Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/CKyPopmX7NF8Nj8SxVGUEOnFaOE.roa
File: CKyPopmX7NF8Nj8SxVGUEOnFaOE.roa (raw, json)
Hash identifier: oqrIvQCkMGzDmtUjqDpdP3tSD9h344len65TO2/Bhgs=
Subject key identifier: 08:AC:8F:A2:99:97:EC:D1:7C:36:3F:12:C5:51:94:10:E9:C5:68:E1
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 0185708CC8A51F2460C61A8B524154706C37
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/CKyPopmX7NF8Nj8SxVGUEOnFaOE.roa
Signing time: Mon 02 Jan 2023 03:35:52 +0000
ROA not before: Mon 02 Jan 2023 03:35:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42997
IP address blocks: 86.106.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:8c:c8:a5:1f:24:60:c6:1a:8b:52:41:54:70:6c:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: Jan 2 03:35:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08ac8fa29997ecd17c363f12c5519410e9c568e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:65:99:07:7a:d8:ec:4c:3a:7d:66:f1:e9:69:
2c:73:8d:d9:5e:94:f6:1f:76:8b:68:db:97:29:24:
9f:73:6c:62:9b:75:0c:02:71:de:09:b4:fa:af:ef:
7e:50:ba:29:e4:1a:54:11:c5:c8:cc:81:37:ca:e3:
56:50:5a:f4:e3:fb:e0:ec:d8:40:12:f8:a6:73:a7:
20:d4:fd:b3:f5:cb:9b:97:3a:d7:97:85:f8:54:b0:
6c:97:88:ab:d0:55:c9:93:df:ee:20:24:82:69:4a:
2c:55:43:65:a2:db:2e:86:23:73:96:47:07:e9:4e:
16:fd:7c:fd:39:4b:85:36:fd:7d:32:ae:47:5c:0c:
68:b9:37:6c:15:ef:55:ff:ea:34:60:64:ec:81:73:
db:80:09:38:bd:f6:ed:48:05:26:f6:55:37:7c:97:
70:f2:da:6e:bf:c3:7a:3f:0c:21:ae:fb:a9:19:5b:
f0:b0:ce:4f:f3:f4:f1:8b:93:c1:78:35:94:07:03:
6c:be:57:25:63:06:2a:11:7c:8b:51:00:68:a6:40:
44:57:f1:7a:6c:e8:37:6d:a3:72:2f:10:10:e0:c2:
d7:82:24:86:6c:62:1f:80:24:a8:c3:a7:2f:08:44:
51:fe:45:88:d9:c2:c2:f5:f4:32:5b:01:6f:d0:0f:
15:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:AC:8F:A2:99:97:EC:D1:7C:36:3F:12:C5:51:94:10:E9:C5:68:E1
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/CKyPopmX7NF8Nj8SxVGUEOnFaOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.106.173.0/24
Signature Algorithm: sha256WithRSAEncryption
01:44:3d:48:95:73:21:c3:2d:49:47:95:4e:d1:30:fa:95:31:
78:bc:c9:e7:d0:44:66:ff:f7:6c:1e:a9:92:94:79:60:6b:e9:
e5:91:ca:06:c0:6c:f3:13:1c:de:e1:cd:4c:44:f3:a9:83:af:
01:b4:88:f8:d2:62:9e:08:a0:d7:88:25:92:2a:a3:73:2a:bc:
df:2d:ff:4b:67:bd:b8:c6:63:f9:89:03:65:ee:00:b5:2c:3b:
42:63:8b:de:cc:7f:17:90:98:4c:e6:56:5d:2e:fc:42:3f:21:
08:71:2f:3d:be:8a:fa:e9:bc:7a:92:f0:e3:40:41:10:e7:12:
1c:74:77:a0:f0:94:ef:c6:b9:d1:cd:34:bd:54:b5:36:d8:20:
8d:3b:48:66:6d:27:51:aa:68:f1:56:ba:37:da:63:d2:30:ea:
64:cf:6e:87:c2:30:39:37:b9:fe:69:9c:e7:e6:57:85:b5:53:
d2:48:72:af:4d:a5:30:1f:f1:5b:5c:a8:41:16:de:23:1e:a7:
1e:17:1a:91:a5:a8:6b:52:c0:d0:1e:f0:b3:dc:99:76:b7:61:
ff:c0:60:dd:0c:99:9c:b3:18:a2:47:bd:1f:39:50:8b:a9:1f:
a8:5a:66:30:f0:b8:a6:92:ab:d2:88:7e:30:fa:5a:d0:82:01:
ec:f3:f6:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwjMilHyRgxhqLUkFUcGw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMwMTAyMDMzNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFjOGZhMjk5OTdlY2QxN2MzNjNmMTJjNTUxOTQxMGU5YzU2OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumWZB3rY7Ew6fWbx6Wksc43ZXpT2
H3aLaNuXKSSfc2xim3UMAnHeCbT6r+9+ULop5BpUEcXIzIE3yuNWUFr04/vg7NhA
Evimc6cg1P2z9cublzrXl4X4VLBsl4ir0FXJk9/uICSCaUosVUNlotsuhiNzlkcH
6U4W/Xz9OUuFNv19Mq5HXAxouTdsFe9V/+o0YGTsgXPbgAk4vfbtSAUm9lU3fJdw
8tpuv8N6PwwhrvupGVvwsM5P8/Txi5PBeDWUBwNsvlclYwYqEXyLUQBopkBEV/F6
bOg3baNyLxAQ4MLXgiSGbGIfgCSow6cvCERR/kWI2cLC9fQyWwFv0A8V2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAisj6KZl+zRfDY/EsVRlBDpxWjhMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvQ0t5UG9wbVg3TkY4Tmo4U3hWR1VFT25GYU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmqtMA0G
CSqGSIb3DQEBCwUAA4IBAQABRD1IlXMhwy1JR5VO0TD6lTF4vMnn0ERm//dsHqmS
lHlga+nlkcoGwGzzExze4c1MRPOpg68BtIj40mKeCKDXiCWSKqNzKrzfLf9LZ724
xmP5iQNl7gC1LDtCY4vezH8XkJhM5lZdLvxCPyEIcS89vor66bx6kvDjQEEQ5xIc
dHeg8JTvxrnRzTS9VLU22CCNO0hmbSdRqmjxVro32mPSMOpkz26HwjA5N7n+aZzn
5leFtVPSSHKvTaUwH/FbXKhBFt4jHqceFxqRpahrUsDQHvCz3Jl2t2H/wGDdDJmc
sxiiR70fOVCLqR+oWmYw8LimkqvSiH4w+lrQggHs8/bM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:46 2024 by rpki-client on console-fra.rpki-client.org