Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/de2896-ef1b-4a3c-82c4-889ab1a0a47f/1/BOr67G1oAW0dbLN3pKmO1wxDFtk.roa
File: BOr67G1oAW0dbLN3pKmO1wxDFtk.roa (raw, json)
Hash identifier: agtKAsmKjK+ZEusbMOIM0thxIo3b3z3Pw3u5Y7zo1dg=
Subject key identifier: 04:EA:FA:EC:6D:68:01:6D:1D:6C:B3:77:A4:A9:8E:D7:0C:43:16:D9
Certificate issuer: /CN=17511fe8f054c639663529938aebeda4d3ef8068
Certificate serial: 018CC56EBFAA1ACA208D3EF31AF5B0217C5E
Authority key identifier: 17:51:1F:E8:F0:54:C6:39:66:35:29:93:8A:EB:ED:A4:D3:EF:80:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F1Ef6PBUxjlmNSmTiuvtpNPvgGg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/de2896-ef1b-4a3c-82c4-889ab1a0a47f/1/BOr67G1oAW0dbLN3pKmO1wxDFtk.roa
Signing time: Mon 01 Jan 2024 14:30:18 +0000
ROA not before: Mon 01 Jan 2024 14:30:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210984
IP address blocks: 185.159.110.0/24 maxlen: 24
2a0d:b700::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:bf:aa:1a:ca:20:8d:3e:f3:1a:f5:b0:21:7c:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17511fe8f054c639663529938aebeda4d3ef8068
Validity
Not Before: Jan 1 14:30:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=04eafaec6d68016d1d6cb377a4a98ed70c4316d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:25:bf:ea:52:0c:83:69:93:5c:f5:86:a0:f2:
1c:ec:61:68:d3:8d:9e:89:95:1c:df:7f:9b:50:82:
c2:c3:59:87:c4:e1:ae:c9:c8:ad:37:6e:b1:bc:f6:
ac:0d:e0:aa:9c:f9:4e:73:7b:e4:d4:31:7b:17:77:
34:e5:1a:17:d3:e1:9f:97:a2:b4:23:d4:d9:a0:37:
2f:26:b3:5c:e5:1e:23:67:34:8a:59:63:c4:92:dc:
2b:49:42:e9:d8:f1:94:a7:63:df:8e:f1:21:27:4d:
05:fc:2f:b3:20:dd:e5:41:23:c1:c4:8f:bd:1e:24:
9f:26:55:61:96:dd:6f:19:ab:c1:50:dd:65:f9:6d:
52:ab:b7:b3:13:eb:cb:57:aa:33:28:e5:f0:60:05:
a9:b2:84:b3:3d:bb:1b:0e:32:03:b4:dd:42:c5:2b:
52:92:5c:25:be:b1:83:24:57:f4:01:63:cb:25:c8:
0e:41:28:12:57:49:32:55:ed:6f:aa:90:8f:57:bc:
43:94:61:04:24:98:50:1a:24:9a:43:2c:b5:ab:8f:
ec:30:0d:fb:0b:98:91:10:bc:13:a7:82:4f:89:1a:
25:d2:2d:8b:81:61:44:ce:5a:75:2e:ed:d4:0e:51:
de:57:d2:e3:76:0b:98:2f:6f:37:1f:b6:e6:cc:f6:
cd:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:EA:FA:EC:6D:68:01:6D:1D:6C:B3:77:A4:A9:8E:D7:0C:43:16:D9
X509v3 Authority Key Identifier:
keyid:17:51:1F:E8:F0:54:C6:39:66:35:29:93:8A:EB:ED:A4:D3:EF:80:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1Ef6PBUxjlmNSmTiuvtpNPvgGg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/de2896-ef1b-4a3c-82c4-889ab1a0a47f/1/BOr67G1oAW0dbLN3pKmO1wxDFtk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/de2896-ef1b-4a3c-82c4-889ab1a0a47f/1/F1Ef6PBUxjlmNSmTiuvtpNPvgGg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.159.110.0/24
