Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/knrHjQWFmnUm2c3cAFzlWjymgSQ.roa
File: knrHjQWFmnUm2c3cAFzlWjymgSQ.roa (raw, json)
Hash identifier: 46MynxaCTt6pP4JtEIF0XNi9fEga1WYPrqJ8uQe8FT8=
Subject key identifier: 92:7A:C7:8D:05:85:9A:75:26:D9:CD:DC:00:5C:E5:5A:3C:A6:81:24
Certificate issuer: /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial: 2FB174EC
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/knrHjQWFmnUm2c3cAFzlWjymgSQ.roa
Signing time: Sat 01 Jan 2022 10:04:45 +0000
ROA not before: Sat 01 Jan 2022 10:04:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 517
IP address blocks: 194.45.183.0/24 maxlen: 24
192.129.32.0/23 maxlen: 24
194.45.98.0/24 maxlen: 24
194.45.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 800158956 (0x2fb174ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Validity
Not Before: Jan 1 10:04:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=927ac78d05859a7526d9cddc005ce55a3ca68124
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:0f:59:cf:88:c5:b6:3f:60:c8:42:ec:1d:31:
6c:b5:35:af:d3:34:02:a3:2d:38:4c:08:ca:04:d5:
27:fa:4d:eb:76:d5:37:8e:6d:20:97:ec:d9:83:75:
75:f2:90:9e:88:4b:ab:2a:47:e3:89:df:f7:3f:a4:
cc:8a:7e:ed:91:0a:23:bd:68:04:06:d8:8b:8e:f6:
ab:eb:d5:10:51:21:12:48:bd:31:20:f2:10:88:fd:
25:38:92:41:89:fa:87:9f:19:76:6e:f1:20:3f:31:
73:23:3c:d6:e5:70:77:ed:23:e0:29:7d:45:89:11:
fb:81:d4:6e:8c:a3:d7:fd:8c:a4:b6:d7:7b:f2:cc:
4f:b6:8b:d4:31:95:47:fc:7c:af:0d:29:50:8a:98:
dd:c8:5a:22:42:ec:80:c9:30:f9:1e:e2:5f:2d:48:
61:bf:79:14:03:19:0e:45:cd:ea:c7:17:37:f5:32:
89:30:22:38:62:58:5b:7a:f2:25:2b:9d:47:2b:41:
ad:ac:d5:02:b3:98:14:fc:20:0f:13:63:82:6f:30:
5c:1d:46:e6:0a:a6:12:fe:df:9c:9b:f9:27:66:6c:
d2:b3:6c:32:2f:80:44:46:a1:8e:5e:0c:f8:54:41:
3e:7f:50:72:6d:1f:4f:e2:bf:7c:bf:b7:9f:54:63:
9d:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:7A:C7:8D:05:85:9A:75:26:D9:CD:DC:00:5C:E5:5A:3C:A6:81:24
X509v3 Authority Key Identifier:
keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/knrHjQWFmnUm2c3cAFzlWjymgSQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.129.32.0/23
194.45.98.0/23
194.45.183.0/24
Signature Algorithm: sha256WithRSAEncryption
04:a6:d0:98:4b:f5:7e:89:c1:05:b6:4b:91:a3:5d:88:d1:0e:
a5:03:a3:80:fa:e8:a0:c2:a9:d9:42:b9:14:fb:0d:1e:67:3e:
0d:45:2b:50:0b:19:0c:7f:e7:a8:bc:36:7e:e0:6c:c7:aa:4b:
