Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/L-wMtgTuycmY23vXPLhvfuWvYvE.roa
File: L-wMtgTuycmY23vXPLhvfuWvYvE.roa (raw, json)
Hash identifier: MF+AVk755GJc8jkRD5+XUtYwISVkQIcYb8nec3mpRR0=
Subject key identifier: 2F:EC:0C:B6:04:EE:C9:C9:98:DB:7B:D7:3C:B8:6F:7E:E5:AF:62:F1
Certificate issuer: /CN=1fe8ee87853406cd8d04ba8e39bf7a51ffb8a3bc
Certificate serial: 0AB88CB8
Authority key identifier: 1F:E8:EE:87:85:34:06:CD:8D:04:BA:8E:39:BF:7A:51:FF:B8:A3:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H-juh4U0Bs2NBLqOOb96Uf-4o7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/L-wMtgTuycmY23vXPLhvfuWvYvE.roa
Signing time: Sat 01 Jan 2022 13:03:10 +0000
ROA not before: Sat 01 Jan 2022 13:03:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50033
IP address blocks: 185.161.124.0/22 maxlen: 22
185.211.52.0/22 maxlen: 22
185.213.248.0/22 maxlen: 22
2a07:c3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 179866808 (0xab88cb8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1fe8ee87853406cd8d04ba8e39bf7a51ffb8a3bc
Validity
Not Before: Jan 1 13:03:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2fec0cb604eec9c998db7bd73cb86f7ee5af62f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:55:f2:2f:13:b8:67:14:80:3a:b7:41:46:16:
7f:53:42:6d:0f:55:92:85:7c:3a:65:12:35:db:56:
40:1a:0b:e6:03:7a:a2:e1:67:88:2a:ec:f9:a4:ad:
e4:ea:ad:4e:1d:17:9a:dd:8d:87:32:c0:35:37:b9:
3f:f4:75:36:00:84:f3:c2:05:26:ce:3a:64:ec:0a:
bb:42:8c:01:ab:4f:41:2a:4c:08:5a:5b:06:a9:31:
51:7e:89:e0:90:6e:75:6b:7e:cc:ef:e5:62:b3:e1:
dc:ec:98:e8:63:7b:c0:dd:e6:7a:d4:91:6b:0a:33:
f2:38:0d:c0:83:cb:4f:e7:24:49:3d:a7:d4:10:5b:
a7:bc:54:17:e1:06:2e:ae:2b:ca:cc:5a:4f:e1:f7:
68:62:45:07:78:be:4d:3b:85:42:c6:23:36:a9:3f:
47:86:57:49:1e:d7:e0:4d:fe:69:53:45:4f:f6:78:
27:4f:b3:f4:e1:52:89:14:09:58:71:8d:3f:94:46:
d8:2b:e9:73:7b:09:ec:83:08:b8:15:1b:22:86:11:
b9:ae:bd:a2:4a:70:93:18:c4:79:43:29:9d:4b:73:
1b:b5:a5:7d:31:2d:67:ef:8d:8b:c5:ab:36:06:b6:
65:1e:1b:dc:7d:20:18:72:e9:fb:fd:c5:3a:68:d0:
34:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:EC:0C:B6:04:EE:C9:C9:98:DB:7B:D7:3C:B8:6F:7E:E5:AF:62:F1
X509v3 Authority Key Identifier:
keyid:1F:E8:EE:87:85:34:06:CD:8D:04:BA:8E:39:BF:7A:51:FF:B8:A3:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-juh4U0Bs2NBLqOOb96Uf-4o7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/L-wMtgTuycmY23vXPLhvfuWvYvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/H-juh4U0Bs2NBLqOOb96Uf-4o7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.124.0/22
185.211.52.0/22
185.213.248.0/22
IPv6:
2a07:c3c0::/29
