Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/istIZ3VkeCXlErKQet0XvCfZI78.roa
File: istIZ3VkeCXlErKQet0XvCfZI78.roa (raw, json)
Hash identifier: tHtZtmYEx5f4PVJ6OgOK9GiJ+uTPzYOoRceHZY9vWqw=
Subject key identifier: 8A:CB:48:67:75:64:78:25:E5:12:B2:90:7A:DD:17:BC:27:D9:23:BF
Certificate issuer: /CN=306134bcf59f581d6b76630cfa87867876a29215
Certificate serial: 01856CB824A5EE65F8C68FD7C4094DE72789
Authority key identifier: 30:61:34:BC:F5:9F:58:1D:6B:76:63:0C:FA:87:86:78:76:A2:92:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MGE0vPWfWB1rdmMM-oeGeHaikhU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/istIZ3VkeCXlErKQet0XvCfZI78.roa
Signing time: Sun 01 Jan 2023 09:44:45 +0000
ROA not before: Sun 01 Jan 2023 09:44:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5500
IP address blocks: 193.93.200.0/22 maxlen: 22
188.64.32.0/21 maxlen: 21
2a02:56c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:b8:24:a5:ee:65:f8:c6:8f:d7:c4:09:4d:e7:27:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=306134bcf59f581d6b76630cfa87867876a29215
Validity
Not Before: Jan 1 09:44:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8acb486775647825e512b2907add17bc27d923bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:2f:52:41:27:4f:34:6e:ec:6b:89:26:4b:95:
e4:10:4a:e8:cc:0a:c8:2a:c0:78:ca:3b:59:d0:56:
2a:7b:fb:41:4f:11:13:be:03:5f:c0:8f:bf:0e:95:
3a:74:a6:2e:7a:73:b9:3c:73:30:39:5b:9c:2f:f5:
c4:5d:74:80:57:e7:12:79:c4:9b:68:21:0b:61:36:
a1:00:aa:ae:6d:c3:8b:d0:77:c0:6e:c3:8e:61:c1:
b8:01:b9:9c:28:3b:97:9c:3f:63:09:bc:2a:ee:6e:
37:10:7c:35:99:f5:43:c8:c4:a5:9c:99:2f:ae:bf:
43:b9:7d:09:a7:e7:99:b6:02:dd:9f:c0:7d:06:69:
95:61:fc:de:cd:4f:03:a2:78:34:8f:b5:9a:a4:1e:
e0:cc:d6:35:cc:1b:e4:04:18:19:7f:e6:95:1b:8a:
60:9f:8a:fb:1f:27:20:7b:be:c7:78:44:2c:2d:d6:
ed:39:6a:3d:51:21:37:47:b0:a3:d1:62:ec:80:3b:
97:53:c6:ad:a4:d5:cf:1f:6b:2a:c8:05:5c:1c:51:
db:b5:87:b7:f2:bc:3d:32:33:bd:28:11:37:60:e2:
7e:80:6c:88:26:fe:df:78:c5:18:d2:73:b0:2a:2f:
37:98:91:a6:2a:cc:14:44:31:3c:d7:4a:b2:5a:8e:
da:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:CB:48:67:75:64:78:25:E5:12:B2:90:7A:DD:17:BC:27:D9:23:BF
X509v3 Authority Key Identifier:
keyid:30:61:34:BC:F5:9F:58:1D:6B:76:63:0C:FA:87:86:78:76:A2:92:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGE0vPWfWB1rdmMM-oeGeHaikhU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/istIZ3VkeCXlErKQet0XvCfZI78.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a8941a-7250-48ec-aaf8-6d8ea9d1cd73/1/MGE0vPWfWB1rdmMM-oeGeHaikhU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.64.32.0/21
