Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/arMRiqmfUTs8vrYZ2AjXGz-UCEo.roa
File: arMRiqmfUTs8vrYZ2AjXGz-UCEo.roa (raw, json)
Hash identifier: EJIHQl2+wPbAjLI9jKu3nfUX2K39fIwOv7mRKfIpMhc=
Subject key identifier: 6A:B3:11:8A:A9:9F:51:3B:3C:BE:B6:19:D8:08:D7:1B:3F:94:08:4A
Certificate issuer: /CN=40254d4a767ad099606e442e092f91241a363670
Certificate serial: 04425AD9
Authority key identifier: 40:25:4D:4A:76:7A:D0:99:60:6E:44:2E:09:2F:91:24:1A:36:36:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QCVNSnZ60JlgbkQuCS-RJBo2NnA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/arMRiqmfUTs8vrYZ2AjXGz-UCEo.roa
Signing time: Sat 01 Jan 2022 09:53:52 +0000
ROA not before: Sat 01 Jan 2022 09:53:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207864
IP address blocks: 193.22.141.0/24 maxlen: 24
193.22.168.0/24 maxlen: 24
193.22.170.0/24 maxlen: 24
193.22.108.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 71457497 (0x4425ad9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=40254d4a767ad099606e442e092f91241a363670
Validity
Not Before: Jan 1 09:53:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6ab3118aa99f513b3cbeb619d808d71b3f94084a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:47:89:73:ce:e6:f8:eb:13:2b:bb:f1:98:40:
cc:a0:5d:8b:be:9c:1c:87:07:c2:39:e5:2b:70:96:
7a:db:69:be:2b:c9:0d:b3:29:51:a4:cc:40:a4:13:
c0:d6:d9:7d:b7:02:cd:a1:d7:bf:11:3b:55:79:9e:
2b:26:8f:b6:e1:9e:74:98:38:60:35:95:6e:6f:07:
d9:aa:c8:dc:48:a6:7b:0c:15:02:e0:dc:c3:eb:ce:
18:29:cd:b8:30:af:42:3b:15:48:62:c3:14:b6:16:
20:11:57:ee:54:f4:13:67:52:cc:50:70:5d:fe:9f:
a3:f1:0d:3a:a6:54:cf:ab:7c:5a:d1:98:2f:71:48:
ea:85:5c:0d:2f:fb:aa:2d:04:0b:63:1e:d7:2c:e0:
fc:be:41:d8:70:30:40:7b:0d:27:2f:ec:6c:f7:ef:
87:ee:24:5f:75:7b:48:a7:11:c5:55:ca:2f:55:ad:
1c:b0:69:0b:73:36:e7:44:36:53:07:16:15:57:5b:
c1:e2:1d:87:dd:67:12:5a:7c:a6:33:ed:55:b2:ff:
65:16:99:9c:22:dd:ca:4a:ed:11:55:ee:88:73:bc:
0f:5e:ef:71:f0:80:98:06:47:7d:36:15:57:c3:a4:
eb:cc:20:a0:16:30:90:05:b9:e1:d7:d1:c7:b7:9a:
db:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:B3:11:8A:A9:9F:51:3B:3C:BE:B6:19:D8:08:D7:1B:3F:94:08:4A
X509v3 Authority Key Identifier:
keyid:40:25:4D:4A:76:7A:D0:99:60:6E:44:2E:09:2F:91:24:1A:36:36:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QCVNSnZ60JlgbkQuCS-RJBo2NnA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/arMRiqmfUTs8vrYZ2AjXGz-UCEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ef6c8e-3f07-4b3f-a87e-bbe912eec73e/1/QCVNSnZ60JlgbkQuCS-RJBo2NnA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.22.108.0/24
193.22.141.0/24
193.22.168.0/24