Signature Algorithm: sha256WithRSAEncryption
34:25:bb:34:f5:06:c4:ca:f5:9d:22:ef:b3:8c:fe:8a:bf:69:
ae:a0:d0:d8:3a:38:eb:39:60:15:9d:a2:ac:2f:01:ee:38:85:
3a:74:6d:d3:81:e2:c0:cb:2f:2c:19:53:2c:8e:35:57:ca:33:
bd:92:ec:f3:8c:50:55:f2:87:95:b5:86:91:5a:95:87:ad:5f:
bb:f5:3d:8e:9d:2d:ad:b2:d5:80:09:22:6f:70:a9:2e:de:c1:
9c:05:33:e2:da:08:2c:01:84:dc:1e:0a:8b:af:85:7f:62:e3:
92:36:e9:4a:a8:43:0f:ed:47:e9:9a:1d:56:77:53:7f:63:81:
07:64:e8:d6:7c:8a:3b:5c:da:40:b9:0e:84:0e:35:b7:37:8e:
01:de:95:53:6b:3a:55:39:3d:d6:7c:89:1d:08:ea:73:dd:3d:
e5:e4:ce:5d:c7:0c:ab:f2:b0:7d:07:ed:64:6f:9b:55:07:a7:
38:b8:a7:eb:5b:83:89:69:5a:91:af:61:1c:16:9c:61:21:a0:
cb:99:2b:d4:e3:3e:10:77:53:62:cd:35:9e:02:50:75:73:cf:
85:cd:e6:4f:4e:84:79:7b:21:1d:cc:7a:98:fc:75:b2:d5:fe:
6e:37:d7:59:5c:58:8e:72:da:59:02:b1:c5:a1:eb:30:d7:dd:
89:c8:a9:17
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIECriMuDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZmU4ZWU4Nzg1MzQwNmNkOGQwNGJhOGUzOWJmN2E1MWZmYjhhM2JjMB4XDTIyMDEw
MTEzMDMxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmZlYzBjYjYwNGVl
YzljOTk4ZGI3YmQ3M2NiODZmN2VlNWFmNjJmMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNV8i8TuGcUgDq3QUYWf1NCbQ9VkoV8OmUSNdtWQBoL5gN6
ouFniCrs+aSt5OqtTh0Xmt2NhzLANTe5P/R1NgCE88IFJs46ZOwKu0KMAatPQSpM
CFpbBqkxUX6J4JBudWt+zO/lYrPh3OyY6GN7wN3metSRawoz8jgNwIPLT+ckST2n
1BBbp7xUF+EGLq4rysxaT+H3aGJFB3i+TTuFQsYjNqk/R4ZXSR7X4E3+aVNFT/Z4
J0+z9OFSiRQJWHGNP5RG2Cvpc3sJ7IMIuBUbIoYRua69okpwkxjEeUMpnUtzG7Wl
fTEtZ++Ni8WrNga2ZR4b3H0gGHLp+/3FOmjQNEMCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBQv7Ay2BO7JyZjbe9c8uG9+5a9i8TAfBgNVHSMEGDAWgBQf6O6HhTQGzY0E
uo45v3pR/7ijvDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gtanVoNFUwQnMyTkJMcU9PYjk2VWYtNG83dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvMDA0NDFkLTgwZTQtNGQxOC05NTgxLTVjNWVhYjhhOWUzYy8x
L0wtd010Z1R1eWNtWTIzdlhQTGh2ZnVXdll2RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
MDA0NDFkLTgwZTQtNGQxOC05NTgxLTVjNWVhYjhhOWUzYy8xL0gtanVoNFUwQnMy
TkJMcU9PYjk2VWYtNG83dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEArmhfAMEArnTNAMEArnV+DANBAIA
AjAHAwUDKgfDwDANBgkqhkiG9w0BAQsFAAOCAQEANCW7NPUGxMr1nSLvs4z+ir9p
rqDQ2Do46zlgFZ2irC8B7jiFOnRt04HiwMsvLBlTLI41V8ozvZLs84xQVfKHlbWG
kVqVh61fu/U9jp0trbLVgAkib3CpLt7BnAUz4toILAGE3B4Ki6+Ff2LjkjbpSqhD
D+1H6ZodVndTf2OBB2To1nyKO1zaQLkOhA41tzeOAd6VU2s6VTk91nyJHQjqc909
5eTOXccMq/KwfQftZG+bVQenOLin61uDiWlaka9hHBacYSGgy5kr1OM+EHdTYs01
ngJQdXPPhc3mT06EeXshHcx6mPx1stX+bjfXWVxYjnLaWQKxxaHrMNfdicipFw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:16 2023 by rpki-client on console-ams.rpki-client.org