Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/9383b5-7083-4cc3-9e69-97f6f2a39626/1/URelHKI3ZhDhgzVyswZJCeaHcEA.roa
File: URelHKI3ZhDhgzVyswZJCeaHcEA.roa (raw, json)
Hash identifier: 3s7lOq3x2kCb9tH0jC0t3KDaYxR14xAKHlYdJwDoSZI=
Subject key identifier: 51:17:A5:1C:A2:37:66:10:E1:83:35:72:B3:06:49:09:E6:87:70:40
Certificate issuer: /CN=16f02e70a6553ff0c665139ee55671c860658081
Certificate serial: 018CC7936B2429405421BE9391F9249E9D64
Authority key identifier: 16:F0:2E:70:A6:55:3F:F0:C6:65:13:9E:E5:56:71:C8:60:65:80:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FvAucKZVP_DGZROe5VZxyGBlgIE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/9383b5-7083-4cc3-9e69-97f6f2a39626/1/URelHKI3ZhDhgzVyswZJCeaHcEA.roa
Signing time: Tue 02 Jan 2024 00:29:36 +0000
ROA not before: Tue 02 Jan 2024 00:29:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203895
IP address blocks: 185.120.138.0/24 maxlen: 24
185.120.137.0/24 maxlen: 24
185.120.136.0/24 maxlen: 24
185.120.139.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:93:6b:24:29:40:54:21:be:93:91:f9:24:9e:9d:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16f02e70a6553ff0c665139ee55671c860658081
Validity
Not Before: Jan 2 00:29:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5117a51ca2376610e1833572b3064909e6877040
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:f0:2b:97:8c:99:1a:e4:5c:db:d7:2f:81:ed:
03:f5:98:a4:ea:2d:54:1f:ed:97:d5:59:90:81:d4:
05:18:52:1e:f5:d9:01:5c:4e:f9:84:07:dd:70:d9:
39:fa:32:c9:da:c4:ff:c6:12:3d:40:56:8d:e4:16:
a5:cb:73:0b:42:e5:ca:7d:ee:3e:64:cc:98:a9:24:
1b:d1:4d:cd:44:b3:73:c4:09:a2:67:23:0b:0a:60:
81:ab:b5:ce:de:92:2e:b9:81:c8:97:db:00:34:e2:
58:2d:ec:bf:83:77:c3:e8:ff:5c:29:3b:42:2b:c9:
28:c3:85:e9:51:c2:82:c0:5c:1c:12:9c:6e:d0:4f:
22:5b:5b:f5:e1:43:f7:a5:6f:f4:7e:bb:39:eb:e9:
c3:33:0a:1c:4e:03:a3:92:72:57:b8:f7:84:18:7c:
b5:c2:ee:43:83:f3:7e:ce:4c:c7:a5:2b:a4:b4:ee:
86:10:41:95:5d:45:3b:4e:1d:0b:0b:65:af:22:24:
c9:d8:f8:37:ef:f3:d5:5a:0e:df:e0:a7:2d:7d:2e:
18:4a:0b:32:88:c7:0c:43:35:36:4d:00:27:1c:9a:
ad:70:3b:a3:32:2b:e7:d1:9b:8d:18:0b:c8:f2:22:
39:93:b8:ea:f1:66:ce:fd:dc:ae:b8:76:eb:d4:96:
16:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:17:A5:1C:A2:37:66:10:E1:83:35:72:B3:06:49:09:E6:87:70:40
X509v3 Authority Key Identifier:
keyid:16:F0:2E:70:A6:55:3F:F0:C6:65:13:9E:E5:56:71:C8:60:65:80:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FvAucKZVP_DGZROe5VZxyGBlgIE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/9383b5-7083-4cc3-9e69-97f6f2a39626/1/URelHKI3ZhDhgzVyswZJCeaHcEA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/9383b5-7083-4cc3-9e69-97f6f2a39626/1/FvAucKZVP_DGZROe5VZxyGBlgIE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.120.136.0/22
