Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Z29zfJ6zaAJik7jZCx4ZBlAdgqw.roa
File: Z29zfJ6zaAJik7jZCx4ZBlAdgqw.roa (raw, json)
Hash identifier: eJ3KG+Na0mBg0O6D61cl3C+vcVTefiKXk1Qf8F8ZrEs=
Subject key identifier: 67:6F:73:7C:9E:B3:68:02:62:93:B8:D9:0B:1E:19:06:50:1D:82:AC
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018CC9BC60D365B3949B07F8005E194039A0
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Z29zfJ6zaAJik7jZCx4ZBlAdgqw.roa
Signing time: Tue 02 Jan 2024 10:33:34 +0000
ROA not before: Tue 02 Jan 2024 10:33:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207967
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.88.0/24 maxlen: 24
176.114.90.0/24 maxlen: 24
176.114.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:60:d3:65:b3:94:9b:07:f8:00:5e:19:40:39:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Jan 2 10:33:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=676f737c9eb368026293b8d90b1e1906501d82ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:95:86:72:a4:4b:1b:33:60:68:bc:86:30:98:
46:34:66:81:87:1f:10:b9:57:86:c3:e2:a1:3b:8e:
be:60:8e:9b:e9:f7:2e:bc:78:e8:88:71:0a:36:a5:
76:c8:a5:2b:0a:47:d1:21:89:53:aa:30:fc:f0:73:
b2:23:19:36:d1:dc:21:79:e8:19:8f:cf:02:10:2b:
dc:0a:8c:6a:2a:d6:f7:c3:da:60:e1:72:e6:d7:2d:
08:55:bb:a4:75:8f:6a:0c:e1:29:67:18:51:d5:5b:
75:01:e5:bc:90:2e:18:e0:6d:6a:d7:6c:ba:f6:48:
38:9a:3a:85:ec:d7:04:93:df:7e:f5:7d:fc:63:e1:
c2:cf:9a:0c:df:7b:5c:8d:2a:05:ce:0b:aa:01:0d:
5b:d7:d6:4d:8e:e4:26:6c:cd:b0:95:ad:a1:3f:e4:
1f:a2:aa:63:14:3c:28:7e:e9:b3:50:f7:b9:2a:66:
ab:87:3f:f4:80:d1:6a:4a:37:55:41:fe:c3:37:2f:
58:81:05:34:a1:65:8d:2b:02:18:97:34:77:e6:c5:
3a:9d:05:15:36:db:d1:2d:68:7b:c3:69:0d:01:90:
4d:1e:26:48:90:fb:c9:4c:01:39:50:f8:91:e3:3c:
d6:7e:2f:1d:5f:d3:f9:5a:72:71:4d:78:41:03:94:
d8:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:6F:73:7C:9E:B3:68:02:62:93:B8:D9:0B:1E:19:06:50:1D:82:AC
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Z29zfJ6zaAJik7jZCx4ZBlAdgqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0-176.114.90.255
Signature Algorithm: sha256WithRSAEncryption
7a:3f:94:d9:db:b4:ed:09:49:56:23:9d:56:7a:b2:21:08:06:
1b:76:c4:bf:96:df:f0:21:a4:6e:27:63:33:18:46:59:a0:d2:
72:fb:28:65:1f:54:2e:86:8f:54:2f:64:dd:47:2b:15:02:06:
c0:43:ad:de:a9:0c:98:73:36:cf:34:a4:fd:b3:e9:ba:1a:c0:
97:19:d1:2c:01:e9:4e:10:20:df:6c:54:bb:0c:48:3f:f1:e4:
26:f5:59:9e:d0:64:47:0a:da:42:54:91:06:2c:3e:87:a9:3b:
f0:3e:91:79:f3:3f:df:ec:0b:a4:fa:dd:c3:16:2c:64:ae:6e:
8f:a1:79:69:1e:6c:57:55:c3:6c:2e:17:ec:e9:57:b6:d4:d3:
d1:8b:e2:10:43:c5:43:3e:69:e0:26:81:a7:d6:f9:76:01:3d:
66:ba:2b:b5:26:c3:7b:10:58:6c:24:e3:f9:49:e1:c2:1f:de:
2a:8e:89:16:a2:30:ef:41:ae:94:e7:99:76:88:84:ce:76:55:
a7:05:fa:82:34:c5:12:2e:45:2b:0e:a0:e3:ff:d1:c5:84:75:
5a:17:cf:b8:cd:b1:8f:72:a6:2a:7e:9c:83:19:75:92:55:07:
b8:55:a1:6b:62:cc:b7:6e:32:7b:da:2d:fa:62:d0:64:12:81:
5a:3b:92:4d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvGDTZbOUmwf4AF4ZQDmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzZmNzM3YzllYjM2ODAyNjI5M2I4ZDkwYjFlMTkwNjUwMWQ4MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpWGcqRLGzNgaLyGMJhGNGaBhx8Q
uVeGw+KhO46+YI6b6fcuvHjoiHEKNqV2yKUrCkfRIYlTqjD88HOyIxk20dwheegZ
j88CECvcCoxqKtb3w9pg4XLm1y0IVbukdY9qDOEpZxhR1Vt1AeW8kC4Y4G1q12y6
9kg4mjqF7NcEk99+9X38Y+HCz5oM33tcjSoFzguqAQ1b19ZNjuQmbM2wla2hP+Qf
oqpjFDwofumzUPe5Kmarhz/0gNFqSjdVQf7DNy9YgQU0oWWNKwIYlzR35sU6nQUV
NtvRLWh7w2kNAZBNHiZIkPvJTAE5UPiR4zzWfi8dX9P5WnJxTXhBA5TYmwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGdvc3yes2gCYpO42QseGQZQHYKsMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvWjI5emZKNnphQUppazdqWkN4NFpCbEFkZ3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKwclQD
BACwclowDQYJKoZIhvcNAQELBQADggEBAHo/lNnbtO0JSVYjnVZ6siEIBht2xL+W
3/AhpG4nYzMYRlmg0nL7KGUfVC6Gj1QvZN1HKxUCBsBDrd6pDJhzNs80pP2z6boa
wJcZ0SwB6U4QIN9sVLsMSD/x5Cb1WZ7QZEcK2kJUkQYsPoepO/A+kXnzP9/sC6T6
3cMWLGSubo+heWkebFdVw2wuF+zpV7bU09GL4hBDxUM+aeAmgafW+XYBPWa6K7Um
w3sQWGwk4/lJ4cIf3iqOiRaiMO9BrpTnmXaIhM52VacF+oI0xRIuRSsOoOP/0cWE
dVoXz7jNsY9ypip+nIMZdZJVB7hVoWtizLduMnvaLfpi0GQSgVo7kk0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:57 2024 by rpki-client on console-fra.rpki-client.org