Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/X28uoEqjABlKRJG-isTC-0s2W8o.roa
File: X28uoEqjABlKRJG-isTC-0s2W8o.roa (raw, json)
Hash identifier: hfXDHcBKWjSOFMz3tymio4lO+l+Tjq2dcJYZpTtNq7c=
Subject key identifier: 5F:6F:2E:A0:4A:A3:00:19:4A:44:91:BE:8A:C4:C2:FB:4B:36:5B:CA
Certificate issuer: /CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
Certificate serial: 0184E1DCE933BBD15A7EAE7FE06EA2F7A634
Authority key identifier: FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/X28uoEqjABlKRJG-isTC-0s2W8o.roa
Signing time: Mon 05 Dec 2022 10:37:42 +0000
ROA not before: Mon 05 Dec 2022 10:37:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8798
IP address blocks: 212.69.72.0/22 maxlen: 22
212.69.76.0/24 maxlen: 24
212.69.78.0/23 maxlen: 23
212.69.80.0/23 maxlen: 23
212.69.80.0/21 maxlen: 21
212.69.80.0/20 maxlen: 20
212.69.88.0/21 maxlen: 21
212.69.64.0/21 maxlen: 21
2001:4028::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e1:dc:e9:33:bb:d1:5a:7e:ae:7f:e0:6e:a2:f7:a6:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
Validity
Not Before: Dec 5 10:37:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5f6f2ea04aa300194a4491be8ac4c2fb4b365bca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:ea:3f:2b:4f:c6:b2:00:95:41:ad:ab:aa:58:
d6:ad:b3:07:f8:b3:9b:05:29:5e:3b:8a:26:c5:99:
7e:cf:db:a5:4c:ed:4b:8f:73:a0:b0:f3:03:b3:dd:
2a:db:f7:6d:a3:ae:d7:95:81:e5:f0:ad:e0:50:aa:
a5:d2:63:08:8a:a6:aa:1b:f1:50:61:a1:94:09:54:
f6:02:4c:91:cf:c0:e8:36:a7:03:65:d7:c7:db:94:
78:37:cb:b3:00:82:76:64:c1:45:64:1e:1d:ef:e6:
eb:e4:a7:55:0b:04:20:f4:23:48:d6:db:cf:c9:bc:
18:d2:a6:4b:b6:91:7b:08:a9:27:1f:04:a9:d6:6e:
61:60:0b:be:b6:84:c7:be:7e:3a:ce:3b:a5:85:d8:
d0:f5:03:50:f0:3d:79:66:79:e7:1b:f4:84:2f:44:
3d:cd:f2:a0:f8:52:6f:8e:b1:6c:cb:48:ef:4a:7f:
ee:7e:b7:6d:f1:6f:03:05:44:90:a2:e1:21:f2:05:
62:91:98:97:ad:da:b1:d1:55:b9:49:b2:6f:98:9a:
7f:e1:11:a2:52:4d:1a:42:b0:76:7a:04:e4:b7:15:
4c:7c:ea:93:1c:f8:f2:15:f0:04:f5:b5:98:d8:4e:
f7:f4:b2:07:4f:52:52:45:e9:39:45:19:e5:ae:2e:
3a:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:6F:2E:A0:4A:A3:00:19:4A:44:91:BE:8A:C4:C2:FB:4B:36:5B:CA
X509v3 Authority Key Identifier:
keyid:FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/X28uoEqjABlKRJG-isTC-0s2W8o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.69.64.0-212.69.76.255
212.69.78.0-212.69.95.255
IPv6:
2001:4028::/29
Signature Algorithm: sha256WithRSAEncryption
5b:1a:d1:5b:91:ab:a4:e9:62:d0:fe:b6:15:a9:5e:c0:fe:b8:
e8:a1:fd:1e:09:f8:5a:55:f4:6a:65:dd:db:ce:e6:fd:79:23:
a3:46:3a:8d:a9:d3:da:12:04:4c:5c:49:bb:4a:f4:af:b2:d7:
ce:e6:9c:64:09:9a:1b:0f:37:8e:5e:1b:8f:35:18:7d:42:e0:
eb:9e:7b:84:d2:d7:bc:85:f5:33:64:34:1c:e4:e7:2f:0c:04:
10:15:a8:aa:01:a1:45:b8:68:7d:ef:a9:78:42:17:c3:45:3c:
41:26:ea:cc:89:1c:e3:6b:c0:01:84:9f:fc:2b:e8:81:22:9a:
99:5a:17:79:6e:ed:61:85:94:e5:b3:a7:56:de:ca:e7:d6:3a:
53:2f:6f:8d:65:33:98:c3:92:a9:2f:6b:a3:b0:32:be:6f:3b:
00:b3:c1:8e:85:78:a6:e3:06:db:04:26:bb:b1:91:a6:45:ff:
f5:7b:02:4d:ae:48:14:ae:a8:e9:be:53:d2:e6:10:a5:26:73:
08:1d:5a:6a:bc:62:36:30:3b:53:dd:90:b2:fc:d4:8b:7d:9e:
36:a0:a9:e2:44:e5:98:3f:c4:2f:4a:f3:89:49:ad:7c:1f:4d:
91:76:1d:3b:18:35:1f:c1:88:2d:e6:69:79:89:08:c9:31:8e:
7a:dc:19:70
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYTh3Okzu9Fafq5/4G6i96Y0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWU5YjRlOGRjNDliZTNhYmE1OTc0MjVhZWZkOGIzYTUz
NjJmZmMwHhcNMjIxMjA1MTAzNzQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZmMmVhMDRhYTMwMDE5NGE0NDkxYmU4YWM0YzJmYjRiMzY1YmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+o/K0/GsgCVQa2rqljWrbMH+LOb
BSleO4omxZl+z9ulTO1Lj3OgsPMDs90q2/dto67XlYHl8K3gUKql0mMIiqaqG/FQ
YaGUCVT2AkyRz8DoNqcDZdfH25R4N8uzAIJ2ZMFFZB4d7+br5KdVCwQg9CNI1tvP
ybwY0qZLtpF7CKknHwSp1m5hYAu+toTHvn46zjulhdjQ9QNQ8D15ZnnnG/SEL0Q9
zfKg+FJvjrFsy0jvSn/ufrdt8W8DBUSQouEh8gVikZiXrdqx0VW5SbJvmJp/4RGi
Uk0aQrB2egTktxVMfOqTHPjyFfAE9bWY2E739LIHT1JSRek5RRnlri46ZQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF9vLqBKowAZSkSRvorEwvtLNlvKMB8GA1UdIwQY
MBaAFPoem06NxJvjq6WXQlrv2LOlNi/8MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oNmJUbzNFbS1PcnBaZENXdV9ZczZVMkxfdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvNDcwN2I0LTAwMzItNGFjNy1iY2M3
LTQwYzFhNzI3MDJlZi8xL1gyOHVvRXFqQUJsS1JKRy1pc1RDLTBzMlc4by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvNDcwN2I0LTAwMzItNGFjNy1iY2M3LTQwYzFhNzI3MDJl
Zi8xLzEtaDZiVG8zRW0tT3JwWmRDV3VfWXM2VTJMX3cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRAYIKwYBBQUHAQcBAf8ENTAzMCIEAgABMBwwDAMEBtRF
QAMEANRFTDAMAwQB1EVOAwQF1EVAMA0EAgACMAcDBQMgAUAoMA0GCSqGSIb3DQEB
CwUAA4IBAQBbGtFbkauk6WLQ/rYVqV7A/rjoof0eCfhaVfRqZd3bzub9eSOjRjqN
qdPaEgRMXEm7SvSvstfO5pxkCZobDzeOXhuPNRh9QuDrnnuE0te8hfUzZDQc5Ocv
DAQQFaiqAaFFuGh976l4QhfDRTxBJurMiRzja8ABhJ/8K+iBIpqZWhd5bu1hhZTl
s6dW3srn1jpTL2+NZTOYw5KpL2ujsDK+bzsAs8GOhXim4wbbBCa7sZGmRf/1ewJN
rkgUrqjpvlPS5hClJnMIHVpqvGI2MDtT3ZCy/NSLfZ42oKniROWYP8QvSvOJSa18
H02Rdh07GDUfwYgt5ml5iQjJMY563Blw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:06 2024 by rpki-client on console-ams.rpki-client.org