Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/87d086-f53a-41ba-81fe-ca444704416f/1/TXu0HWdyAUV_fu4Mrq1DSp5PYK0.roa
File: TXu0HWdyAUV_fu4Mrq1DSp5PYK0.roa (raw, json)
Hash identifier: 9EnMfQHEMPzewzJ4MP7Lo/7bX20B423sqXgujC8bsoY=
Subject key identifier: 4D:7B:B4:1D:67:72:01:45:7F:7E:EE:0C:AE:AD:43:4A:9E:4F:60:AD
Certificate issuer: /CN=64ffb309c289acffc1be34a6f0b6675c001713ea
Certificate serial: 01856DCAFAFCDAFAA6CC0E42D417AEE6CDD9
Authority key identifier: 64:FF:B3:09:C2:89:AC:FF:C1:BE:34:A6:F0:B6:67:5C:00:17:13:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZP-zCcKJrP_BvjSm8LZnXAAXE-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/87d086-f53a-41ba-81fe-ca444704416f/1/TXu0HWdyAUV_fu4Mrq1DSp5PYK0.roa
Signing time: Sun 01 Jan 2023 14:44:57 +0000
ROA not before: Sun 01 Jan 2023 14:44:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204166
IP address blocks: 93.115.196.0/22 maxlen: 22
185.107.0.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:fa:fc:da:fa:a6:cc:0e:42:d4:17:ae:e6:cd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64ffb309c289acffc1be34a6f0b6675c001713ea
Validity
Not Before: Jan 1 14:44:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4d7bb41d677201457f7eee0caead434a9e4f60ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:ec:09:4c:77:c4:77:ea:4f:6f:01:32:f7:3c:
2b:4d:10:83:a7:bc:be:18:22:2b:83:5f:00:bf:6e:
93:d5:f8:84:59:3f:47:89:82:66:61:84:29:30:f6:
72:38:7d:de:b3:f1:34:aa:90:ad:5d:eb:3b:38:77:
71:11:58:67:03:6f:36:92:eb:f8:e2:62:72:7c:cb:
74:61:3c:4d:ff:cc:ac:7f:00:65:e0:ca:9e:9b:10:
fd:14:b7:67:dd:d8:59:3c:72:21:97:4f:da:01:49:
7d:ad:f2:bc:cb:4a:a4:c2:13:d6:15:76:0a:dd:fd:
a0:e8:31:a1:90:f9:d4:fe:a1:94:e0:a6:c8:b3:52:
f8:25:ff:29:08:e3:bf:a6:ca:14:19:67:49:63:cc:
89:67:eb:f9:8f:94:c1:e6:4e:e4:24:e9:a0:bc:df:
c6:45:fa:a0:89:cd:c6:3b:c8:60:eb:e5:f6:5d:f5:
68:c0:df:14:fd:91:65:a9:ac:ee:6e:ba:cb:b0:62:
9a:d2:5f:87:71:78:db:6a:26:be:39:ff:7a:ad:bc:
26:0d:7d:66:3a:c7:c6:8a:85:18:8e:06:12:7e:fa:
ec:36:1c:59:d0:3d:a6:df:c7:20:b1:69:af:c2:5f:
95:10:be:2f:07:1d:18:5f:05:27:59:14:b7:d6:92:
90:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:7B:B4:1D:67:72:01:45:7F:7E:EE:0C:AE:AD:43:4A:9E:4F:60:AD
X509v3 Authority Key Identifier:
keyid:64:FF:B3:09:C2:89:AC:FF:C1:BE:34:A6:F0:B6:67:5C:00:17:13:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZP-zCcKJrP_BvjSm8LZnXAAXE-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/87d086-f53a-41ba-81fe-ca444704416f/1/TXu0HWdyAUV_fu4Mrq1DSp5PYK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/87d086-f53a-41ba-81fe-ca444704416f/1/ZP-zCcKJrP_BvjSm8LZnXAAXE-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.115.196.0/22
