Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Tjd-lszSJNjV7s8QBC9-QllF408.roa
File: Tjd-lszSJNjV7s8QBC9-QllF408.roa (raw, json)
Hash identifier: DLqnCwKg4I+U9/aQEb342BCU/DxEY0A2UJLKNUhqy2U=
Subject key identifier: 4E:37:7E:96:CC:D2:24:D8:D5:EE:CF:10:04:2F:7E:42:59:45:E3:4F
Certificate issuer: /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial: 018572FA72613637A893FB49CF65F99EF811
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Tjd-lszSJNjV7s8QBC9-QllF408.roa
Signing time: Mon 02 Jan 2023 14:54:53 +0000
ROA not before: Mon 02 Jan 2023 14:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204175
IP address blocks: 185.74.195.0/24 maxlen: 24
185.74.194.0/24 maxlen: 24
185.74.193.0/24 maxlen: 24
185.219.216.0/24 maxlen: 24
185.219.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:72:61:36:37:a8:93:fb:49:cf:65:f9:9e:f8:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Validity
Not Before: Jan 2 14:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4e377e96ccd224d8d5eecf10042f7e425945e34f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:50:de:0d:53:41:c4:86:83:7d:d6:e2:c0:17:
77:0b:8d:62:c3:13:a8:e4:90:3a:4b:cf:26:15:33:
54:b2:76:49:a2:4f:1b:0f:dc:7d:5d:42:7e:e4:50:
47:da:fb:f4:45:52:45:04:fc:e7:c4:06:19:5c:f4:
4b:35:b0:7f:f0:4f:d2:06:12:12:43:a0:e1:95:11:
55:e7:de:ff:20:82:2f:19:c6:61:a9:57:53:d7:f8:
b5:e3:fd:57:dd:e5:07:55:a7:7c:6a:57:c1:9c:9d:
ca:c0:88:2e:9a:41:11:8f:f6:61:ee:e1:6e:01:f0:
0b:18:ad:51:e2:59:63:b8:c0:bd:34:f2:53:4a:5a:
e3:3b:34:4d:c7:59:0b:9c:bd:07:1b:ff:5e:94:de:
8f:06:42:0c:9d:2e:e6:11:4c:8f:4d:a1:33:b3:39:
2f:3a:42:86:a8:fb:40:ce:13:6e:c4:3b:b0:3f:8a:
10:57:36:24:c5:03:ae:bd:5c:c5:69:13:c6:3a:8c:
ad:51:78:0a:6e:68:7f:01:39:e9:7a:67:89:6b:a4:
f5:e3:46:68:fe:8c:eb:a6:e4:fb:b1:bf:48:37:b6:
be:b0:f6:84:bd:96:a5:72:f9:8a:06:c2:b0:e4:ca:
06:42:7c:f8:f7:e2:ce:16:ad:de:a3:a5:b0:e3:e6:
f0:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:37:7E:96:CC:D2:24:D8:D5:EE:CF:10:04:2F:7E:42:59:45:E3:4F
X509v3 Authority Key Identifier:
keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/Tjd-lszSJNjV7s8QBC9-QllF408.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.74.193.0-185.74.195.255
185.219.216.0/24
185.219.219.0/24
Signature Algorithm: sha256WithRSAEncryption
14:1f:84:0c:ab:a9:0a:82:b7:d0:3d:8f:fe:9e:2b:54:89:26:
b8:07:8e:c3:af:d2:e7:89:2c:64:52:9b:5e:70:1e:3b:d1:57:
aa:e8:6a:1f:4a:a0:58:3e:5f:41:19:10:db:ec:6a:b6:65:63:
49:3e:53:55:b5:48:30:5a:30:a5:09:54:b4:02:44:7f:2b:c5:
8a:6d:d4:7d:fd:6c:b1:2f:0b:e9:fc:43:c9:81:4a:5f:2b:19:
ef:c9:07:a5:92:db:92:78:bf:24:2c:a5:e7:55:df:8b:bf:6c:
95:19:af:77:f2:b0:d3:50:46:83:36:80:a0:a2:f5:52:f0:f1:
ff:8a:01:b1:a4:3d:99:0a:67:de:8e:e6:74:21:e8:e1:ff:51:
6a:b0:a9:2d:fe:43:38:10:5a:63:55:34:65:83:d4:fd:77:a5:
aa:e0:55:f7:43:e0:8a:5c:03:3a:66:70:ba:56:43:81:13:d0:
1a:ef:d7:37:d5:0e:e0:9b:ff:e2:4c:45:68:c5:45:ce:a6:f0:
08:36:96:62:9f:a4:5a:24:63:da:4b:25:40:c0:92:b9:51:ae:
ea:e6:d2:26:95:af:ce:14:47:fd:15:0d:c9:b3:26:dd:9b:53:
26:65:08:d4:8f:18:ce:48:a3:d5:fc:26:61:10:97:ad:51:23:
b8:3c:95:2e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVy+nJhNjeok/tJz2X5nvgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjMwMTAyMTQ1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTM3N2U5NmNjZDIyNGQ4ZDVlZWNmMTAwNDJmN2U0MjU5NDVlMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1DeDVNBxIaDfdbiwBd3C41iwxOo
5JA6S88mFTNUsnZJok8bD9x9XUJ+5FBH2vv0RVJFBPznxAYZXPRLNbB/8E/SBhIS
Q6DhlRFV597/IIIvGcZhqVdT1/i14/1X3eUHVad8alfBnJ3KwIgumkERj/Zh7uFu
AfALGK1R4lljuMC9NPJTSlrjOzRNx1kLnL0HG/9elN6PBkIMnS7mEUyPTaEzszkv
OkKGqPtAzhNuxDuwP4oQVzYkxQOuvVzFaRPGOoytUXgKbmh/ATnpemeJa6T140Zo
/ozrpuT7sb9IN7a+sPaEvZalcvmKBsKw5MoGQnz49+LOFq3eo6Ww4+bwYwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFE43fpbM0iTY1e7PEAQvfkJZReNPMB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEvVGpkLWxzelNKTmpWN3M4UUJDOS1RbGxGNDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAC5SsED
BAK5SsADBAC529gDBAC529swDQYJKoZIhvcNAQELBQADggEBABQfhAyrqQqCt9A9
j/6eK1SJJrgHjsOv0ueJLGRSm15wHjvRV6roah9KoFg+X0EZENvsarZlY0k+U1W1
SDBaMKUJVLQCRH8rxYpt1H39bLEvC+n8Q8mBSl8rGe/JB6WS25J4vyQspedV34u/
bJUZr3fysNNQRoM2gKCi9VLw8f+KAbGkPZkKZ96O5nQh6OH/UWqwqS3+QzgQWmNV
NGWD1P13pargVfdD4IpcAzpmcLpWQ4ET0Brv1zfVDuCb/+JMRWjFRc6m8Ag2lmKf
pFokY9pLJUDAkrlRrurm0iaVr84UR/0VDcmzJt2bUyZlCNSPGM5Io9X8JmEQl61R
I7g8lS4=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:03 2025 by rpki-client