Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7iRV6OOahe8LUAqXposeCsTfvZg.roa
File: 7iRV6OOahe8LUAqXposeCsTfvZg.roa (raw, json)
Hash identifier: cnNb8dTARcB0xx5XWh95kWNyjVP9j+jDu6E8k6VcBqc=
Subject key identifier: EE:24:55:E8:E3:9A:85:EF:0B:50:0A:97:A6:8B:1E:0A:C4:DF:BD:98
Certificate issuer: /CN=ee83bc458a3696d652fbef863e5ee40f0096f197
Certificate serial: 0698CA07
Authority key identifier: EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7iRV6OOahe8LUAqXposeCsTfvZg.roa
Signing time: Sat 01 Jan 2022 07:02:14 +0000
ROA not before: Sat 01 Jan 2022 07:02:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 203536
IP address blocks: 185.63.8.0/22 maxlen: 22
46.167.8.0/21 maxlen: 21
188.116.42.0/23 maxlen: 23
2a03:920::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 110676487 (0x698ca07)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee83bc458a3696d652fbef863e5ee40f0096f197
Validity
Not Before: Jan 1 07:02:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ee2455e8e39a85ef0b500a97a68b1e0ac4dfbd98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:88:c2:e2:2e:5d:d5:d0:08:99:77:3d:b9:12:
3d:84:45:f9:af:2e:94:fa:86:6f:f2:8c:f9:88:27:
07:03:8e:0a:88:90:35:a9:da:41:75:a2:45:b1:8b:
0c:4d:c2:38:4c:a4:e8:c3:47:ac:44:02:ee:f9:59:
d0:91:b1:95:5e:35:5d:a6:d6:06:47:1b:ca:ca:5d:
a1:f3:9c:85:8f:f7:22:2f:3c:9d:63:b2:bd:c5:36:
18:ab:7c:fd:a0:e5:50:ca:49:9d:4a:ec:b4:2f:a3:
b9:9c:6d:18:24:52:3e:e1:e1:a5:71:8a:18:e0:33:
13:64:b2:9b:17:ff:8d:64:0a:0f:f0:4c:ef:84:d3:
38:5c:28:d8:7f:26:d3:45:e0:ab:16:74:b0:db:0e:
a6:30:40:07:1d:e1:bd:4a:cc:23:e5:1e:be:89:a0:
c5:34:2d:b1:21:ff:8b:4e:49:c5:1f:83:5f:02:86:
94:98:ba:c4:56:88:43:26:0d:ca:b1:ce:d7:de:00:
fe:a9:e5:dd:4c:29:2a:5f:49:9d:9f:9c:85:81:91:
69:16:81:bf:93:4e:b3:a2:b6:ec:12:f8:9f:89:ce:
8f:c5:cd:2b:22:46:bc:36:d5:bb:8c:2d:cf:d7:9e:
82:dd:93:f1:42:3a:10:80:4f:91:92:5c:53:63:1c:
9c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:24:55:E8:E3:9A:85:EF:0B:50:0A:97:A6:8B:1E:0A:C4:DF:BD:98
X509v3 Authority Key Identifier:
keyid:EE:83:BC:45:8A:36:96:D6:52:FB:EF:86:3E:5E:E4:0F:00:96:F1:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oO8RYo2ltZS---GPl7kDwCW8Zc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7iRV6OOahe8LUAqXposeCsTfvZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/274f5c-a7bc-464d-9666-7c281d07e155/1/7oO8RYo2ltZS---GPl7kDwCW8Zc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.167.8.0/21
185.63.8.0/22
188.116.42.0/23
IPv6:
2a03:920::/32
Signature Algorithm: sha256WithRSAEncryption