185.107.0.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:49:be:fb:f0:cb:85:43:81:38:39:4e:5f:89:53:b3:8a:07:
be:3e:f8:12:d3:1a:72:2f:e9:56:9d:7f:35:8e:9d:af:c6:79:
88:a7:52:23:34:de:bb:9b:7d:a3:e7:79:aa:80:f9:cc:04:d8:
43:db:a8:ca:d5:87:c1:fa:70:59:ca:aa:0c:38:0f:9f:3b:26:
d7:d7:8c:e0:dc:64:05:e9:14:86:ea:1f:76:56:b2:c1:72:e6:
4f:e2:f2:89:68:a9:6e:4c:1f:89:5a:39:fa:79:12:4d:f8:c6:
90:c2:db:60:fa:67:26:19:8e:15:4c:71:c1:6e:d2:39:e2:00:
77:f2:ff:30:44:77:8e:7a:70:a3:0a:23:a3:ff:f1:09:a1:66:
67:79:ea:11:27:c0:a3:d4:3a:c3:e7:ed:39:e4:4b:fe:c6:8a:
19:8b:9e:72:bf:df:6a:ad:84:66:0a:f7:c6:c8:3c:6b:af:0c:
bf:45:a5:61:f5:68:c2:6f:c5:71:73:65:06:ba:05:d1:3e:74:
51:16:48:57:25:95:38:01:e2:ee:b4:42:bf:ce:1b:90:7d:e4:
8d:05:4e:da:7f:44:2a:e5:08:2d:30:2d:3e:d2:f1:72:b8:70:
bd:bc:52:02:20:16:70:ec:a8:d2:bb:5b:03:a6:92:4a:4b:dc:
63:4d:43:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtyvr82vqmzA5C1Beu5s3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZmZiMzA5YzI4OWFjZmZjMWJlMzRhNmYwYjY2NzVjMDAx
NzEzZWEwHhcNMjMwMTAxMTQ0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDdiYjQxZDY3NzIwMTQ1N2Y3ZWVlMGNhZWFkNDM0YTllNGY2MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOwJTHfEd+pPbwEy9zwrTRCDp7y+
GCIrg18Av26T1fiEWT9HiYJmYYQpMPZyOH3es/E0qpCtXes7OHdxEVhnA282kuv4
4mJyfMt0YTxN/8ysfwBl4MqemxD9FLdn3dhZPHIhl0/aAUl9rfK8y0qkwhPWFXYK
3f2g6DGhkPnU/qGU4KbIs1L4Jf8pCOO/psoUGWdJY8yJZ+v5j5TB5k7kJOmgvN/G
Rfqgic3GO8hg6+X2XfVowN8U/ZFlqazubrrLsGKa0l+HcXjbaia+Of96rbwmDX1m
OsfGioUYjgYSfvrsNhxZ0D2m38cgsWmvwl+VEL4vBx0YXwUnWRS31pKQ7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE17tB1ncgFFf37uDK6tQ0qeT2CtMB8GA1UdIwQY
MBaAFGT/swnCiaz/wb40pvC2Z1wAFxPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlAtekNjS0pyUF9CdmpTbThMWm5YQUFYRS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS84N2QwODYtZjUzYS00MWJhLTgxZmUt
Y2E0NDQ3MDQ0MTZmLzEvVFh1MEhXZHlBVVZfZnU0TXJxMURTcDVQWUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS84N2QwODYtZjUzYS00MWJhLTgxZmUtY2E0NDQ3MDQ0MTZm
LzEvWlAtekNjS0pyUF9CdmpTbThMWm5YQUFYRS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXXPEAwQC
uWsAMA0GCSqGSIb3DQEBCwUAA4IBAQBrSb778MuFQ4E4OU5fiVOzige+PvgS0xpy
L+lWnX81jp2vxnmIp1IjNN67m32j53mqgPnMBNhD26jK1YfB+nBZyqoMOA+fOybX
14zg3GQF6RSG6h92VrLBcuZP4vKJaKluTB+JWjn6eRJN+MaQwttg+mcmGY4VTHHB
btI54gB38v8wRHeOenCjCiOj//EJoWZneeoRJ8Cj1DrD5+055Ev+xooZi55yv99q
rYRmCvfGyDxrrwy/RaVh9WjCb8Vxc2UGugXRPnRRFkhXJZU4AeLutEK/zhuQfeSN
BU7af0Qq5QgtMC0+0vFyuHC9vFICIBZw7KjSu1sDppJKS9xjTUN8
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:39 2025 by rpki-client