Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/oRa9IQ0-NDGiXKWCuoDfgH4805E.roa
File: oRa9IQ0-NDGiXKWCuoDfgH4805E.roa (raw, json)
Hash identifier: X/53Hta7MJRsqWSJoM0V1cGbab4JAvY+9c5EZyPd2J8=
Subject key identifier: A1:16:BD:21:0D:3E:34:31:A2:5C:A5:82:BA:80:DF:80:7E:3C:D3:91
Certificate issuer: /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial: 01922E93C33BE0EA0F802E38D84241604AC2
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/oRa9IQ0-NDGiXKWCuoDfgH4805E.roa
Signing time: Thu 26 Sep 2024 13:44:48 +0000
ROA not before: Thu 26 Sep 2024 13:44:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 185.240.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:2e:93:c3:3b:e0:ea:0f:80:2e:38:d8:42:41:60:4a:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Validity
Not Before: Sep 26 13:44:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a116bd210d3e3431a25ca582ba80df807e3cd391
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:70:35:a2:fa:cd:5f:c4:6b:d3:bb:5a:e6:dd:
6e:ff:62:aa:03:81:86:2b:f6:25:1d:1b:d1:c5:13:
34:d7:d0:a7:f5:86:71:ec:5f:ab:bd:16:7a:92:02:
81:9a:bf:d9:e7:69:29:ec:b5:26:5f:cf:5f:e4:6e:
84:f1:8d:75:dd:62:20:bd:09:25:ad:1b:dc:e9:4c:
11:9c:28:4a:76:88:a0:6f:27:e9:a8:33:e8:31:74:
12:21:3f:f9:40:b3:2f:1f:e3:d6:a5:51:6d:b3:25:
4f:81:ae:b4:9a:15:e5:74:b8:3d:a9:f2:be:1e:79:
d9:9b:32:39:1d:c4:39:5e:fa:ec:0c:ec:68:62:f0:
00:29:08:14:f7:c9:dd:7c:b9:5a:0f:06:67:13:c3:
96:7e:e2:50:d6:cb:56:b3:a2:da:aa:16:8d:95:47:
24:e5:2a:a3:8e:9a:57:64:c0:08:15:b2:da:a9:ae:
bc:2f:b7:0e:9a:1d:62:d1:fc:3c:c1:75:27:54:d1:
cf:bc:9b:b9:5d:78:2b:73:af:8a:b3:bf:71:8a:54:
62:62:c1:66:80:61:c2:fa:74:06:e6:d0:8b:eb:70:
2c:66:09:43:2e:78:c0:6c:76:06:39:e2:43:69:79:
cc:5a:bd:64:d7:29:f5:2d:63:7f:1e:af:29:88:94:
d6:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:16:BD:21:0D:3E:34:31:A2:5C:A5:82:BA:80:DF:80:7E:3C:D3:91
X509v3 Authority Key Identifier:
keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/oRa9IQ0-NDGiXKWCuoDfgH4805E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.240.254.0/24
Signature Algorithm: sha256WithRSAEncryption
14:e6:4d:71:22:07:89:2b:86:ef:f4:83:d4:8e:7b:fb:7a:a0:
05:a3:de:32:5d:00:9e:f7:ac:6a:4f:74:68:a4:d0:98:14:53:
52:c7:62:c8:b1:99:b0:ef:f0:4f:f7:7c:75:6d:5c:2a:88:e8:
d7:60:8b:59:73:cd:07:f6:b3:6d:89:59:14:d0:e3:3f:37:bf:
36:be:b2:7c:cc:97:00:f7:0b:54:33:49:23:af:11:34:e3:50:
bf:25:74:1a:3e:69:56:01:6f:52:f5:7f:58:3b:ad:ef:fc:2a:
9d:25:a5:e1:ba:46:be:e9:da:45:66:05:44:a6:2c:85:64:f2:
0d:7c:67:85:fe:4d:75:0e:bf:6b:53:81:2d:02:26:2c:d7:34:
4b:2b:ae:db:c5:14:8c:8f:47:ba:1a:00:e8:35:de:c3:90:24:
33:aa:8a:69:bb:77:02:ed:80:35:52:69:31:a7:f2:e7:79:8b:
2f:c1:6c:7b:04:00:e6:ae:06:21:86:8a:7c:e0:80:02:3a:cb:
16:51:7f:52:58:33:c0:1b:00:91:3c:c6:b1:05:fe:76:96:d1:
8d:e0:cb:c6:0b:0a:8e:3a:ab:23:1f:9e:ba:18:92:c9:dd:3d:
c9:45:2e:45:a7:5f:47:1b:0b:24:3c:99:ec:2b:7b:df:aa:9a:
7c:c6:17:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIuk8M74OoPgC442EJBYErCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjQwOTI2MTM0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE2YmQyMTBkM2UzNDMxYTI1Y2E1ODJiYTgwZGY4MDdlM2NkMzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nA1ovrNX8Rr07ta5t1u/2KqA4GG
K/YlHRvRxRM019Cn9YZx7F+rvRZ6kgKBmr/Z52kp7LUmX89f5G6E8Y113WIgvQkl
rRvc6UwRnChKdoigbyfpqDPoMXQSIT/5QLMvH+PWpVFtsyVPga60mhXldLg9qfK+
HnnZmzI5HcQ5XvrsDOxoYvAAKQgU98ndfLlaDwZnE8OWfuJQ1stWs6LaqhaNlUck
5SqjjppXZMAIFbLaqa68L7cOmh1i0fw8wXUnVNHPvJu5XXgrc6+Ks79xilRiYsFm
gGHC+nQG5tCL63AsZglDLnjAbHYGOeJDaXnMWr1k1yn1LWN/Hq8piJTWrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEWvSENPjQxolylgrqA34B+PNORMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvb1JhOUlRMC1OREdpWEtXQ3VvRGZnSDQ4MDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufD+MA0G
CSqGSIb3DQEBCwUAA4IBAQAU5k1xIgeJK4bv9IPUjnv7eqAFo94yXQCe96xqT3Ro
pNCYFFNSx2LIsZmw7/BP93x1bVwqiOjXYItZc80H9rNtiVkU0OM/N782vrJ8zJcA
9wtUM0kjrxE041C/JXQaPmlWAW9S9X9YO63v/CqdJaXhuka+6dpFZgVEpiyFZPIN
fGeF/k11Dr9rU4EtAiYs1zRLK67bxRSMj0e6GgDoNd7DkCQzqoppu3cC7YA1Umkx
p/LneYsvwWx7BADmrgYhhop84IACOssWUX9SWDPAGwCRPMaxBf52ltGN4MvGCwqO
OqsjH566GJLJ3T3JRS5Fp19HGwskPJnsK3vfqpp8xhei
-----END CERTIFICATE-----
Generated at Mon Nov 4 13:10:14 2024 by rpki-client on console-fra.rpki-client.org