51:77:57:cb:0a:8b:
f6:93:bf:c8:dc:9c:33:28:16:61:7d:b9:17:13:64:
a9:0d:17:19:c1:48:a7:42:ce:3c:2d:b3:42:49:8b:
47:07:ec:a0:a4:1f:3c:a9:5b:4b:57:cf:c3:2d:15:
a0:2b:ee:ad:c2:6c:92:24:aa:e9:eb:e9:7f:18:e1:
44:e9:45:e4:14:df:db:d8:c4:29:af:74:54:78:bd:
41:6d:37:b3:0b:01:20:4c:00:25:7e:78:38:6e:5b:
77:e7:f1:2a:5c:01:ea:4d:0b:04:e3:a2:2b:e7:af:
4e:1b:15:e7:3e:f9:24:ff:0b:40:38:85:80:d0:3c:
01:fd:ce:29:48:3d:ae:b2:be:a9:95:98:69:2a:52:
1c:84:ea:bc:8e:0b:ab:18:44:dc:db:9e:06:d8:7c:
c7:38:4d:fc:25:f3:3d:a4:b5:c9:b5:a0:a3:35:b3:
f0:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:AB:9B:8F:6C:ED:AD:5C:E1:03:A3:19:84:DD:24:9B:85:A7:16:00
X509v3 Authority Key Identifier:
keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vKubj2ztrVzhA6MZhN0km4WnFgA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.212.112.0/24
193.3.18.0/24
Signature Algorithm: sha256WithRSAEncryption
07:41:1b:09:5f:05:d4:28:4f:f3:31:fe:a2:a6:d5:12:29:e0:
de:12:9d:10:03:06:03:5d:6b:53:b1:da:4d:2a:7c:19:6a:78:
f2:bb:cc:aa:d4:ab:93:ed:70:8f:7c:85:71:52:69:48:72:6b:
59:85:21:3a:75:86:2a:08:64:4f:ab:ca:4f:9f:0c:b2:66:7b:
82:10:7b:fc:36:7d:ec:9c:e4:0d:55:ae:5d:06:f2:1c:a3:da:
e7:aa:c9:69:90:ad:59:80:89:cd:67:c4:5e:fd:64:9b:29:f4:
98:ec:db:17:72:26:ba:76:c6:3f:be:de:dd:a4:7e:ae:f4:d6:
fc:fd:8f:d1:84:c2:fc:4f:a6:73:8f:28:4e:77:8a:42:e8:74:
f2:93:25:7b:07:61:7d:26:bf:d6:74:71:07:21:c7:d6:9f:ad:
43:c7:8c:a6:3b:4b:00:ab:ad:83:df:10:b1:99:23:55:b9:6e:
45:e4:47:62:46:7a:f4:f3:52:13:7c:51:f6:3e:5c:e4:1a:db:
8f:0b:f6:78:22:49:53:f3:03:cc:42:02:60:be:46:82:0f:35:
be:28:3e:de:ba:6d:7d:2b:1f:fb:2d:28:1a:9f:8f:f3:cf:94:
60:10:3a:aa:9f:24:88:36:40:39:7f:1d:a0:f8:c1:65:1f:e9:
c0:46:db:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0T1/AhzaVSqqQEhV5Jul1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FiOWI4ZjZjZWRhZDVjZTEwM2EzMTk4NGRkMjQ5Yjg1YTcxNjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR6itGD/HjK7m69mTwWRE9vNnBN6
3sADDfj5NwPq9ZVe52pX7fJ3hsMp3rs36vroq+H0847xllIe5PXO9QmTw+xhvhZa
H74ULM2xQKSAEJbJx1lRd1fLCov2k7/I3JwzKBZhfbkXE2SpDRcZwUinQs48LbNC
SYtHB+ygpB88qVtLV8/DLRWgK+6twmySJKrp6+l/GOFE6UXkFN/b2MQpr3RUeL1B
bTezCwEgTAAlfng4blt35/EqXAHqTQsE46Ir569OGxXnPvkk/wtAOIWA0DwB/c4p
SD2usr6plZhpKlIchOq8jgurGETc254G2HzHOE38JfM9pLXJtaCjNbPwUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLyrm49s7a1c4QOjGYTdJJuFpxYAMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvdkt1YmoyenRyVnpoQTZNWmhOMGttNFduRmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudRwAwQA
wQMSMA0GCSqGSIb3DQEBCwUAA4IBAQAHQRsJXwXUKE/zMf6iptUSKeDeEp0QAwYD
XWtTsdpNKnwZanjyu8yq1KuT7XCPfIVxUmlIcmtZhSE6dYYqCGRPq8pPnwyyZnuC
EHv8Nn3snOQNVa5dBvIco9rnqslpkK1ZgInNZ8Re/WSbKfSY7NsXcia6dsY/vt7d
pH6u9Nb8/Y/RhML8T6ZzjyhOd4pC6HTykyV7B2F9Jr/WdHEHIcfWn61Dx4ymO0sA
q62D3xCxmSNVuW5F5EdiRnr081ITfFH2PlzkGtuPC/Z4IklT8wPMQgJgvkaCDzW+
KD7eum19Kx/7LSgan4/zz5RgEDqqnySINkA5fx2g+MFlH+nARtuy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:47 2024 by rpki-client on console-ams.rpki-client.org