Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/t4skPqBvvOCok4VFnKhLBdaHAJM.roa
File: t4skPqBvvOCok4VFnKhLBdaHAJM.roa (raw, json)
Hash identifier: GUmbdCQKCWE+JKUt7KLtQTOIYkEIXA14L2gn28W3gG4=
Subject key identifier: B7:8B:24:3E:A0:6F:BC:E0:A8:93:85:45:9C:A8:4B:05:D6:87:00:93
Certificate issuer: /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial: 3356DD06
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/t4skPqBvvOCok4VFnKhLBdaHAJM.roa
Signing time: Sat 01 Jan 2022 06:03:05 +0000
ROA not before: Sat 01 Jan 2022 06:03:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 206495
IP address blocks: 185.188.112.0/24 maxlen: 24
185.188.113.0/24 maxlen: 24
185.188.115.0/24 maxlen: 24
185.188.114.0/24 maxlen: 24
178.157.0.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 861330694 (0x3356dd06)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
Validity
Not Before: Jan 1 06:03:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b78b243ea06fbce0a89385459ca84b05d6870093
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:f4:33:13:6c:32:25:31:f6:b7:18:32:43:4f:
4c:bf:51:db:d0:15:68:eb:1e:47:17:5a:37:4e:de:
2a:38:2a:84:0a:ad:9d:89:2e:9c:22:e0:69:82:7b:
b2:74:1e:43:0f:ba:ef:ea:3a:a0:80:5f:ad:a7:2a:
06:20:e0:99:a3:e5:9c:04:c4:b4:4f:43:71:da:84:
6d:ae:45:ea:31:61:17:8b:69:4a:80:ea:91:21:7e:
e9:20:50:5e:e2:26:6f:9c:ed:e0:2c:8d:89:f7:b5:
02:58:0f:88:c4:b3:e1:27:1e:bb:17:73:a6:43:5e:
cd:b9:4d:e4:a0:19:e4:ac:73:63:12:1c:df:dd:57:
56:04:71:10:0f:ce:19:6f:b9:6c:7b:38:81:51:bd:
02:87:67:0c:de:e7:40:16:95:fb:c6:f1:57:68:92:
d6:c1:11:ba:2f:56:8a:00:85:06:5a:c2:7e:ac:ea:
54:f6:07:a6:53:cb:66:73:01:ef:e4:26:b8:d3:a5:
10:e7:90:ab:9e:91:44:f6:d2:ae:ea:b1:f2:77:fa:
56:1a:16:ea:fe:be:50:36:aa:a0:af:27:e8:ee:04:
78:9d:2d:8b:6f:93:82:8b:6d:9c:30:93:6f:61:3f:
40:27:08:fb:8d:29:74:76:b8:84:dc:01:4f:7a:8b:
57:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:8B:24:3E:A0:6F:BC:E0:A8:93:85:45:9C:A8:4B:05:D6:87:00:93
X509v3 Authority Key Identifier:
keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/t4skPqBvvOCok4VFnKhLBdaHAJM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.157.0.0/23
185.188.112.0/22
Signature Algorithm: sha256WithRSAEncryption
17:0d:c3:be:6a:25:7b:2a:b4:27:b2:49:9f:58:17:cc:63:82:
f9:b3:5b:ba:cb:50:c9:a6:8b:ad:77:74:db:27:e6:28:83:69:
c6:f5:a8:09:d3:44:f2:f6:b8:a3:e8:81:1d:c1:93:22:a7:e6:
90:55:9f:f6:eb:82:ce:c5:f2:43:60:5f:ed:cc:67:81:22:06:
f3:78:7f:ea:ff:6f:68:ba:cb:a7:a9:fc:f0:ad:f5:83:ed:8c:
87:97:f9:a1:a4:29:52:60:67:d3:85:54:13:9a:60:ed:af:36:
e6:b7:de:74:86:9b:95:fb:ac:67:aa:c7:f8:dc:4a:6c:86:db:
c7:9c:d5:d7:89:7f:90:19:cc:45:60:1f:84:22:e3:3a:03:21:
3e:70:e7:bf:fa:ee:a4:4a:dc:63:7b:aa:e8:19:57:dc:42:93:
e8:25:42:c1:89:b1:0f:d0:61:0c:8f:9c:28:95:fc:a9:2b:62:
59:3b:aa:ae:4b:7e:1e:81:fd:9e:40:6b:81:0a:bb:45:07:ef:
f2:35:86:6a:e4:6b:98:f5:69:6b:a3:89:49:62:90:81:b6:c0:
69:8b:30:4d:5f:23:7c:d2:44:fb:1f:c9:ac:df:fb:41:4e:16:
70:7b:8a:d2:43:2c:8f:82:fc:e8:f7:fc:35:92:74:62:00:ad:
f1:e0:ee:92
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEM1bdBjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MjNkOTMwNTRmMDYzY2Y4YTI5MTg2MTczNWY5MDA1OWFiOWVjMTY5MB4XDTIyMDEw
MTA2MDMwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjc4YjI0M2VhMDZm
YmNlMGE4OTM4NTQ1OWNhODRiMDVkNjg3MDA5MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPf0MxNsMiUx9rcYMkNPTL9R29AVaOseRxdaN07eKjgqhAqt
nYkunCLgaYJ7snQeQw+67+o6oIBfracqBiDgmaPlnATEtE9DcdqEba5F6jFhF4tp
SoDqkSF+6SBQXuImb5zt4CyNife1AlgPiMSz4SceuxdzpkNezblN5KAZ5KxzYxIc
391XVgRxEA/OGW+5bHs4gVG9AodnDN7nQBaV+8bxV2iS1sERui9WigCFBlrCfqzq
VPYHplPLZnMB7+QmuNOlEOeQq56RRPbSruqx8nf6VhoW6v6+UDaqoK8n6O4EeJ0t
i2+TgottnDCTb2E/QCcI+40pdHa4hNwBT3qLV3sCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBS3iyQ+oG+84KiThUWcqEsF1ocAkzAfBgNVHSMEGDAWgBRCPZMFTwY8+KKR
hhc1+QBZq57BaTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FqMlRCVThHUFBpaWtZWVhOZmtBV2F1ZXdXay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvMGMyZWMzLTM4NDQtNGI1Zi05ZjU4LTVmMWI2OTA0OGZlMi8x
L3Q0c2tQcUJ2dk9Db2s0VkZuS2hMQmRhSEFKTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
MGMyZWMzLTM4NDQtNGI1Zi05ZjU4LTVmMWI2OTA0OGZlMi8xL1FqMlRCVThHUFBp
aWtZWVhOZmtBV2F1ZXdXay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAbKdAAMEArm8cDANBgkqhkiG9w0B
AQsFAAOCAQEAFw3Dvmoleyq0J7JJn1gXzGOC+bNbustQyaaLrXd02yfmKINpxvWo
CdNE8va4o+iBHcGTIqfmkFWf9uuCzsXyQ2Bf7cxngSIG83h/6v9vaLrLp6n88K31
g+2Mh5f5oaQpUmBn04VUE5pg7a825rfedIablfusZ6rH+NxKbIbbx5zV14l/kBnM
RWAfhCLjOgMhPnDnv/rupErcY3uq6BlX3EKT6CVCwYmxD9BhDI+cKJX8qStiWTuq
rkt+HoH9nkBrgQq7RQfv8jWGauRrmPVpa6OJSWKQgbbAaYswTV8jfNJE+x/JrN/7
QU4WcHuK0kMsj4L86Pf8NZJ0YgCt8eDukg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:45 2024 by rpki-client on console-ams.rpki-client.org