Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/FfuTm0AWz8QBKl1lAFtO69s9cFs.roa
File: FfuTm0AWz8QBKl1lAFtO69s9cFs.roa (raw, json)
Hash identifier: ISIae+DVEVRymCFdD9XUYY5ImvDOQT+BXU6HLOUN5bA=
Subject key identifier: 15:FB:93:9B:40:16:CF:C4:01:2A:5D:65:00:5B:4E:EB:DB:3D:70:5B
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 01863A3E0326F6367C9AF925056D66D699A2
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/FfuTm0AWz8QBKl1lAFtO69s9cFs.roa
Signing time: Fri 10 Feb 2023 07:33:07 +0000
ROA not before: Fri 10 Feb 2023 07:33:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20668
IP address blocks: 185.206.53.0/24 maxlen: 24
193.36.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:3a:3e:03:26:f6:36:7c:9a:f9:25:05:6d:66:d6:99:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: Feb 10 07:33:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=15fb939b4016cfc4012a5d65005b4eebdb3d705b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:91:26:c2:2b:74:dc:db:20:5a:8e:41:fe:c7:
1e:b5:a0:50:d7:65:84:59:6c:ec:3c:b2:95:84:e3:
80:d4:0f:34:a8:60:90:20:97:b0:c3:5d:72:1a:0b:
7d:74:89:cd:f9:18:2a:58:47:6b:c5:01:af:96:d1:
5f:97:38:9e:40:80:80:8b:e1:ed:7b:42:96:e2:55:
33:22:97:c1:90:e6:b1:e6:db:07:a0:37:f5:df:24:
3d:32:3e:78:f7:26:e7:00:c6:5e:8d:cb:8b:46:93:
0a:b3:7c:7c:a0:37:c4:0a:cd:e8:44:a8:76:d8:67:
ce:c2:25:35:50:5f:e2:4b:3e:10:34:cd:e3:88:eb:
e5:38:a4:e4:d6:88:76:71:fc:8a:b4:fe:0f:5b:4f:
90:ba:e9:0a:4d:5f:52:35:a5:b1:e4:05:d9:ab:de:
70:40:22:04:29:fa:2c:86:61:6c:2a:68:59:3d:96:
83:69:2a:a5:ec:d3:cc:23:fa:87:00:fb:53:01:32:
93:8a:78:fb:66:50:f6:da:41:cb:22:72:f3:25:44:
9a:ea:dd:bf:d2:fe:2f:aa:ce:9e:0e:8c:68:2d:85:
d6:1b:fc:c8:42:c2:6f:5b:49:d3:96:46:e6:d4:ee:
53:a4:b0:f1:b8:29:29:fc:df:81:6a:3a:42:e9:ed:
ab:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:FB:93:9B:40:16:CF:C4:01:2A:5D:65:00:5B:4E:EB:DB:3D:70:5B
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/FfuTm0AWz8QBKl1lAFtO69s9cFs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.206.53.0/24
193.36.89.0/24
Signature Algorithm: sha256WithRSAEncryption
76:bd:1b:e7:af:2c:65:c8:34:13:18:b1:cf:5f:5f:8e:d5:80:
f3:43:ce:f0:4b:3b:96:b7:1e:3c:cf:55:ce:d7:9f:63:18:43:
41:87:b9:9f:7b:69:2f:e2:42:f4:63:75:16:cb:7c:ca:db:2a:
99:03:73:21:c7:05:ec:0b:9d:ab:6a:f6:0b:09:27:37:96:2d:
02:de:45:e1:0c:c4:e0:4b:9c:fe:f2:0f:57:cb:ee:fd:31:1f:
a9:34:aa:93:ac:fb:c3:8e:7b:e0:44:66:80:1b:2d:1a:2b:b8:
69:6b:e0:db:d0:4e:0e:c0:a9:cd:df:66:76:aa:b5:8a:96:a1:
81:f4:30:bc:93:c3:f1:43:22:80:28:f7:a1:71:ec:48:c5:b4:
18:af:30:3f:3a:b1:a7:92:18:bb:c1:10:45:b5:e5:84:fc:c5:
2d:33:c2:e3:9f:c7:3a:f7:6e:92:20:0c:0b:14:74:c0:3d:7d:
ec:ae:22:55:72:91:bf:dc:45:14:2a:68:e1:b3:6e:0d:bb:ea:
9e:e7:50:7b:1e:33:de:2f:a4:aa:8a:ac:24:0b:68:34:47:e1:
89:33:b0:b1:49:df:2c:aa:f1:b8:7f:cf:86:c6:0c:46:c8:07:
43:35:cd:5b:1d:4d:ba:06:84:59:e5:dd:dd:2e:63:bb:ea:53:
41:47:f0:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYY6PgMm9jZ8mvklBW1m1pmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMwMjEwMDczMzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWZiOTM5YjQwMTZjZmM0MDEyYTVkNjUwMDViNGVlYmRiM2Q3MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipEmwit03NsgWo5B/scetaBQ12WE
WWzsPLKVhOOA1A80qGCQIJeww11yGgt9dInN+RgqWEdrxQGvltFflzieQICAi+Ht
e0KW4lUzIpfBkOax5tsHoDf13yQ9Mj549ybnAMZejcuLRpMKs3x8oDfECs3oRKh2
2GfOwiU1UF/iSz4QNM3jiOvlOKTk1oh2cfyKtP4PW0+QuukKTV9SNaWx5AXZq95w
QCIEKfoshmFsKmhZPZaDaSql7NPMI/qHAPtTATKTinj7ZlD22kHLInLzJUSa6t2/
0v4vqs6eDoxoLYXWG/zIQsJvW0nTlkbm1O5TpLDxuCkp/N+BajpC6e2r3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBX7k5tAFs/EASpdZQBbTuvbPXBbMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvRmZ1VG0wQVd6OFFCS2wxbEFGdE82OXM5Y0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc41AwQA
wSRZMA0GCSqGSIb3DQEBCwUAA4IBAQB2vRvnryxlyDQTGLHPX1+O1YDzQ87wSzuW
tx48z1XO159jGENBh7mfe2kv4kL0Y3UWy3zK2yqZA3MhxwXsC52ravYLCSc3li0C
3kXhDMTgS5z+8g9Xy+79MR+pNKqTrPvDjnvgRGaAGy0aK7hpa+Db0E4OwKnN32Z2
qrWKlqGB9DC8k8PxQyKAKPehcexIxbQYrzA/OrGnkhi7wRBFteWE/MUtM8Ljn8c6
926SIAwLFHTAPX3sriJVcpG/3EUUKmjhs24Nu+qe51B7HjPeL6SqiqwkC2g0R+GJ
M7CxSd8sqvG4f8+GxgxGyAdDNc1bHU26BoRZ5d3dLmO76lNBR/Do
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:46 2024 by rpki-client on console-fra.rpki-client.org