87:b1:fb:46:91:a6:8d:38:43:c5:ce:ef:68:8a:3a:a2:c2:58:
b5:76:ec:86:e6:15:b3:e3:01:30:9f:61:04:34:c9:13:e3:e3:
01:69:fe:5c:00:80:45:5d:83:71:8d:c8:78:55:18:19:78:96:
ef:aa:69:e6:d2:cd:06:c0:e6:dd:de:eb:53:43:fc:d2:6e:0d:
00:6f:3a:a5:b9:dd:d1:e5:90:c6:e0:7a:3d:88:6a:80:36:d5:
0a:27:f9:97:fa:89:98:30:4a:5c:3f:87:87:b4:ed:f7:da:8f:
93:4b:e3:aa:6a:e0:50:76:b8:88:d6:4a:23:2e:e9:5c:3d:06:
ff:61:5a:92:71:5a:27:fe:f9:b9:80:46:da:e6:58:15:c2:ba:
18:4c:d7:b5:06:7a:08:27:cc:da:51:d2:5f:94:fe:f7:cf:10:
8c:81:da:17:c7:d8:11:82:30:75:f8:a2:41:cd:ea:50:c8:44:
cd:7a:34:38:bf:bc:7a:4b:ce:e6:30:db:80:3b:8b:4c:1f:ee:
de:07:11:7d:72:29:e7:14:00:28:01:38:84:cd:b9:82:04:49:
04:5b:51:31:60:1e:86:45:36:02:20:1f:4d:96:1e:00:cd:aa:
83:f5:5b:7a:02:dd:75:aa:e2:58:20:7e:2c:4d:55:59:19:7e:
5a:3e:39:b1
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEBpjKBzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZTgzYmM0NThhMzY5NmQ2NTJmYmVmODYzZTVlZTQwZjAwOTZmMTk3MB4XDTIyMDEw
MTA3MDIxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWUyNDU1ZThlMzlh
ODVlZjBiNTAwYTk3YTY4YjFlMGFjNGRmYmQ5ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANGIwuIuXdXQCJl3PbkSPYRF+a8ulPqGb/KM+YgnBwOOCoiQ
NanaQXWiRbGLDE3COEyk6MNHrEQC7vlZ0JGxlV41XabWBkcbyspdofOchY/3Ii88
nWOyvcU2GKt8/aDlUMpJnUrstC+juZxtGCRSPuHhpXGKGOAzE2Symxf/jWQKD/BM
74TTOFwo2H8m00XgqxZ0sNsOpjBABx3hvUrMI+UevomgxTQtsSH/i05JxR+DXwKG
lJi6xFaIQyYNyrHO194A/qnl3UwpKl9JnZ+chYGRaRaBv5NOs6K27BL4n4nOj8XN
KyJGvDbVu4wtz9eegt2T8UI6EIBPkZJcU2McnBMCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBTuJFXo45qF7wtQCpemix4KxN+9mDAfBgNVHSMEGDAWgBTug7xFijaW1lL7
74Y+XuQPAJbxlzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdvTzhSWW8ybHRaUy0tLUdQbDdrRHdDVzhaYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvMjc0ZjVjLWE3YmMtNDY0ZC05NjY2LTdjMjgxZDA3ZTE1NS8x
LzdpUlY2T09haGU4TFVBcVhwb3NlQ3NUZnZaZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
Mjc0ZjVjLWE3YmMtNDY0ZC05NjY2LTdjMjgxZDA3ZTE1NS8xLzdvTzhSWW8ybHRa
Uy0tLUdQbDdrRHdDVzhaYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAy6nCAMEArk/CAMEAbx0KjANBAIA
AjAHAwUAKgMJIDANBgkqhkiG9w0BAQsFAAOCAQEAh7H7RpGmjThDxc7vaIo6osJY
tXbshuYVs+MBMJ9hBDTJE+PjAWn+XACARV2DcY3IeFUYGXiW76pp5tLNBsDm3d7r
U0P80m4NAG86pbnd0eWQxuB6PYhqgDbVCif5l/qJmDBKXD+Hh7Tt99qPk0vjqmrg
UHa4iNZKIy7pXD0G/2FaknFaJ/75uYBG2uZYFcK6GEzXtQZ6CCfM2lHSX5T+988Q
jIHaF8fYEYIwdfiiQc3qUMhEzXo0OL+8ekvO5jDbgDuLTB/u3gcRfXIp5xQAKAE4
hM25ggRJBFtRMWAehkU2AiAfTZYeAM2qg/VbegLddariWCB+LE1VWRl+Wj45sQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:17 2024 by rpki-client on console-ams.rpki-client.org