Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/VRmPyhTmwPgXAPsWK5olkUaG7KA.roa
File: VRmPyhTmwPgXAPsWK5olkUaG7KA.roa (raw, json)
Hash identifier: 3hhUkYVrmv/pvr0V8LDszt6zMpl6kOFM3vvwmia16dw=
Subject key identifier: 55:19:8F:CA:14:E6:C0:F8:17:00:FB:16:2B:9A:25:91:46:86:EC:A0
Certificate issuer: /CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
Certificate serial: 0189D42800D4ED258A9F250AD0E0D5AFE2A3
Authority key identifier: FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/VRmPyhTmwPgXAPsWK5olkUaG7KA.roa
Signing time: Tue 08 Aug 2023 07:58:58 +0000
ROA not before: Tue 08 Aug 2023 07:58:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62294
IP address blocks: 85.222.168.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d4:28:00:d4:ed:25:8a:9f:25:0a:d0:e0:d5:af:e2:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
Validity
Not Before: Aug 8 07:58:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=55198fca14e6c0f81700fb162b9a25914686eca0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:96:eb:ae:43:4a:a1:d1:15:93:09:fc:1c:ca:
06:cb:3e:65:00:fb:3c:2d:8f:6c:f6:42:ae:0c:ec:
cd:29:a6:d5:16:50:17:de:68:3e:25:1d:fd:c1:9b:
ac:aa:83:a7:4d:31:87:fe:4c:44:67:ab:d5:18:45:
9f:87:bd:a3:cf:a3:4c:2d:71:1e:47:49:b3:25:7c:
5b:42:bf:d5:8b:69:b4:0a:06:26:54:ec:99:11:ea:
9c:40:38:44:71:bb:5e:9b:81:4f:09:59:31:92:27:
73:06:6c:aa:01:84:9b:8e:a8:b8:f6:36:a9:ed:ba:
d6:43:db:17:8b:5f:44:19:73:8e:9d:b9:68:02:41:
e1:2d:37:27:2a:e7:9b:51:f7:0c:f8:98:11:52:52:
f8:97:92:00:7c:e2:94:a7:d2:06:3f:28:0d:5c:62:
27:94:bd:f7:48:a4:70:ba:48:bf:b2:08:6e:65:ef:
6a:a0:12:18:ac:45:69:34:bb:97:39:21:d1:3a:be:
df:bd:de:fc:92:b4:a3:2a:97:40:da:af:92:80:d7:
1f:69:65:ed:af:e3:a1:2b:73:40:57:4f:b4:8f:b2:
8d:69:82:d4:52:40:e3:9d:d1:e9:53:97:25:58:f5:
ff:db:95:0f:bc:bc:0f:2c:e7:1e:39:a3:85:c1:9e:
8f:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:19:8F:CA:14:E6:C0:F8:17:00:FB:16:2B:9A:25:91:46:86:EC:A0
X509v3 Authority Key Identifier:
keyid:FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/VRmPyhTmwPgXAPsWK5olkUaG7KA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/_z7T1NR7joJfv9B5SC96DCHcke8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.222.168.0/22
Signature Algorithm: sha256WithRSAEncryption
82:85:44:20:6c:25:ed:db:d9:85:3d:3d:73:1c:c8:5e:1b:8e:
36:6a:e9:eb:ea:92:f3:06:f2:ba:73:57:0d:85:99:bb:fc:5a:
1e:45:0c:12:85:d3:d4:58:de:0a:0e:4e:00:0c:e7:97:d4:79:
f0:dd:a4:49:f2:b3:55:07:85:0e:d2:32:61:98:c2:d4:98:4d:
23:d9:3a:d4:2a:db:2d:77:f6:60:1a:38:06:55:47:bd:fb:3b:
80:58:73:90:78:7f:a8:5d:76:46:4d:01:0d:8f:ae:3d:ca:a7:
ee:79:b4:1d:48:90:c5:8f:bb:e6:de:08:24:36:da:70:1d:7d:
b8:01:22:81:ae:bc:b5:22:78:6e:ee:59:54:0c:be:2c:08:52:
66:34:c6:c7:ab:95:e0:da:2a:bd:5e:2d:f0:d5:3c:d1:97:ca:
2a:1a:7a:2f:1f:a3:ca:6c:ff:68:35:a5:2d:6e:8e:9f:30:ef:
9f:59:a4:95:92:8e:1a:e8:13:6d:6c:b2:97:37:9d:d1:67:ed:
8b:18:3a:96:a9:9e:93:8a:97:49:0b:49:75:1a:08:d4:54:d8:
45:ae:14:53:60:a8:81:4c:06:85:70:96:f7:10:56:ac:db:59:
31:e1:0e:b9:1d:e5:ad:01:e8:92:f3:6e:d7:14:e9:1e:8d:c1:
23:1d:03:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnUKADU7SWKnyUK0ODVr+KjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmM2VkM2Q0ZDQ3YjhlODI1ZmJmZDA3OTQ4MmY3YTBjMjFk
YzkxZWYwHhcNMjMwODA4MDc1ODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTE5OGZjYTE0ZTZjMGY4MTcwMGZiMTYyYjlhMjU5MTQ2ODZlY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZbrrkNKodEVkwn8HMoGyz5lAPs8
LY9s9kKuDOzNKabVFlAX3mg+JR39wZusqoOnTTGH/kxEZ6vVGEWfh72jz6NMLXEe
R0mzJXxbQr/Vi2m0CgYmVOyZEeqcQDhEcbtem4FPCVkxkidzBmyqAYSbjqi49jap
7brWQ9sXi19EGXOOnbloAkHhLTcnKuebUfcM+JgRUlL4l5IAfOKUp9IGPygNXGIn
lL33SKRwuki/sghuZe9qoBIYrEVpNLuXOSHROr7fvd78krSjKpdA2q+SgNcfaWXt
r+OhK3NAV0+0j7KNaYLUUkDjndHpU5clWPX/25UPvLwPLOceOaOFwZ6PeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUZj8oU5sD4FwD7FiuaJZFGhuygMB8GA1UdIwQY
MBaAFP8+09TUe46CX7/QeUgvegwh3JHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2Mzct
NWIwOWE2NzQzMzc1LzEvVlJtUHloVG13UGdYQVBzV0s1b2xrVWFHN0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2MzctNWIwOWE2NzQzMzc1
LzEvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVd6oMA0G
CSqGSIb3DQEBCwUAA4IBAQCChUQgbCXt29mFPT1zHMheG442aunr6pLzBvK6c1cN
hZm7/FoeRQwShdPUWN4KDk4ADOeX1Hnw3aRJ8rNVB4UO0jJhmMLUmE0j2TrUKtst
d/ZgGjgGVUe9+zuAWHOQeH+oXXZGTQENj649yqfuebQdSJDFj7vm3ggkNtpwHX24
ASKBrry1Inhu7llUDL4sCFJmNMbHq5Xg2iq9Xi3w1TzRl8oqGnovH6PKbP9oNaUt
bo6fMO+fWaSVko4a6BNtbLKXN53RZ+2LGDqWqZ6TipdJC0l1GgjUVNhFrhRTYKiB
TAaFcJb3EFas21kx4Q65HeWtAeiS827XFOkejcEjHQNa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:26 2024 by rpki-client on console-fra.rpki-client.org