Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/vPFDXpe-XlaYsrqK_XvWUAfDEXE.roa
File: vPFDXpe-XlaYsrqK_XvWUAfDEXE.roa (raw, json)
Hash identifier: 238QVVf7RtKtlZnRsqCSNhig1UrtoujCzppRe9EyLSE=
Subject key identifier: BC:F1:43:5E:97:BE:5E:56:98:B2:BA:8A:FD:7B:D6:50:07:C3:11:71
Certificate issuer: /CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
Certificate serial: 0185700B8D454370C519CD4A2F87EC511BE3
Authority key identifier: 4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/vPFDXpe-XlaYsrqK_XvWUAfDEXE.roa
Signing time: Mon 02 Jan 2023 01:14:43 +0000
ROA not before: Mon 02 Jan 2023 01:14:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 38972
IP address blocks: 80.251.152.0/23 maxlen: 23
80.251.154.0/24 maxlen: 24
80.251.144.0/21 maxlen: 21
46.254.24.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:0b:8d:45:43:70:c5:19:cd:4a:2f:87:ec:51:1b:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
Validity
Not Before: Jan 2 01:14:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bcf1435e97be5e5698b2ba8afd7bd65007c31171
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:0b:59:72:25:22:32:e1:c4:f0:90:4d:a9:ad:
e2:5d:7d:bc:47:ad:fb:e3:93:f6:9b:87:18:5d:cb:
a9:16:ff:83:aa:63:e9:58:0b:35:e6:43:f5:6f:d6:
aa:b7:af:7b:0d:a2:05:d9:23:dc:9f:26:79:2c:4b:
ee:8a:ea:15:c6:28:04:de:a4:f7:d1:6a:c6:b6:ae:
23:2f:5f:4c:c8:02:ff:31:fe:92:9c:63:cc:11:11:
b9:2b:a9:65:1c:61:5b:02:4f:8c:15:b5:35:26:bc:
98:41:5f:e0:89:3e:1b:9c:42:1d:3b:72:1e:c7:da:
21:ca:d8:48:ed:ce:8e:1c:04:f2:ae:8b:99:e7:dd:
9a:72:46:03:c8:83:22:83:13:b0:f7:9e:3e:9a:aa:
88:90:22:fd:e0:c4:fd:fe:a9:34:f5:38:0b:6c:8f:
d0:35:eb:15:0e:65:5b:55:ae:09:35:c2:99:b1:32:
af:87:89:1b:ac:93:b8:31:12:fd:81:4e:af:de:a3:
cc:2c:64:83:c3:87:6d:c5:4f:ca:b7:c2:8f:a0:3b:
2a:c1:af:93:42:96:d7:0a:f7:3c:b5:4c:d5:01:bc:
34:df:cc:de:24:23:cc:37:7f:da:98:e6:be:4b:5f:
1e:4b:18:56:74:66:ac:ae:37:7d:5d:98:fd:5d:7c:
76:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:F1:43:5E:97:BE:5E:56:98:B2:BA:8A:FD:7B:D6:50:07:C3:11:71
X509v3 Authority Key Identifier:
keyid:4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/vPFDXpe-XlaYsrqK_XvWUAfDEXE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.254.24.0/22
80.251.144.0-80.251.154.255
Signature Algorithm: sha256WithRSAEncryption
81:db:df:80:97:94:98:5a:3e:2d:0d:08:37:be:13:ef:ee:ce:
a1:83:6f:5e:9c:83:c5:2c:88:03:48:02:2e:fb:08:f6:30:6b:
c6:83:12:2b:12:57:25:eb:c5:bd:87:8d:8b:37:af:40:84:69:
c1:fd:f4:9c:4f:a3:79:33:13:49:c1:5b:8b:37:fd:fd:ed:eb:
e1:0f:1a:1f:b0:01:ab:ba:89:ca:fb:aa:6f:02:20:cb:92:e3:
b5:96:8a:ec:8b:78:da:3f:18:fa:e7:7a:33:32:70:dc:c2:03:
c2:80:66:75:69:0f:9d:0d:56:8c:5f:21:57:b6:6c:3b:98:9e:
05:25:82:3e:cc:6f:56:50:62:a4:24:d8:5d:2a:e5:0a:4c:2c:
b0:d7:bf:5c:c2:f2:ea:01:83:32:c9:44:74:76:83:f0:0e:72:
16:90:1d:09:40:49:24:e3:de:8d:8c:45:24:3f:70:23:45:44:
d5:5d:6a:69:0a:0f:ef:3f:f4:00:2f:4f:13:7e:66:fc:94:8c:
96:3f:45:b3:86:98:30:44:c3:4e:74:d7:9a:7b:a7:c6:b7:1c:
1c:f7:43:cb:8d:ba:c4:7b:be:49:bd:16:0f:c3:c2:6b:ce:fd:
01:1d:e2:24:fb:2c:83:c1:ad:a8:c0:6a:8d:7b:f2:59:a2:4c:
d0:90:ff:3f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVwC41FQ3DFGc1KL4fsURvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWViYjliMDUxYWQ1ZWM3YTM2OTg5ZmMzZmNjOTRjMWNh
YmNjNzQwHhcNMjMwMTAyMDExNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2YxNDM1ZTk3YmU1ZTU2OThiMmJhOGFmZDdiZDY1MDA3YzMxMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wtZciUiMuHE8JBNqa3iXX28R637
45P2m4cYXcupFv+DqmPpWAs15kP1b9aqt697DaIF2SPcnyZ5LEvuiuoVxigE3qT3
0WrGtq4jL19MyAL/Mf6SnGPMERG5K6llHGFbAk+MFbU1JryYQV/giT4bnEIdO3Ie
x9ohythI7c6OHATyrouZ592ackYDyIMigxOw954+mqqIkCL94MT9/qk09TgLbI/Q
NesVDmVbVa4JNcKZsTKvh4kbrJO4MRL9gU6v3qPMLGSDw4dtxU/Kt8KPoDsqwa+T
QpbXCvc8tUzVAbw038zeJCPMN3/amOa+S18eSxhWdGasrjd9XZj9XXx2vwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLzxQ16Xvl5WmLK6iv171lAHwxFxMB8GA1UdIwQY
MBaAFE5eu5sFGtXsejaYn8P8yUwcq8x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUt
YzJmZDBmOTU4ZDRiLzEvdlBGRFhwZS1YbGFZc3JxS19YdldVQWZERVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUtYzJmZDBmOTU4ZDRi
LzEvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCLv4YMAwD
BARQ+5ADBABQ+5owDQYJKoZIhvcNAQELBQADggEBAIHb34CXlJhaPi0NCDe+E+/u
zqGDb16cg8UsiANIAi77CPYwa8aDEisSVyXrxb2HjYs3r0CEacH99JxPo3kzE0nB
W4s3/f3t6+EPGh+wAau6icr7qm8CIMuS47WWiuyLeNo/GPrnejMycNzCA8KAZnVp
D50NVoxfIVe2bDuYngUlgj7Mb1ZQYqQk2F0q5QpMLLDXv1zC8uoBgzLJRHR2g/AO
chaQHQlASSTj3o2MRSQ/cCNFRNVdamkKD+8/9AAvTxN+ZvyUjJY/RbOGmDBEw050
15p7p8a3HBz3Q8uNusR7vkm9Fg/DwmvO/QEd4iT7LIPBrajAao178lmiTNCQ/z8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:05 2024 by rpki-client on console-fra.rpki-client.org