193.93.200.0/22
IPv6:
2a02:56c0::/32
Signature Algorithm: sha256WithRSAEncryption
80:d2:d6:d4:ff:0b:43:12:d6:7c:59:54:7e:23:64:23:75:be:
b3:a5:92:4a:33:61:15:d3:49:c6:76:df:fb:4f:41:2f:8a:e3:
bc:a0:41:35:8a:83:68:71:8c:3d:b3:21:ce:f6:57:4f:45:8b:
b6:2c:e3:66:09:29:c3:2c:ce:a6:d7:f5:6e:25:f6:1f:75:53:
cd:b0:a4:75:62:3c:f3:79:b1:52:1f:99:b3:b3:df:ad:f6:04:
10:25:53:6c:ec:17:e8:79:39:c7:82:7f:27:e0:e9:e6:30:63:
1e:c1:fa:d8:75:1f:45:c2:98:f4:9f:d6:67:d8:ce:55:48:54:
34:96:9c:c2:cc:e6:bc:07:8c:0f:6c:0e:94:b4:4d:ea:3b:3a:
5f:a4:c7:2b:ac:98:63:50:dc:35:c5:4d:24:fb:f3:9b:ea:ae:
fe:2e:bd:29:cd:e6:00:03:f2:ad:da:46:f4:d7:93:ee:95:fa:
b0:22:4b:4b:50:8a:29:d4:b4:0f:ea:64:54:46:24:9f:76:1a:
be:ff:91:46:b3:6b:75:7d:fd:f7:d2:76:bd:a5:bd:5f:80:18:
1a:2b:d5:af:eb:96:b2:06:0d:cf:78:13:a8:9f:2f:8b:5c:65:
fd:a4:25:19:f1:d1:5f:71:55:dd:e4:84:e7:18:42:83:14:51:
38:c4:2e:12
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVsuCSl7mX4xo/XxAlN5yeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjEzNGJjZjU5ZjU4MWQ2Yjc2NjMwY2ZhODc4Njc4NzZh
MjkyMTUwHhcNMjMwMTAxMDk0NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWNiNDg2Nzc1NjQ3ODI1ZTUxMmIyOTA3YWRkMTdiYzI3ZDkyM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiS9SQSdPNG7sa4kmS5XkEErozArI
KsB4yjtZ0FYqe/tBTxETvgNfwI+/DpU6dKYuenO5PHMwOVucL/XEXXSAV+cSecSb
aCELYTahAKqubcOL0HfAbsOOYcG4AbmcKDuXnD9jCbwq7m43EHw1mfVDyMSlnJkv
rr9DuX0Jp+eZtgLdn8B9BmmVYfzezU8Dong0j7WapB7gzNY1zBvkBBgZf+aVG4pg
n4r7Hycge77HeEQsLdbtOWo9USE3R7Cj0WLsgDuXU8atpNXPH2sqyAVcHFHbtYe3
8rw9MjO9KBE3YOJ+gGyIJv7feMUY0nOwKi83mJGmKswURDE810qyWo7agQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIrLSGd1ZHgl5RKykHrdF7wn2SO/MB8GA1UdIwQY
MBaAFDBhNLz1n1gda3ZjDPqHhnh2opIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdFMHZQV2ZXQjFyZG1NTS1vZUdlSGFpa2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hODk0MWEtNzI1MC00OGVjLWFhZjgt
NmQ4ZWE5ZDFjZDczLzEvaXN0SVozVmtlQ1hsRXJLUWV0MFh2Q2ZaSTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hODk0MWEtNzI1MC00OGVjLWFhZjgtNmQ4ZWE5ZDFjZDcz
LzEvTUdFMHZQV2ZXQjFyZG1NTS1vZUdlSGFpa2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDvEAgAwQC
wV3IMA0EAgACMAcDBQAqAlbAMA0GCSqGSIb3DQEBCwUAA4IBAQCA0tbU/wtDEtZ8
WVR+I2Qjdb6zpZJKM2EV00nGdt/7T0EviuO8oEE1ioNocYw9syHO9ldPRYu2LONm
CSnDLM6m1/VuJfYfdVPNsKR1YjzzebFSH5mzs9+t9gQQJVNs7BfoeTnHgn8n4Onm
MGMewfrYdR9Fwpj0n9Zn2M5VSFQ0lpzCzOa8B4wPbA6UtE3qOzpfpMcrrJhjUNw1
xU0k+/Ob6q7+Lr0pzeYAA/Kt2kb015PulfqwIktLUIop1LQP6mRURiSfdhq+/5FG
s2t1ff330na9pb1fgBgaK9Wv65ayBg3PeBOony+LXGX9pCUZ8dFfcVXd5ITnGEKD
FFE4xC4S
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org