193.22.170.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:53:6a:49:d4:17:2c:a0:20:a6:b1:9e:d8:26:b3:4d:ca:b4:
17:f6:de:57:36:f8:e5:df:af:ba:12:68:15:a3:cb:87:61:99:
ab:c9:a2:72:e6:ef:50:92:7b:86:26:13:da:c4:b0:15:44:77:
48:b3:53:ca:5f:5d:e5:e7:d5:04:b8:6d:0f:6e:38:2b:3e:d3:
ca:f0:4f:52:0c:9b:08:9e:5c:19:cf:59:b3:34:7f:c6:01:9b:
91:fe:d0:6d:b6:fc:63:60:c8:56:79:d4:44:75:b6:c6:4d:c2:
b1:b2:f3:01:f5:7c:e6:b7:32:8e:da:2e:b9:2d:9c:aa:72:26:
3b:d4:d5:12:f9:b5:04:25:4f:b1:57:c4:ca:5c:8b:60:18:46:
8f:9a:96:c8:4c:a4:7d:fb:a2:72:f3:0f:6d:23:bc:bc:33:c0:
ff:d1:63:1b:65:63:e5:12:0b:93:f1:95:07:4c:59:02:9a:85:
1e:55:73:b9:a9:c8:94:a2:2c:6f:8b:77:09:2f:cb:bb:ad:d6:
71:79:32:88:1e:af:8e:ed:f8:3a:7f:29:91:6d:20:3c:53:3b:
98:a6:b0:07:61:35:4e:86:0c:cc:10:aa:2e:5c:47:b2:bd:66:
f1:5c:39:13:d5:8b:41:5c:17:5a:5b:1b:10:41:27:ea:b2:aa:
21:de:a2:98
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEBEJa2TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDI1NGQ0YTc2N2FkMDk5NjA2ZTQ0MmUwOTJmOTEyNDFhMzYzNjcwMB4XDTIyMDEw
MTA5NTM1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmFiMzExOGFhOTlm
NTEzYjNjYmViNjE5ZDgwOGQ3MWIzZjk0MDg0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRHiXPO5vjrEyu78ZhAzKBdi76cHIcHwjnlK3CWettpvivJ
DbMpUaTMQKQTwNbZfbcCzaHXvxE7VXmeKyaPtuGedJg4YDWVbm8H2arI3EimewwV
AuDcw+vOGCnNuDCvQjsVSGLDFLYWIBFX7lT0E2dSzFBwXf6fo/ENOqZUz6t8WtGY
L3FI6oVcDS/7qi0EC2Me1yzg/L5B2HAwQHsNJy/sbPfvh+4kX3V7SKcRxVXKL1Wt
HLBpC3M250Q2UwcWFVdbweIdh91nElp8pjPtVbL/ZRaZnCLdykrtEVXuiHO8D17v
cfCAmAZHfTYVV8Ok68wgoBYwkAW54dfRx7ea26sCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBRqsxGKqZ9ROzy+thnYCNcbP5QISjAfBgNVHSMEGDAWgBRAJU1KdnrQmWBu
RC4JL5EkGjY2cDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FDVk5Tblo2MEpsZ2JrUXVDUy1SSkJvMk5uQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvZWY2YzhlLTNmMDctNGIzZi1hODdlLWJiZTkxMmVlYzczZS8x
L2FyTVJpcW1mVVRzOHZyWVoyQWpYR3otVUNFby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
ZWY2YzhlLTNmMDctNGIzZi1hODdlLWJiZTkxMmVlYzczZS8xL1FDVk5Tblo2MEps
Z2JrUXVDUy1SSkJvMk5uQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAMEWbAMEAMEWjQMEAMEWqAMEAMEW
qjANBgkqhkiG9w0BAQsFAAOCAQEAjFNqSdQXLKAgprGe2CazTcq0F/beVzb45d+v
uhJoFaPLh2GZq8micubvUJJ7hiYT2sSwFUR3SLNTyl9d5efVBLhtD244Kz7TyvBP
UgybCJ5cGc9ZszR/xgGbkf7Qbbb8Y2DIVnnURHW2xk3CsbLzAfV85rcyjtouuS2c
qnImO9TVEvm1BCVPsVfEylyLYBhGj5qWyEykffuicvMPbSO8vDPA/9FjG2Vj5RIL
k/GVB0xZApqFHlVzuanIlKIsb4t3CS/Lu63WcXkyiB6vju34On8pkW0gPFM7mKaw
B2E1ToYMzBCqLlxHsr1m8Vw5E9WLQVwXWlsbEEEn6rKqId6imA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:14 2024 by rpki-client on console-fra.rpki-client.org