Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/sBr7tHMF-qdC-9XUOjVA-ke2mCo.roa
File: sBr7tHMF-qdC-9XUOjVA-ke2mCo.roa (raw, json)
Hash identifier: UYgZ9m1Gkn5z0Vw703noFKbsDXw55SR/QR0dJgeRKOM=
Subject key identifier: B0:1A:FB:B4:73:05:FA:A7:42:FB:D5:D4:3A:35:40:FA:47:B6:98:2A
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 018E645C7762E85848732CEE87A8D4F5B3D8
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/sBr7tHMF-qdC-9XUOjVA-ke2mCo.roa
Signing time: Fri 22 Mar 2024 04:12:45 +0000
ROA not before: Fri 22 Mar 2024 04:12:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
82.148.160.0/21 maxlen: 21
93.184.120.0/21 maxlen: 21
109.169.96.0/20 maxlen: 20
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:64:5c:77:62:e8:58:48:73:2c:ee:87:a8:d4:f5:b3:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Mar 22 04:12:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b01afbb47305faa742fbd5d43a3540fa47b6982a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ca:eb:de:1c:d9:fd:aa:93:74:e0:21:d4:19:
2c:a3:30:f8:de:11:71:cf:fc:0e:e6:45:d0:7e:d0:
06:66:ef:90:06:f7:92:4b:a2:2d:fb:5a:2b:70:9b:
02:d8:81:4d:7d:0b:d2:8a:98:e5:48:b0:cf:b3:ad:
21:cd:97:3a:dc:91:5c:15:dd:4a:16:47:38:ac:0d:
81:c5:e1:24:07:c4:0d:9b:92:04:cc:08:63:70:19:
72:16:93:08:e3:34:b3:2b:c0:76:f1:22:8d:60:04:
11:5b:c3:b7:5e:1f:c7:f1:ae:4a:cf:c1:2e:5b:28:
c9:8f:8f:6f:77:12:08:51:60:d2:d3:cf:23:44:c6:
c5:b6:4c:0d:a7:be:e8:df:81:15:37:b9:bd:4e:89:
89:23:81:6b:f1:d3:3f:b8:e6:8f:7e:82:a2:4a:21:
58:f9:15:c8:a2:f4:73:46:95:46:d3:50:6f:90:3a:
dc:79:c3:fc:f0:84:d6:4b:2e:a9:b8:ee:11:ce:da:
63:c8:1c:c0:f6:55:a3:b8:1f:52:5d:5f:82:25:30:
38:f8:4a:f3:47:94:c3:2e:ef:73:66:e2:70:db:dc:
2a:3d:d1:2f:8d:99:9f:a7:25:2d:bf:0a:45:a9:75:
63:24:0a:e4:73:7c:97:ec:28:b5:cc:c4:9e:3e:3f:
4e:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:1A:FB:B4:73:05:FA:A7:42:FB:D5:D4:3A:35:40:FA:47:B6:98:2A
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/sBr7tHMF-qdC-9XUOjVA-ke2mCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.64.0/20
82.148.160.0/21
93.184.120.0/21
109.169.96.0/20
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
53:f9:9d:b1:de:56:42:0d:ed:00:d4:c4:4f:c3:18:86:4b:86:
36:12:1b:e8:d8:ec:46:77:d1:9a:4b:3a:19:57:ec:af:88:33:
4f:57:31:1a:a4:8d:2d:48:7d:bf:76:8a:97:01:57:e2:d4:d6:
cd:31:52:d3:ee:50:72:8d:d0:98:69:0e:44:cf:f0:53:ea:cd:
70:4d:30:db:c3:a4:52:72:13:e1:46:9c:4f:e7:f8:6f:4d:61:
10:02:38:fa:bb:c7:0a:f3:71:de:d4:68:24:a3:b8:98:60:b1:
ea:a6:4b:da:a3:e5:87:e3:ec:59:10:d0:ee:95:b0:73:73:4d:
f2:c6:84:9a:cd:6e:21:8a:3c:14:bc:48:34:9f:b3:39:cf:7e:
fd:78:76:d7:1d:84:ed:d7:ac:70:e4:4d:02:6b:ba:38:76:df:
fd:c0:47:2e:c3:01:47:5b:b1:05:98:42:80:2b:15:dd:6d:fa:
38:51:7c:a9:61:c2:72:f4:90:ed:5d:47:d8:3c:c1:3d:72:bd:
0b:b9:51:b9:ed:00:74:35:96:75:e2:7a:2e:da:88:8e:3d:96:
8f:4c:8d:0b:32:3c:1d:52:aa:77:ee:82:06:5c:81:4c:c5:95:
3d:9e:96:94:e9:eb:3c:57:80:04:49:d8:47:2a:44:61:5e:01:
a9:f3:f1:2a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY5kXHdi6FhIcyzuh6jU9bPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjQwMzIyMDQxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDFhZmJiNDczMDVmYWE3NDJmYmQ1ZDQzYTM1NDBmYTQ3YjY5ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMrr3hzZ/aqTdOAh1BksozD43hFx
z/wO5kXQftAGZu+QBveSS6It+1orcJsC2IFNfQvSipjlSLDPs60hzZc63JFcFd1K
Fkc4rA2BxeEkB8QNm5IEzAhjcBlyFpMI4zSzK8B28SKNYAQRW8O3Xh/H8a5Kz8Eu
WyjJj49vdxIIUWDS088jRMbFtkwNp77o34EVN7m9TomJI4Fr8dM/uOaPfoKiSiFY
+RXIovRzRpVG01BvkDrcecP88ITWSy6puO4RztpjyBzA9lWjuB9SXV+CJTA4+Erz
R5TDLu9zZuJw29wqPdEvjZmfpyUtvwpFqXVjJArkc3yX7Ci1zMSePj9O7QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLAa+7RzBfqnQvvV1Do1QPpHtpgqMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvc0JyN3RITUYtcWRDLTlYVU9qVkEta2UybUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEUVhAAwQD
UpSgAwQDXbh4AwQEbalgMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEBCwUAA4IB
AQBT+Z2x3lZCDe0A1MRPwxiGS4Y2Ehvo2OxGd9GaSzoZV+yviDNPVzEapI0tSH2/
doqXAVfi1NbNMVLT7lByjdCYaQ5Ez/BT6s1wTTDbw6RSchPhRpxP5/hvTWEQAjj6
u8cK83He1Ggko7iYYLHqpkvao+WH4+xZENDulbBzc03yxoSazW4hijwUvEg0n7M5
z379eHbXHYTt16xw5E0Ca7o4dt/9wEcuwwFHW7EFmEKAKxXdbfo4UXypYcJy9JDt
XUfYPME9cr0LuVG57QB0NZZ14nou2oiOPZaPTI0LMjwdUqp37oIGXIFMxZU9npaU
6es8V4AESdhHKkRhXgGp8/Eq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org