Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/9vUxkjo1Nj1kUtHNGKzASO3n6bI.roa
File: 9vUxkjo1Nj1kUtHNGKzASO3n6bI.roa (raw, json)
Hash identifier: vhZhaGr0LArfz2YO7+uA400V6F2zwhekCJXDBtDM4XY=
Subject key identifier: F6:F5:31:92:3A:35:36:3D:64:52:D1:CD:18:AC:C0:48:ED:E7:E9:B2
Certificate issuer: /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial: 01856FD530FC1FBF1332A01874CB75B2E89F
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/9vUxkjo1Nj1kUtHNGKzASO3n6bI.roa
Signing time: Mon 02 Jan 2023 00:15:20 +0000
ROA not before: Mon 02 Jan 2023 00:15:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51658
IP address blocks: 185.202.133.0/24 maxlen: 24
2a0a:d6c0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d5:30:fc:1f:bf:13:32:a0:18:74:cb:75:b2:e8:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Validity
Not Before: Jan 2 00:15:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f6f531923a35363d6452d1cd18acc048ede7e9b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:97:de:ff:e0:6d:5b:05:4b:93:f2:dc:1f:cf:
bc:b7:fb:c5:81:68:b9:33:5e:f6:57:53:fd:3f:3a:
a1:f2:25:75:2c:a4:fe:22:ff:9d:3b:c6:f1:ae:55:
73:d2:22:93:cc:cd:17:8d:68:f6:ca:54:06:77:cc:
c2:f9:00:d2:25:92:53:4a:2e:b1:b6:27:7b:4d:60:
d0:a5:30:81:31:98:66:81:6a:ff:fb:af:29:de:d6:
09:5e:58:66:68:f3:78:7d:d6:b3:a3:5f:22:c7:85:
69:3f:c2:e3:84:4f:01:0c:a1:55:60:0e:14:bb:e4:
81:82:bd:55:f1:34:c1:f5:be:ff:2f:6d:85:09:a4:
f9:5c:09:3b:3e:9f:34:81:17:c4:e6:7b:20:9f:bc:
2e:df:24:e0:49:b0:30:59:90:c9:09:d7:bb:0e:0f:
ac:1d:a3:75:e3:76:83:06:57:ef:ef:a5:f0:a0:e9:
b6:e7:8b:85:18:76:bb:36:27:5f:35:d1:58:af:5c:
eb:2f:c5:30:a0:01:7c:19:35:db:67:69:9b:87:39:
10:b4:4c:1b:85:f7:28:44:62:16:c2:f5:fb:c5:d4:
63:b9:24:45:5a:9d:c7:e8:f2:39:a6:dc:6b:8d:e9:
7a:48:60:50:7e:f1:c5:1d:2d:f1:e4:1d:a8:b9:80:
6c:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:F5:31:92:3A:35:36:3D:64:52:D1:CD:18:AC:C0:48:ED:E7:E9:B2
X509v3 Authority Key Identifier:
keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/9vUxkjo1Nj1kUtHNGKzASO3n6bI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.202.133.0/24
IPv6:
2a0a:d6c0:1::/48
Signature Algorithm: sha256WithRSAEncryption
99:9d:03:92:75:65:4e:34:d1:78:5e:db:42:60:e9:e2:fe:31:
90:65:45:ab:fe:d9:29:a0:6c:a9:2b:b7:c1:4f:84:9b:ae:20:
51:e9:d1:f9:ad:00:66:82:ab:18:58:7b:58:97:5c:c5:91:04:
7d:25:fe:aa:d7:3d:35:dd:d8:35:1d:65:02:c9:9d:02:cf:e8:
83:20:50:93:ad:40:83:b7:87:32:99:22:94:fd:27:ce:3b:46:
30:30:0f:e6:9e:60:72:5e:b1:de:ff:3b:4e:d3:4b:02:e9:3d:
51:b7:09:c9:3e:96:e6:7f:0d:45:1f:c0:3f:95:86:c4:ce:1a:
a0:61:32:f9:67:af:e7:93:b3:75:e4:ab:9d:41:9d:8c:4b:e6:
0c:cc:58:da:df:53:a9:8b:8a:f3:3f:c2:69:c9:96:22:b5:17:
32:05:c7:90:69:ec:12:c1:7a:4e:ad:9a:28:08:10:7d:40:60:
d6:bc:70:46:9d:62:9b:c5:81:6e:fe:e6:31:c7:4a:9c:8d:89:
8e:d8:35:9e:5b:1d:99:8e:44:e9:00:11:42:cd:49:3a:34:2d:
f2:73:5f:70:94:73:f8:51:5e:5b:3c:15:ef:0b:52:81:3c:0c:
5f:d8:b7:7a:70:8e:ad:c8:d7:30:ed:c7:ff:69:13:c9:a3:97:
4a:38:4a:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVv1TD8H78TMqAYdMt1suifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjMwMTAyMDAxNTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmY1MzE5MjNhMzUzNjNkNjQ1MmQxY2QxOGFjYzA0OGVkZTdlOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZfe/+BtWwVLk/LcH8+8t/vFgWi5
M172V1P9Pzqh8iV1LKT+Iv+dO8bxrlVz0iKTzM0XjWj2ylQGd8zC+QDSJZJTSi6x
tid7TWDQpTCBMZhmgWr/+68p3tYJXlhmaPN4fdazo18ix4VpP8LjhE8BDKFVYA4U
u+SBgr1V8TTB9b7/L22FCaT5XAk7Pp80gRfE5nsgn7wu3yTgSbAwWZDJCde7Dg+s
HaN143aDBlfv76XwoOm254uFGHa7NidfNdFYr1zrL8UwoAF8GTXbZ2mbhzkQtEwb
hfcoRGIWwvX7xdRjuSRFWp3H6PI5ptxrjel6SGBQfvHFHS3x5B2ouYBsewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPb1MZI6NTY9ZFLRzRiswEjt5+myMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvOXZVeGtqbzFOajFrVXRITkdLekFTTzNuNmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucqFMA8E
AgACMAkDBwAqCtbAAAEwDQYJKoZIhvcNAQELBQADggEBAJmdA5J1ZU400Xhe20Jg
6eL+MZBlRav+2SmgbKkrt8FPhJuuIFHp0fmtAGaCqxhYe1iXXMWRBH0l/qrXPTXd
2DUdZQLJnQLP6IMgUJOtQIO3hzKZIpT9J847RjAwD+aeYHJesd7/O07TSwLpPVG3
Cck+luZ/DUUfwD+VhsTOGqBhMvlnr+eTs3Xkq51BnYxL5gzMWNrfU6mLivM/wmnJ
liK1FzIFx5Bp7BLBek6tmigIEH1AYNa8cEadYpvFgW7+5jHHSpyNiY7YNZ5bHZmO
ROkAEULNSTo0LfJzX3CUc/hRXls8Fe8LUoE8DF/Yt3pwjq3I1zDtx/9pE8mjl0o4
Sh4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:38 2024 by rpki-client on console-fra.rpki-client.org