Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/1-9XrKHeVMRgsYFlN1U7RDK07C7s.roa
File: 1-9XrKHeVMRgsYFlN1U7RDK07C7s.roa (raw, json)
Hash identifier: vo9VSe6/v97WkWZGZQfAPGVkj8rY+3A1YTok7iIe7DM=
Subject key identifier: FB:D5:EB:28:77:95:31:18:2C:60:59:4D:D5:4E:D1:0C:AD:3B:0B:BB
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 01863A472B0BCA33E51F833821CB609AD527
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/1-9XrKHeVMRgsYFlN1U7RDK07C7s.roa
Signing time: Fri 10 Feb 2023 07:43:07 +0000
ROA not before: Fri 10 Feb 2023 07:43:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20668
IP address blocks: 185.206.53.0/24 maxlen: 24
185.206.52.0/24 maxlen: 24
193.36.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:3a:47:2b:0b:ca:33:e5:1f:83:38:21:cb:60:9a:d5:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: Feb 10 07:43:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fbd5eb28779531182c60594dd54ed10cad3b0bbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:f7:ac:22:66:b9:ee:52:f1:d4:3f:f1:aa:a7:
9f:74:38:16:ab:a3:1c:c3:5e:22:3e:66:a9:35:f2:
3e:c4:3e:51:1a:38:3a:75:fb:31:d1:b9:79:94:21:
2b:c1:38:55:15:79:07:64:8e:6b:53:74:32:e4:01:
1a:ca:f7:83:fe:70:96:4a:79:6e:54:d0:ec:84:bf:
ca:fc:ed:77:45:8a:8b:56:85:4b:cb:41:bf:e8:b5:
5d:4e:65:60:05:23:10:8c:6f:19:90:1d:80:92:1b:
7b:18:04:b5:dd:9d:bd:95:fd:37:62:c2:5b:b4:fc:
2b:55:fc:67:f6:d1:e0:34:aa:11:8c:6f:c8:2e:6a:
da:af:91:b7:cf:34:3c:94:cf:1e:72:83:9b:b7:6c:
97:f2:09:fc:b8:d9:4f:73:43:0c:38:d5:e4:fb:33:
9c:a9:2f:92:86:92:c1:57:c4:0a:b5:7f:70:58:20:
45:50:31:46:74:f7:4f:a6:c9:32:ad:ee:45:28:de:
91:da:86:1e:5d:c9:5f:6d:4f:22:96:94:67:5e:cf:
31:fd:32:00:7a:8c:b5:b0:62:c5:76:20:11:b2:c2:
28:8b:5a:d8:86:0d:74:d5:bf:d8:90:9c:76:79:c9:
34:e6:64:f7:06:1b:ff:90:e9:64:fb:88:cb:a9:60:
3a:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:D5:EB:28:77:95:31:18:2C:60:59:4D:D5:4E:D1:0C:AD:3B:0B:BB
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/1-9XrKHeVMRgsYFlN1U7RDK07C7s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.206.52.0/23
193.36.89.0/24
Signature Algorithm: sha256WithRSAEncryption
80:53:ce:9c:2a:9f:a8:b7:5f:84:de:3a:0d:48:28:48:f0:2b:
63:e5:e1:7c:23:71:eb:e3:79:07:10:48:fa:b6:35:22:55:c3:
2b:7d:2c:34:87:a8:74:74:c7:6a:ba:23:9c:df:13:d6:4f:84:
75:c7:0d:96:58:2f:67:0d:94:e3:16:8b:11:0f:10:d8:c3:1e:
03:72:0d:e8:af:a6:e3:5c:27:ab:fe:2b:75:41:7f:b2:53:ce:
0a:f6:fd:21:71:81:5f:98:b6:b2:11:24:6a:71:de:fd:1c:86:
ba:84:e4:da:4b:fa:1d:5c:1b:78:57:40:8d:d6:7c:8a:57:58:
6b:10:68:74:c1:e9:e5:01:04:a8:4d:ef:42:13:a4:8a:a7:d7:
25:70:86:d4:a0:b2:28:d3:b4:17:eb:7e:e5:0f:73:9f:e6:b3:
42:db:d3:74:be:38:40:71:96:c2:b2:f4:df:42:ca:85:97:d7:
ee:1e:bf:88:81:f1:35:b6:24:01:e1:58:c4:93:af:8e:9e:63:
33:45:f4:9b:82:8a:e1:9a:95:20:cc:7a:8e:6e:1e:95:5a:5e:
ca:dd:e8:ee:64:e4:72:a5:8f:49:e8:56:5e:2e:b3:d9:69:ec:
50:2c:45:42:60:47:d5:fb:01:02:5b:5f:29:8b:88:5c:11:0c:
52:b7:d4:75
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYY6RysLyjPlH4M4IctgmtUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMwMjEwMDc0MzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ1ZWIyODc3OTUzMTE4MmM2MDU5NGRkNTRlZDEwY2FkM2IwYmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofesIma57lLx1D/xqqefdDgWq6Mc
w14iPmapNfI+xD5RGjg6dfsx0bl5lCErwThVFXkHZI5rU3Qy5AEayveD/nCWSnlu
VNDshL/K/O13RYqLVoVLy0G/6LVdTmVgBSMQjG8ZkB2Akht7GAS13Z29lf03YsJb
tPwrVfxn9tHgNKoRjG/ILmrar5G3zzQ8lM8ecoObt2yX8gn8uNlPc0MMONXk+zOc
qS+ShpLBV8QKtX9wWCBFUDFGdPdPpskyre5FKN6R2oYeXclfbU8ilpRnXs8x/TIA
eoy1sGLFdiARssIoi1rYhg101b/YkJx2eck05mT3Bhv/kOlk+4jLqWA6UwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPvV6yh3lTEYLGBZTdVO0QytOwu7MB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvMS05WHJLSGVWTVJnc1lGbE4xVTdSREswN0M3cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDgvNmU4NzRlLTczZmUtNGRiYi1iNzRjLTA0MjNmMjYzZjJj
Yi8xL3dFMjNZakpCMS1abmo4SlhVZnBPQzJabEdHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAbnONAME
AMEkWTANBgkqhkiG9w0BAQsFAAOCAQEAgFPOnCqfqLdfhN46DUgoSPArY+XhfCNx
6+N5BxBI+rY1IlXDK30sNIeodHTHarojnN8T1k+EdccNllgvZw2U4xaLEQ8Q2MMe
A3IN6K+m41wnq/4rdUF/slPOCvb9IXGBX5i2shEkanHe/RyGuoTk2kv6HVwbeFdA
jdZ8ildYaxBodMHp5QEEqE3vQhOkiqfXJXCG1KCyKNO0F+t+5Q9zn+azQtvTdL44
QHGWwrL030LKhZfX7h6/iIHxNbYkAeFYxJOvjp5jM0X0m4KK4ZqVIMx6jm4elVpe
yt3o7mTkcqWPSehWXi6z2WnsUCxFQmBH1fsBAltfKYuIXBEMUrfUdQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:59 2024 by rpki-client on console-ams.rpki-client.org