Signature Algorithm: sha256WithRSAEncryption
14:18:fb:90:96:32:59:61:8c:d6:5b:11:1a:b5:2c:91:b6:90:
5b:dd:01:62:76:e3:f4:1e:72:71:90:95:91:2b:08:b0:15:b6:
5d:63:33:4d:8c:6a:e4:e2:a3:c0:85:74:25:32:79:77:10:b5:
7f:c2:2f:d2:2d:a0:a8:78:f4:29:8a:67:6c:a9:fa:7e:85:1e:
04:30:85:72:86:2f:b4:dd:7c:2e:c9:75:84:46:16:75:81:2a:
77:47:64:a4:ad:49:b5:49:b1:2a:bb:cd:b7:ef:72:d8:c9:28:
a0:d3:fe:5b:7c:68:fb:72:1f:d7:29:92:6b:91:28:1d:00:ad:
f3:ca:fc:25:a1:4b:62:06:8f:3a:eb:a7:e5:5d:7e:84:e3:e5:
9b:2a:9d:cc:ee:6e:37:39:cc:3a:1b:0f:2c:e7:cf:8f:f6:69:
d5:4b:1a:db:4e:4a:ac:19:22:39:c0:b5:c3:dd:24:0a:cf:58:
7f:fd:57:4a:28:6e:58:2d:20:f8:ff:33:f4:ed:be:9e:7f:c8:
29:2e:e3:39:e2:5d:e1:16:6f:cc:7e:bd:35:39:3f:fe:3c:ce:
f8:e6:72:11:f0:f8:7d:0c:13:a1:4c:d3:48:f3:91:25:2f:47:
78:5f:49:24:79:28:cc:27:64:42:74:1f:11:be:f5:77:d3:ce:
68:c2:93:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2skKUBUIb6Tkfkknp1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZjAyZTcwYTY1NTNmZjBjNjY1MTM5ZWU1NTY3MWM4NjA2
NTgwODEwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE3YTUxY2EyMzc2NjEwZTE4MzM1NzJiMzA2NDkwOWU2ODc3MDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvArl4yZGuRc29cvge0D9Zik6i1U
H+2X1VmQgdQFGFIe9dkBXE75hAfdcNk5+jLJ2sT/xhI9QFaN5Baly3MLQuXKfe4+
ZMyYqSQb0U3NRLNzxAmiZyMLCmCBq7XO3pIuuYHIl9sANOJYLey/g3fD6P9cKTtC
K8kow4XpUcKCwFwcEpxu0E8iW1v14UP3pW/0frs56+nDMwocTgOjknJXuPeEGHy1
wu5Dg/N+zkzHpSuktO6GEEGVXUU7Th0LC2WvIiTJ2Pg37/PVWg7f4KctfS4YSgsy
iMcMQzU2TQAnHJqtcDujMivn0ZuNGAvI8iI5k7jq8WbO/dyuuHbr1JYWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEXpRyiN2YQ4YM1crMGSQnmh3BAMB8GA1UdIwQY
MBaAFBbwLnCmVT/wxmUTnuVWcchgZYCBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZBdWNLWlZQX0RHWlJPZTVWWnh5R0JsZ0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MzgzYjUtNzA4My00Y2MzLTllNjkt
OTdmNmYyYTM5NjI2LzEvVVJlbEhLSTNaaERoZ3pWeXN3WkpDZWFIY0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MzgzYjUtNzA4My00Y2MzLTllNjktOTdmNmYyYTM5NjI2
LzEvRnZBdWNLWlZQX0RHWlJPZTVWWnh5R0JsZ0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXiIMA0G
CSqGSIb3DQEBCwUAA4IBAQAUGPuQljJZYYzWWxEatSyRtpBb3QFiduP0HnJxkJWR
KwiwFbZdYzNNjGrk4qPAhXQlMnl3ELV/wi/SLaCoePQpimdsqfp+hR4EMIVyhi+0
3XwuyXWERhZ1gSp3R2SkrUm1SbEqu82373LYySig0/5bfGj7ch/XKZJrkSgdAK3z
yvwloUtiBo8666flXX6E4+WbKp3M7m43Ocw6Gw8s58+P9mnVSxrbTkqsGSI5wLXD
3SQKz1h//VdKKG5YLSD4/zP07b6ef8gpLuM54l3hFm/Mfr01OT/+PM745nIR8Ph9
DBOhTNNI85ElL0d4X0kkeSjMJ2RCdB8RvvV3085owpO7
-----END CERTIFICATE-----
Generated at Fri Aug 30 13:52:14 2024 by rpki-client on console-fra.rpki-client.org