Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/bL44RpivOAAYstnNuPmtrOnEVQc.roa
File: bL44RpivOAAYstnNuPmtrOnEVQc.roa (raw, json)
Hash identifier: f1RXm7LE7mALyYsW7HHQ+NhQ5rj+yREpwsS9oB4np2A=
Subject key identifier: 6C:BE:38:46:98:AF:38:00:18:B2:D9:CD:B8:F9:AD:AC:E9:C4:55:07
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018C213132FCA1341CFA98846FC5B1885760
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/bL44RpivOAAYstnNuPmtrOnEVQc.roa
Signing time: Thu 30 Nov 2023 17:05:21 +0000
ROA not before: Thu 30 Nov 2023 17:05:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207967
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.88.0/24 maxlen: 24
176.114.90.0/24 maxlen: 24
176.114.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:21:31:32:fc:a1:34:1c:fa:98:84:6f:c5:b1:88:57:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Nov 30 17:05:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cbe384698af380018b2d9cdb8f9adace9c45507
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:fc:42:57:76:94:5c:9c:4a:20:9f:23:e5:aa:
94:2c:6e:4b:d8:bb:8d:bb:ad:b2:6b:70:2c:9f:72:
b4:8f:a6:09:4b:b4:37:57:f2:02:d3:79:97:ea:0a:
ba:70:67:e3:a5:4b:03:21:56:f2:40:23:77:07:1b:
72:d0:db:68:38:a4:4d:7b:fc:d0:a2:b8:26:1d:c2:
d9:4a:7c:38:be:9d:ba:19:c8:a4:67:bf:83:74:f3:
1c:d3:e5:50:78:8d:3f:e0:2b:24:c6:af:83:85:0f:
03:76:fc:c2:47:af:1e:f5:ac:fb:5a:e9:29:61:cb:
e3:fa:8d:25:c2:b3:dd:07:25:fd:7c:7c:80:6c:33:
fe:e9:89:f5:b2:45:97:c1:7f:7c:36:4a:da:77:74:
ed:3c:88:24:92:1c:10:e6:1b:53:e8:33:5a:27:12:
63:1a:19:0b:d1:df:88:b1:61:b4:c5:e1:e2:ad:54:
e0:18:39:52:88:d8:6e:77:f9:9f:3e:4a:98:69:b7:
a6:6c:74:d3:37:fc:aa:53:ed:60:2d:9e:ed:0f:5a:
92:6f:03:d0:98:b4:c6:68:fe:e1:66:7d:f9:42:24:
a2:57:c6:cd:28:a8:ef:dc:eb:63:31:08:8f:1e:2f:
a3:0a:a5:80:91:aa:c6:81:44:78:0c:7e:c6:6a:af:
72:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:BE:38:46:98:AF:38:00:18:B2:D9:CD:B8:F9:AD:AC:E9:C4:55:07
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/bL44RpivOAAYstnNuPmtrOnEVQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0-176.114.90.255
Signature Algorithm: sha256WithRSAEncryption
20:99:f4:2c:d0:97:a7:03:f1:ec:03:a7:bb:48:2b:d1:b6:c8:
8b:55:8e:67:ad:d3:b9:ac:ec:7c:88:f1:4e:69:5b:4e:42:13:
e4:a3:3b:6e:e8:b7:d8:69:a9:c7:b3:7f:c9:f4:45:7a:f2:91:
a2:b0:c1:d6:08:40:90:73:f9:c7:5d:6e:ff:d1:38:73:19:73:
d3:e1:69:85:5a:52:51:00:0f:66:f7:e1:8c:4f:b5:a1:e8:06:
93:d0:68:36:c7:08:e8:a6:1d:b0:6f:74:b3:3c:4c:75:28:6b:
93:cf:0b:a2:ff:ca:22:00:cb:c2:8f:69:81:5e:00:bf:ea:bc:
c3:65:ef:a6:af:b1:23:fc:01:5d:a8:0a:15:2a:73:9c:01:1d:
93:02:af:2e:39:47:91:e9:4c:4b:b1:50:40:09:a1:58:96:45:
82:2d:8e:9f:04:b6:f6:c6:78:54:85:b1:92:fd:c4:bc:4f:75:
5f:2d:f6:d2:41:6b:b2:a0:4b:ea:7b:f9:91:e3:c3:fc:21:8c:
f6:5a:a1:76:8f:1f:ec:f8:41:06:fe:9b:26:56:c5:e0:fd:26:
7f:7d:64:7b:6c:19:c0:dc:ff:07:80:5d:d9:61:b3:87:28:ab:
cf:66:8b:23:c9:95:57:10:04:6c:db:da:73:cf:26:9f:6c:ab:
51:12:9c:0a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYwhMTL8oTQc+piEb8WxiFdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMxMTMwMTcwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2JlMzg0Njk4YWYzODAwMThiMmQ5Y2RiOGY5YWRhY2U5YzQ1NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvxCV3aUXJxKIJ8j5aqULG5L2LuN
u62ya3Asn3K0j6YJS7Q3V/IC03mX6gq6cGfjpUsDIVbyQCN3Bxty0NtoOKRNe/zQ
orgmHcLZSnw4vp26GcikZ7+DdPMc0+VQeI0/4Cskxq+DhQ8DdvzCR68e9az7Wukp
Ycvj+o0lwrPdByX9fHyAbDP+6Yn1skWXwX98Nkrad3TtPIgkkhwQ5htT6DNaJxJj
GhkL0d+IsWG0xeHirVTgGDlSiNhud/mfPkqYabembHTTN/yqU+1gLZ7tD1qSbwPQ
mLTGaP7hZn35QiSiV8bNKKjv3OtjMQiPHi+jCqWAkarGgUR4DH7Gaq9y5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGy+OEaYrzgAGLLZzbj5razpxFUHMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvYkw0NFJwaXZPQUFZc3RuTnVQbXRyT25FVlFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKwclQD
BACwclowDQYJKoZIhvcNAQELBQADggEBACCZ9CzQl6cD8ewDp7tIK9G2yItVjmet
07ms7HyI8U5pW05CE+SjO27ot9hpqcezf8n0RXrykaKwwdYIQJBz+cddbv/ROHMZ
c9PhaYVaUlEAD2b34YxPtaHoBpPQaDbHCOimHbBvdLM8THUoa5PPC6L/yiIAy8KP
aYFeAL/qvMNl76avsSP8AV2oChUqc5wBHZMCry45R5HpTEuxUEAJoViWRYItjp8E
tvbGeFSFsZL9xLxPdV8t9tJBa7KgS+p7+ZHjw/whjPZaoXaPH+z4QQb+myZWxeD9
Jn99ZHtsGcDc/weAXdlhs4coq89miyPJlVcQBGzb2nPPJp9sq1ESnAo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:57 2024 by rpki-client on console-fra.rpki-client.org