Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/vECBVEiEB5e8DVY2DEaoFrTZdVY.roa
File: vECBVEiEB5e8DVY2DEaoFrTZdVY.roa (raw, json)
Hash identifier: ox5mRM3lFY6R9kQfCTQTIQ5l7cS/QPzHAjDpuVdCexQ=
Subject key identifier: BC:40:81:54:48:84:07:97:BC:0D:56:36:0C:46:A8:16:B4:D9:75:56
Certificate issuer: /CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Certificate serial: 01856FCBB31A0B3371908C41AE3C6610C634
Authority key identifier: 25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/vECBVEiEB5e8DVY2DEaoFrTZdVY.roa
Signing time: Mon 02 Jan 2023 00:04:58 +0000
ROA not before: Mon 02 Jan 2023 00:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208118
IP address blocks: 152.89.64.0/22 maxlen: 32
2a09:2e40::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:cb:b3:1a:0b:33:71:90:8c:41:ae:3c:66:10:c6:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Validity
Not Before: Jan 2 00:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bc40815448840797bc0d56360c46a816b4d97556
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:d2:00:ad:8d:e6:c7:35:ea:f3:d3:5d:c4:8f:
c3:4c:99:45:3c:b9:cb:fd:b0:68:8b:e8:e6:8b:7b:
14:88:76:21:d8:6e:b9:ad:95:a0:73:ce:29:bb:6a:
71:29:b1:da:79:19:ca:61:1c:bf:6c:f7:5b:3b:18:
c7:f5:47:9d:aa:ee:5d:4f:12:96:81:72:58:0f:6d:
04:61:af:d2:cf:af:5c:3b:47:54:a4:11:36:7f:15:
96:53:33:eb:3e:d9:b5:a6:56:16:4b:98:ab:6c:ce:
0d:59:67:b4:6f:9d:db:6b:31:4e:9f:5a:0b:71:66:
c3:04:ff:fb:7d:8f:63:76:7e:fe:ab:f9:b8:36:0e:
9a:57:6e:70:22:b1:cd:a0:d5:d5:40:b7:df:c2:d3:
31:b2:9f:c7:f3:15:f4:e0:f5:81:99:54:90:2f:93:
08:a6:11:ce:27:71:f0:6c:9c:1d:e9:7e:59:ec:24:
a6:4f:bd:5b:84:28:17:d7:e8:e8:98:76:9d:a3:53:
5d:b0:86:dc:1b:2e:c7:f6:4e:3a:04:73:cb:89:8e:
d7:f3:59:e9:95:8f:bb:09:b8:9e:6f:59:a2:08:85:
fe:7f:7c:e1:35:71:af:df:bf:4b:ef:65:7b:ee:3f:
6e:26:4f:4d:ae:db:80:6d:70:d0:72:43:3b:89:82:
64:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:40:81:54:48:84:07:97:BC:0D:56:36:0C:46:A8:16:B4:D9:75:56
X509v3 Authority Key Identifier:
keyid:25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/vECBVEiEB5e8DVY2DEaoFrTZdVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.64.0/22
IPv6:
2a09:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
67:ff:1a:c6:b1:25:bb:76:5c:aa:97:85:64:8d:1a:03:1d:b6:
a0:e1:0e:20:78:3b:8b:5f:21:b9:37:10:72:13:3c:73:0c:e8:
5a:8f:e0:c5:f7:41:be:10:f4:f0:61:1f:b8:49:f4:4a:8f:40:
aa:70:cb:b2:11:64:97:b9:7f:9e:96:ea:c3:77:3f:a1:7d:99:
bf:dc:33:af:70:7a:50:0d:f0:ee:2f:f5:57:ea:d2:1a:57:df:
81:0e:bd:4e:33:3a:d6:ef:11:07:98:fb:9e:a2:9c:c1:c7:fb:
6f:f5:5b:e0:79:80:b4:33:bc:2c:b7:cc:ec:8f:c2:23:df:96:
82:49:94:59:bc:fd:80:4a:7e:c6:c8:bf:36:78:f5:ae:b8:43:
37:a2:2a:aa:57:58:7d:c7:20:51:ee:fd:fb:c6:f2:d9:ff:c1:
92:14:8d:d5:68:8b:93:91:ad:ec:51:aa:6c:d9:ff:71:e8:de:
b9:a3:41:08:47:ec:47:3c:4e:b0:c6:d3:a7:4f:fa:c9:c3:87:
27:4f:66:46:06:a8:c0:78:34:91:7f:5b:e5:5d:ad:3a:44:c0:
30:a1:8b:b0:2e:52:db:ff:2b:66:f6:76:db:0e:c1:dc:17:86:
95:c1:5f:ab:f4:4e:16:8c:9f:2a:60:b1:70:5f:52:d5:e4:53:
93:eb:2b:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVvy7MaCzNxkIxBrjxmEMY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTdmYTk1NmYwZjUzOTgwZDc5YzMyY2UxZTZlOTNlZmQ0
ODhmZDcwHhcNMjMwMTAyMDAwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzQwODE1NDQ4ODQwNzk3YmMwZDU2MzYwYzQ2YTgxNmI0ZDk3NTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNIArY3mxzXq89NdxI/DTJlFPLnL
/bBoi+jmi3sUiHYh2G65rZWgc84pu2pxKbHaeRnKYRy/bPdbOxjH9Uedqu5dTxKW
gXJYD20EYa/Sz69cO0dUpBE2fxWWUzPrPtm1plYWS5irbM4NWWe0b53bazFOn1oL
cWbDBP/7fY9jdn7+q/m4Ng6aV25wIrHNoNXVQLffwtMxsp/H8xX04PWBmVSQL5MI
phHOJ3HwbJwd6X5Z7CSmT71bhCgX1+jomHado1NdsIbcGy7H9k46BHPLiY7X81np
lY+7Cbieb1miCIX+f3zhNXGv379L72V77j9uJk9NrtuAbXDQckM7iYJkNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLxAgVRIhAeXvA1WNgxGqBa02XVWMB8GA1UdIwQY
MBaAFCVX+pVvD1OYDXnDLOHm6T79SI/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAt
NmQ3MTYzNDQyMjQ0LzEvdkVDQlZFaUVCNWU4RFZZMkRFYW9GclRaZFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAtNmQ3MTYzNDQyMjQ0
LzEvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFlAMA0E
AgACMAcDBQMqCS5AMA0GCSqGSIb3DQEBCwUAA4IBAQBn/xrGsSW7dlyql4VkjRoD
Hbag4Q4geDuLXyG5NxByEzxzDOhaj+DF90G+EPTwYR+4SfRKj0CqcMuyEWSXuX+e
lurDdz+hfZm/3DOvcHpQDfDuL/VX6tIaV9+BDr1OMzrW7xEHmPueopzBx/tv9Vvg
eYC0M7wst8zsj8Ij35aCSZRZvP2ASn7GyL82ePWuuEM3oiqqV1h9xyBR7v37xvLZ
/8GSFI3VaIuTka3sUaps2f9x6N65o0EIR+xHPE6wxtOnT/rJw4cnT2ZGBqjAeDSR
f1vlXa06RMAwoYuwLlLb/ytm9nbbDsHcF4aVwV+r9E4WjJ8qYLFwX1LV5FOT6ytz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:51 2024 by rpki-client on console-ams.rpki-client.org