Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wqFX-bPYdH2GFS3Z1rlU9vCxKD0.roa
File: wqFX-bPYdH2GFS3Z1rlU9vCxKD0.roa (raw, json)
Hash identifier: Apc1yX6LmAq9lCFsAjO609CyHL7ROMxgIg9RhZ6SdVc=
Subject key identifier: C2:A1:57:F9:B3:D8:74:7D:86:15:2D:D9:D6:B9:54:F6:F0:B1:28:3D
Certificate issuer: /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial: 018A81D015442937F657F250E7DF88B5BB93
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wqFX-bPYdH2GFS3Z1rlU9vCxKD0.roa
Signing time: Mon 11 Sep 2023 01:16:52 +0000
ROA not before: Mon 11 Sep 2023 01:16:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 194.8.80.0/24 maxlen: 24
93.115.6.0/24 maxlen: 24
86.106.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:81:d0:15:44:29:37:f6:57:f2:50:e7:df:88:b5:bb:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Validity
Not Before: Sep 11 01:16:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2a157f9b3d8747d86152dd9d6b954f6f0b1283d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:e0:0d:ec:c3:63:f3:97:2d:bf:e0:a6:c2:db:
8e:ae:84:c8:0e:1c:c5:3a:53:47:2e:96:6e:4c:88:
24:d2:44:b7:ce:60:98:62:56:59:d0:bf:f6:8d:6f:
91:d3:ed:04:b4:af:72:fc:56:d9:be:ff:db:dc:a1:
f8:44:58:8c:38:27:bf:e1:8a:58:f8:96:aa:6d:0b:
65:22:ed:a4:71:47:36:eb:f3:e5:c1:77:b7:d5:f4:
97:3c:43:14:f4:08:80:6b:3f:0b:89:63:4e:ed:59:
03:2a:38:9f:68:1c:19:86:fe:87:ae:b7:45:c6:6d:
cd:e4:eb:24:a4:d3:94:38:14:06:17:09:61:50:40:
38:8b:cf:1b:13:73:22:d0:d7:19:31:86:3c:3d:b2:
6f:25:c2:25:6b:44:32:7c:37:d6:a6:07:48:03:cd:
73:1b:a8:01:49:4c:e6:4b:2c:4c:70:a4:10:41:20:
3d:6d:d6:61:7e:1a:71:f6:c1:92:c1:a2:aa:ce:3e:
f1:df:d2:aa:00:27:66:4a:4b:11:38:23:66:cd:ec:
92:67:70:be:e2:6a:2a:81:3f:ff:e5:89:47:a4:af:
91:2a:4e:3a:e2:1a:59:e9:dc:8d:dd:1a:5d:e9:d7:
ae:9c:3d:97:f9:9a:11:e6:cd:75:12:ce:9a:02:e1:
a9:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:A1:57:F9:B3:D8:74:7D:86:15:2D:D9:D6:B9:54:F6:F0:B1:28:3D
X509v3 Authority Key Identifier:
keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wqFX-bPYdH2GFS3Z1rlU9vCxKD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.106.173.0/24
93.115.6.0/24
194.8.80.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:eb:f3:c3:9d:cd:40:0e:d0:82:39:b7:77:37:a1:5b:eb:4f:
ab:ec:66:e2:09:a4:79:9b:6d:9b:3e:8a:2e:db:7a:f4:1d:e4:
7b:fc:e4:4b:9f:ab:1b:e3:1c:75:c3:3f:b9:59:47:e9:60:3a:
c1:5d:6d:74:ea:fe:85:6f:7b:e9:af:52:2a:30:43:38:5b:2f:
af:db:08:f9:0d:28:69:46:a7:b2:7c:5f:e3:3f:0f:a3:48:1e:
ac:c5:c5:76:38:55:a3:97:ab:d7:a8:21:d2:8c:bd:0e:94:bc:
63:0d:98:81:6d:7e:d2:b6:ff:fa:8a:8f:92:5b:08:0b:ec:59:
3c:fc:b1:d7:24:fa:35:8b:5f:55:3d:6e:da:72:d9:5d:9c:ff:
56:89:03:af:d8:4c:53:e6:ad:5b:b7:8e:ce:57:05:d5:ce:48:
22:94:4c:2c:09:46:38:cb:98:63:35:67:b2:48:04:dd:ee:39:
a1:57:d0:eb:13:a5:c0:2f:cd:b0:48:4f:bc:c9:ec:1d:80:14:
7a:96:28:9b:a8:b0:24:2b:80:a4:f7:50:37:b9:74:7a:6d:e3:
40:98:e7:da:3a:7a:8a:1a:41:76:5d:55:9c:b0:a0:4a:f4:7b:
99:79:be:71:62:5b:ca:07:d3:0d:0a:0d:45:61:20:b9:29:a9:
c4:b5:3c:f6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYqB0BVEKTf2V/JQ59+ItbuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMwOTExMDExNjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmExNTdmOWIzZDg3NDdkODYxNTJkZDlkNmI5NTRmNmYwYjEyODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+AN7MNj85ctv+CmwtuOroTIDhzF
OlNHLpZuTIgk0kS3zmCYYlZZ0L/2jW+R0+0EtK9y/FbZvv/b3KH4RFiMOCe/4YpY
+JaqbQtlIu2kcUc26/PlwXe31fSXPEMU9AiAaz8LiWNO7VkDKjifaBwZhv6HrrdF
xm3N5OskpNOUOBQGFwlhUEA4i88bE3Mi0NcZMYY8PbJvJcIla0QyfDfWpgdIA81z
G6gBSUzmSyxMcKQQQSA9bdZhfhpx9sGSwaKqzj7x39KqACdmSksROCNmzeySZ3C+
4moqgT//5YlHpK+RKk464hpZ6dyN3Rpd6deunD2X+ZoR5s11Es6aAuGpRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMKhV/mz2HR9hhUt2da5VPbwsSg9MB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvd3FGWC1iUFlkSDJHRlMzWjFybFU5dkN4S0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmqtAwQA
XXMGAwQAwghQMA0GCSqGSIb3DQEBCwUAA4IBAQCj6/PDnc1ADtCCObd3N6Fb60+r
7GbiCaR5m22bPoou23r0HeR7/ORLn6sb4xx1wz+5WUfpYDrBXW106v6Fb3vpr1Iq
MEM4Wy+v2wj5DShpRqeyfF/jPw+jSB6sxcV2OFWjl6vXqCHSjL0OlLxjDZiBbX7S
tv/6io+SWwgL7Fk8/LHXJPo1i19VPW7actldnP9WiQOv2ExT5q1bt47OVwXVzkgi
lEwsCUY4y5hjNWeySATd7jmhV9DrE6XAL82wSE+8yewdgBR6liibqLAkK4Ck91A3
uXR6beNAmOfaOnqKGkF2XVWcsKBK9HuZeb5xYlvKB9MNCg1FYSC5KanEtTz2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:59 2024 by rpki-client on console-ams.rpki-client.org