57:5f:85:c7:96:df:65:a6:19:a0:e4:31:d2:35:6f:ea:78:45:
27:99:36:25:2b:d0:f6:cd:f7:b8:ac:c1:93:1c:9f:db:4b:38:
b5:24:24:18:21:fc:80:8f:e8:19:b3:e9:f0:4a:6d:b2:14:fe:
6f:6d:b6:e1:01:81:87:74:c1:95:40:2e:6e:23:9e:3a:8b:75:
6b:4b:eb:e3:1d:75:3a:db:6a:2c:e4:18:71:b8:70:36:e2:bd:
a5:25:55:a6:0d:c6:39:a3:a4:81:0b:bf:6e:3c:9d:16:8d:8a:
58:ee:74:23:52:d7:02:62:7f:99:64:c0:73:de:30:d8:6a:5f:
4c:8b:70:be:20:f8:69:3c:77:93:eb:e3:1b:a5:4c:48:34:e0:
ea:49:91:a3:41:ec:23:d0:5e:68:a3:b6:3a:b9:45:00:57:c9:
b4:8a:77:64:a8:fe:00:b9:75:ae:04:25:82:ab:ac:20:08:1e:
77:b1:35:04:83:b4:da:42:9d:0e:ed:bf:c1:9d:ae:e5:36:64:
18:aa:f9:72
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEL7F07DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Mzk4MDYwZjFiZjIyZjA5OTljYjA3MWIxYjQyNjk2ZGJjNDNlMTBjMB4XDTIyMDEw
MTEwMDQ0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTI3YWM3OGQwNTg1
OWE3NTI2ZDljZGRjMDA1Y2U1NWEzY2E2ODEyNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKEPWc+IxbY/YMhC7B0xbLU1r9M0AqMtOEwIygTVJ/pN63bV
N45tIJfs2YN1dfKQnohLqypH44nf9z+kzIp+7ZEKI71oBAbYi472q+vVEFEhEki9
MSDyEIj9JTiSQYn6h58Zdm7xID8xcyM81uVwd+0j4Cl9RYkR+4HUboyj1/2MpLbX
e/LMT7aL1DGVR/x8rw0pUIqY3chaIkLsgMkw+R7iXy1IYb95FAMZDkXN6scXN/Uy
iTAiOGJYW3ryJSudRytBrazVArOYFPwgDxNjgm8wXB1G5gqmEv7fnJv5J2Zs0rNs
Mi+AREahjl4M+FRBPn9Qcm0fT+K/fL+3n1RjnSUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSSeseNBYWadSbZzdwAXOVaPKaBJDAfBgNVHSMEGDAWgBTDmAYPG/IvCZnL
BxsbQmltvEPhDDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3c1Z0dEeHZ5THdtWnl3Y2JHMEpwYmJ4RDRRdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvM2JmYzMxLWRjMzItNDU0MS04NDYwLWM5MjdiOGMyYzdjNC8x
L2tuckhqUVdGbW5VbTJjM2NBRnpsV2p5bWdTUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
M2JmYzMxLWRjMzItNDU0MS04NDYwLWM5MjdiOGMyYzdjNC8xL3c1Z0dEeHZ5THdt
Wnl3Y2JHMEpwYmJ4RDRRdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAcCBIAMEAcItYgMEAMIttzANBgkq
hkiG9w0BAQsFAAOCAQEABKbQmEv1fonBBbZLkaNdiNEOpQOjgProoMKp2UK5FPsN
Hmc+DUUrUAsZDH/nqLw2fuBsx6pLV1+Fx5bfZaYZoOQx0jVv6nhFJ5k2JSvQ9s33
uKzBkxyf20s4tSQkGCH8gI/oGbPp8EptshT+b2224QGBh3TBlUAubiOeOot1a0vr
4x11OttqLOQYcbhwNuK9pSVVpg3GOaOkgQu/bjydFo2KWO50I1LXAmJ/mWTAc94w
2GpfTItwviD4aTx3k+vjG6VMSDTg6kmRo0HsI9BeaKO2OrlFAFfJtIp3ZKj+ALl1
rgQlgqusIAged7E1BIO02kKdDu2/wZ2u5TZkGKr5cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:02 2024 by rpki-client on console-fra.rpki-client.org