IPv6:
2a0d:b700::/48
Signature Algorithm: sha256WithRSAEncryption
0a:a2:a1:4c:70:a1:3e:c7:45:d9:7c:93:06:44:5d:45:5f:86:
d5:5e:e9:3b:43:10:da:ac:1e:51:e5:35:a3:60:c4:04:03:f0:
e9:6a:1f:3a:19:0b:26:b8:d3:af:33:4f:d5:c4:50:d6:d9:ad:
ba:e3:86:b1:55:1f:ad:c5:fd:f5:3c:3e:8f:5a:2e:d5:2d:a3:
2a:6a:17:be:36:55:eb:38:8e:76:ff:ec:0a:95:0e:7d:f6:16:
c6:d4:aa:f9:23:15:b7:53:45:88:c1:af:99:0d:93:56:5c:2a:
64:fb:ca:f9:a6:1b:de:fd:48:8c:23:b7:f8:8a:4b:41:86:71:
f7:71:7e:17:44:f2:ff:bd:5d:e0:c8:91:ea:1c:b5:81:4b:9a:
5c:95:2b:ca:49:27:f0:07:10:f5:ac:90:d3:22:b8:8e:50:3a:
0a:a3:51:74:47:af:27:c4:31:e6:1d:79:da:ee:d2:ce:18:9f:
45:e9:a2:61:68:c0:24:c6:be:eb:ca:88:e6:a5:58:43:b0:6a:
58:f4:b7:0e:42:94:6e:da:c1:9e:c9:6f:1f:e3:5c:ad:00:b5:
6b:6e:77:ee:6d:d9:eb:73:60:e5:94:4a:5e:6d:64:f5:c0:91:
bd:39:3f:0a:22:5d:94:d0:a4:20:34:a6:3d:53:38:3a:73:67:
08:b4:d2:79
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbr+qGsogjT7zGvWwIXxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTExZmU4ZjA1NGM2Mzk2NjM1Mjk5MzhhZWJlZGE0ZDNl
ZjgwNjgwHhcNMjQwMTAxMTQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGVhZmFlYzZkNjgwMTZkMWQ2Y2IzNzdhNGE5OGVkNzBjNDMxNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiW/6lIMg2mTXPWGoPIc7GFo042e
iZUc33+bUILCw1mHxOGuycitN26xvPasDeCqnPlOc3vk1DF7F3c05RoX0+Gfl6K0
I9TZoDcvJrNc5R4jZzSKWWPEktwrSULp2PGUp2PfjvEhJ00F/C+zIN3lQSPBxI+9
HiSfJlVhlt1vGavBUN1l+W1Sq7ezE+vLV6ozKOXwYAWpsoSzPbsbDjIDtN1CxStS
klwlvrGDJFf0AWPLJcgOQSgSV0kyVe1vqpCPV7xDlGEEJJhQGiSaQyy1q4/sMA37
C5iRELwTp4JPiRol0i2LgWFEzlp1Lu3UDlHeV9LjdguYL283H7bmzPbNRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFATq+uxtaAFtHWyzd6SpjtcMQxbZMB8GA1UdIwQY
MBaAFBdRH+jwVMY5ZjUpk4rr7aTT74BoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFFZjZQQlV4amxtTlNtVGl1dnRwTlB2Z0dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZTI4OTYtZWYxYi00YTNjLTgyYzQt
ODg5YWIxYTBhNDdmLzEvQk9yNjdHMW9BVzBkYkxOM3BLbU8xd3hERnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZTI4OTYtZWYxYi00YTNjLTgyYzQtODg5YWIxYTBhNDdm
LzEvRjFFZjZQQlV4amxtTlNtVGl1dnRwTlB2Z0dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuZ9uMA8E
AgACMAkDBwAqDbcAAAAwDQYJKoZIhvcNAQELBQADggEBAAqioUxwoT7HRdl8kwZE
XUVfhtVe6TtDENqsHlHlNaNgxAQD8OlqHzoZCya4068zT9XEUNbZrbrjhrFVH63F
/fU8Po9aLtUtoypqF742Ves4jnb/7AqVDn32FsbUqvkjFbdTRYjBr5kNk1ZcKmT7
yvmmG979SIwjt/iKS0GGcfdxfhdE8v+9XeDIkeoctYFLmlyVK8pJJ/AHEPWskNMi
uI5QOgqjUXRHryfEMeYdedru0s4Yn0XpomFowCTGvuvKiOalWEOwalj0tw5ClG7a
wZ7Jbx/jXK0AtWtud+5t2etzYOWUSl5tZPXAkb05PwoiXZTQpCA0pj1TODpzZwi0
0nk=
-----END CERTIFICATE-----
Generated at Tue Mar 5 17:53:07 2024 by rpki-client on console-ams.rpki-client.org