Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xPv1YU8aHp8YPy4_WSodVe1yNLI.roa
File: xPv1YU8aHp8YPy4_WSodVe1yNLI.roa (raw, json)
Hash identifier: iy4LwugBLPPT5lJhztcx6aaetdViD9K0aWlMbrq3lHw=
Subject key identifier: C4:FB:F5:61:4F:1A:1E:9F:18:3F:2E:3F:59:2A:1D:55:ED:72:34:B2
Certificate issuer: /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial: 0F347D2A
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xPv1YU8aHp8YPy4_WSodVe1yNLI.roa
Signing time: Sat 01 Jan 2022 14:58:01 +0000
ROA not before: Sat 01 Jan 2022 14:58:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43060
IP address blocks: 185.196.216.0/22 maxlen: 22
94.158.48.0/20 maxlen: 20
94.158.60.0/24 maxlen: 24
94.158.61.0/24 maxlen: 24
94.158.59.0/24 maxlen: 24
94.158.62.0/24 maxlen: 24
109.207.240.0/20 maxlen: 22
91.196.76.0/23 maxlen: 24
2a04:1b80::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 255098154 (0xf347d2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Validity
Not Before: Jan 1 14:58:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c4fbf5614f1a1e9f183f2e3f592a1d55ed7234b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:1d:07:34:2a:30:b7:2b:55:b2:79:46:6a:28:
3d:8d:6a:7e:a4:a9:31:0b:85:d5:66:f4:84:e8:b4:
eb:27:a9:f3:84:df:94:c8:03:75:99:dc:9c:0f:42:
24:38:50:3c:22:a1:78:3f:48:91:32:9b:49:57:6d:
6a:58:3d:98:6f:41:0d:dd:56:f1:91:0a:78:49:b0:
22:83:75:86:ef:4c:cb:fe:c0:b9:cd:95:fe:60:a3:
c1:65:5b:22:a6:36:64:f7:1d:d3:a8:4d:6f:b6:f1:
51:ee:f0:1e:62:18:16:74:ee:e5:8d:e0:47:3e:a6:
77:d2:88:02:0d:44:33:b8:b5:ed:ea:ce:da:1c:40:
2f:59:80:59:cc:3b:e0:fe:59:f3:7c:80:e9:78:5f:
c9:5e:e5:eb:df:9d:03:8a:af:72:eb:fb:99:a7:13:
5a:c1:33:52:11:b1:fa:6f:c3:32:c9:4f:2f:00:bd:
63:7e:c4:3c:0f:f1:f1:8b:d6:d5:b6:74:96:56:35:
53:f9:11:c3:0c:8d:7c:78:7a:6d:86:14:51:03:ca:
e1:6a:bd:58:12:7a:d8:1b:64:71:e8:3d:12:37:92:
c1:55:7f:fb:c2:ed:13:bb:1c:ba:5b:c6:19:20:56:
5c:5b:2f:9a:de:70:cd:ac:52:65:01:95:60:f3:fa:
d1:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:FB:F5:61:4F:1A:1E:9F:18:3F:2E:3F:59:2A:1D:55:ED:72:34:B2
X509v3 Authority Key Identifier:
keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xPv1YU8aHp8YPy4_WSodVe1yNLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.76.0/23
94.158.48.0/20
109.207.240.0/20
185.196.216.0/22
IPv6:
2a04:1b80::/32
Signature Algorithm: sha256WithRSAEncryption
30:df:27:aa:ee:d0:fd:93:75:1d:b3:eb:42:6b:59:8d:b7:24:
d9:02:5b:f4:f4:3b:8e:af:1c:ff:0f:48:54:2c:1c:6a:a2:57:
26:0a:1c:c9:69:d6:16:50:7a:b8:82:70:5d:88:7b:e8:14:ec:
1a:2a:4d:74:b4:ac:1e:c7:54:0c:6b:21:eb:68:65:1d:5c:11:
d6:c6:e9:80:5b:23:74:38:80:68:e5:0e:80:5d:82:9b:39:1b:
d4:08:34:5a:da:2c:29:3e:ee:15:25:d3:d2:ac:b1:75:f9:03:
f8:6e:0a:96:24:17:7c:0a:69:ad:39:a0:5a:1a:04:09:cd:d0:
32:fb:d3:bd:b5:af:6c:02:5f:3b:ed:4d:a9:82:13:9f:7e:50:
c9:18:c0:d2:0d:3e:90:e4:9a:4b:78:80:b0:32:65:1c:12:78:
89:3f:3f:e9:73:29:90:13:83:38:da:a0:b8:d3:be:12:6c:3c:
b0:2b:b1:d2:33:68:6b:28:71:e6:bb:75:93:8c:18:73:04:b3:
2f:83:27:25:70:bb:e3:e2:4a:90:53:1c:4d:9e:ea:3d:b0:99:
40:23:4d:d6:85:a1:a9:7e:05:9f:19:ba:72:bd:a2:96:14:f2:
ad:e8:cc:1f:81:63:9c:ab:87:18:8e:07:18:fc:d0:29:de:f0:
a6:72:89:7e
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEDzR9KjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZmI0YThiOTNhZjllYTljZjE4YWFjYTRlNzNmMTE2ZWMyNmViMzU3MB4XDTIyMDEw
MTE0NTgwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzRmYmY1NjE0ZjFh
MWU5ZjE4M2YyZTNmNTkyYTFkNTVlZDcyMzRiMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALodBzQqMLcrVbJ5RmooPY1qfqSpMQuF1Wb0hOi06yep84Tf
lMgDdZncnA9CJDhQPCKheD9IkTKbSVdtalg9mG9BDd1W8ZEKeEmwIoN1hu9My/7A
uc2V/mCjwWVbIqY2ZPcd06hNb7bxUe7wHmIYFnTu5Y3gRz6md9KIAg1EM7i17erO
2hxAL1mAWcw74P5Z83yA6XhfyV7l69+dA4qvcuv7macTWsEzUhGx+m/DMslPLwC9
Y37EPA/x8YvW1bZ0llY1U/kRwwyNfHh6bYYUUQPK4Wq9WBJ62Btkceg9EjeSwVV/
+8LtE7sculvGGSBWXFsvmt5wzaxSZQGVYPP60TsCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTE+/VhTxoenxg/Lj9ZKh1V7XI0sjAfBgNVHSMEGDAWgBSftKi5OvnqnPGK
rKTnPxFuwm6zVzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L243U291VHI1NnB6eGlxeWs1ejhSYnNKdXMxYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8x
L3hQdjFZVThhSHA4WVB5NF9XU29kVmUxeU5MSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
ODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8xL243U291VHI1NnB6
eGlxeWs1ejhSYnNKdXMxYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAVvETAMEBF6eMAMEBG3P8AMEArnE
2DANBAIAAjAHAwUAKgQbgDANBgkqhkiG9w0BAQsFAAOCAQEAMN8nqu7Q/ZN1HbPr
QmtZjbck2QJb9PQ7jq8c/w9IVCwcaqJXJgocyWnWFlB6uIJwXYh76BTsGipNdLSs
HsdUDGsh62hlHVwR1sbpgFsjdDiAaOUOgF2Cmzkb1Ag0WtosKT7uFSXT0qyxdfkD
+G4KliQXfApprTmgWhoECc3QMvvTvbWvbAJfO+1NqYITn35QyRjA0g0+kOSaS3iA
sDJlHBJ4iT8/6XMpkBODONqguNO+Emw8sCux0jNoayhx5rt1k4wYcwSzL4MnJXC7
4+JKkFMcTZ7qPbCZQCNN1oWhqX4Fnxm6cr2ilhTyrejMH4FjnKuHGI4HGPzQKd7w
pnKJfg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:47 2024 by rpki-client on console-ams.rpki-client.org