Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/0H1eFEVpqi3q25_HsObCO5gYN2c.roa
File: 0H1eFEVpqi3q25_HsObCO5gYN2c.roa (raw, json)
Hash identifier: drdcNpTmmphmk2dyXuYJDx0mIbs/FXsTGQbQIZod5Lk=
Subject key identifier: D0:7D:5E:14:45:69:AA:2D:EA:DB:9F:C7:B0:E6:C2:3B:98:18:37:67
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 01857246DF4AC9EB155429A917E3845B1307
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/0H1eFEVpqi3q25_HsObCO5gYN2c.roa
Signing time: Mon 02 Jan 2023 11:38:45 +0000
ROA not before: Mon 02 Jan 2023 11:38:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52000
IP address blocks: 176.114.69.0/24 maxlen: 24
176.114.71.0/24 maxlen: 24
176.114.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:df:4a:c9:eb:15:54:29:a9:17:e3:84:5b:13:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Jan 2 11:38:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d07d5e144569aa2deadb9fc7b0e6c23b98183767
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:d7:ed:1c:28:88:db:87:80:c5:65:a2:3c:b7:
14:91:75:88:43:bd:e4:a4:d6:0b:b9:77:5c:19:b5:
11:4f:c6:b5:1b:5e:83:3f:6c:0a:63:a6:bd:e7:8e:
7e:f4:9c:48:3d:ec:56:29:b1:9a:5b:2a:8c:ec:97:
60:c4:b9:6c:16:38:f4:6f:a8:f1:fb:88:66:3e:1b:
59:b4:0e:f7:1d:1e:3f:82:1c:93:bf:3d:93:19:83:
e5:54:e1:a1:74:46:27:dc:df:4a:28:c7:99:9b:02:
81:a3:eb:f1:5f:ab:6f:15:d9:41:80:39:c7:1a:5f:
1d:db:9d:35:c8:61:ba:d3:2f:ba:64:02:ae:8c:95:
17:6f:a9:53:70:ae:9c:15:d8:d9:5d:d3:30:43:9f:
0e:70:ed:70:eb:c2:31:5b:c9:02:1d:84:9c:13:60:
ce:e3:5d:72:05:31:09:1e:c2:6d:e2:ad:0e:25:8a:
23:a2:53:02:ba:39:d5:18:46:1c:75:4a:e6:1f:a4:
cf:35:3c:c8:5b:b5:7c:3a:14:00:0e:ba:bf:d4:a7:
08:d8:da:b1:00:cb:c0:94:f0:5e:b3:5c:42:e9:c2:
0e:78:20:0c:71:9f:f7:50:cf:05:d9:28:43:2b:23:
8a:df:9f:72:2d:f9:bf:5a:bd:5c:3a:be:40:1f:b7:
5d:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:7D:5E:14:45:69:AA:2D:EA:DB:9F:C7:B0:E6:C2:3B:98:18:37:67
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/0H1eFEVpqi3q25_HsObCO5gYN2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.69.0/24
176.114.71.0/24
176.114.76.0/22
Signature Algorithm: sha256WithRSAEncryption
90:b6:71:5a:cd:bf:a7:0b:d1:2b:b8:21:00:8b:4b:d4:ad:ac:
c3:36:a6:c2:b9:92:d3:27:05:9d:6d:77:27:6a:4c:31:0a:dc:
d4:c6:1e:3e:ff:04:8a:f0:df:f0:c3:9b:ea:8b:15:3c:ab:8f:
71:18:57:4d:48:f7:90:31:ab:e3:a4:9b:80:28:90:6d:2e:3e:
74:57:8c:19:ff:76:c5:1f:5d:bd:08:0a:26:8b:6d:d8:e5:4a:
e7:07:d4:99:59:91:00:4c:fd:8f:37:61:d3:2a:2e:0f:fc:df:
78:df:a9:29:e6:46:53:2c:55:b6:f5:2f:b1:85:79:5b:63:c5:
80:77:a7:e8:e1:4f:f1:26:97:c2:69:90:6c:21:cb:b5:96:6f:
f2:78:cb:18:65:09:bc:b6:83:b7:3c:a2:9a:ff:09:01:8b:78:
d2:29:1f:ed:33:4e:03:d6:64:46:ed:3b:1f:c1:52:c1:04:5d:
a3:8b:0a:34:a7:75:3d:00:f2:98:3d:ac:5c:27:f7:11:52:01:
d4:5b:d5:06:39:1c:6c:f3:64:d5:d3:35:5f:d8:75:9c:86:93:
f5:41:0d:d7:34:d6:23:a7:4e:ae:fe:20:3f:61:bd:9f:52:cb:
c6:e2:a2:f0:dc:81:99:21:b4:68:b8:29:69:9f:2b:2c:81:79:
9d:ef:4d:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVyRt9KyesVVCmpF+OEWxMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMTAyMTEzODQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDdkNWUxNDQ1NjlhYTJkZWFkYjlmYzdiMGU2YzIzYjk4MTgzNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9ftHCiI24eAxWWiPLcUkXWIQ73k
pNYLuXdcGbURT8a1G16DP2wKY6a9545+9JxIPexWKbGaWyqM7JdgxLlsFjj0b6jx
+4hmPhtZtA73HR4/ghyTvz2TGYPlVOGhdEYn3N9KKMeZmwKBo+vxX6tvFdlBgDnH
Gl8d2501yGG60y+6ZAKujJUXb6lTcK6cFdjZXdMwQ58OcO1w68IxW8kCHYScE2DO
411yBTEJHsJt4q0OJYojolMCujnVGEYcdUrmH6TPNTzIW7V8OhQADrq/1KcI2Nqx
AMvAlPBes1xC6cIOeCAMcZ/3UM8F2ShDKyOK359yLfm/Wr1cOr5AH7ddmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNB9XhRFaaot6tufx7DmwjuYGDdnMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvMEgxZUZFVnBxaTNxMjVfSHNPYkNPNWdZTjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsHJFAwQA
sHJHAwQCsHJMMA0GCSqGSIb3DQEBCwUAA4IBAQCQtnFazb+nC9EruCEAi0vUrazD
NqbCuZLTJwWdbXcnakwxCtzUxh4+/wSK8N/ww5vqixU8q49xGFdNSPeQMavjpJuA
KJBtLj50V4wZ/3bFH129CAomi23Y5UrnB9SZWZEATP2PN2HTKi4P/N9436kp5kZT
LFW29S+xhXlbY8WAd6fo4U/xJpfCaZBsIcu1lm/yeMsYZQm8toO3PKKa/wkBi3jS
KR/tM04D1mRG7TsfwVLBBF2jiwo0p3U9APKYPaxcJ/cRUgHUW9UGORxs82TV0zVf
2HWchpP1QQ3XNNYjp06u/iA/Yb2fUsvG4qLw3IGZIbRouClpnyssgXmd701O
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:57 2024 by rpki-client on console-fra.rpki-client.org