Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/7d9c11-e1ad-47b6-af09-1713fd3ef7a7/1/WDYbUhUZKeREciY678DLcbONr6I.roa
File: WDYbUhUZKeREciY678DLcbONr6I.roa (raw, json)
Hash identifier: svMhaYg94xKF20LNx7NUsc+/nZ5bQ+4U4mEQgJSMtlM=
Subject key identifier: 58:36:1B:52:15:19:29:E4:44:72:26:3A:EF:C0:CB:71:B3:8D:AF:A2
Certificate issuer: /CN=6177b5b64be49e819995fee7f3e3621bdca6ae8c
Certificate serial: 018CC3493E3356AE2999D50A5C9A9EAE521D
Authority key identifier: 61:77:B5:B6:4B:E4:9E:81:99:95:FE:E7:F3:E3:62:1B:DC:A6:AE:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YXe1tkvknoGZlf7n8-NiG9ymrow.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/7d9c11-e1ad-47b6-af09-1713fd3ef7a7/1/WDYbUhUZKeREciY678DLcbONr6I.roa
Signing time: Mon 01 Jan 2024 04:30:06 +0000
ROA not before: Mon 01 Jan 2024 04:30:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50857
IP address blocks: 217.64.240.0/20 maxlen: 20
80.91.144.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:3e:33:56:ae:29:99:d5:0a:5c:9a:9e:ae:52:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6177b5b64be49e819995fee7f3e3621bdca6ae8c
Validity
Not Before: Jan 1 04:30:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=58361b52151929e44472263aefc0cb71b38dafa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:2c:e6:24:62:6a:88:0c:fc:48:2a:bf:ea:6d:
1c:b7:27:fb:64:25:28:4b:a1:c4:c7:5a:24:1c:52:
7b:d4:35:be:1b:f4:03:e3:77:a0:1b:ca:34:70:ae:
35:25:60:4a:dd:4d:c0:a9:7b:64:84:72:ad:f4:1f:
1c:31:87:99:8c:25:3d:d1:66:09:f2:6f:91:fa:a0:
91:a4:7e:af:e3:13:d3:f1:7e:8b:bd:89:0a:57:b7:
31:3b:4c:c9:e0:c3:c1:8a:29:45:20:73:fe:37:fc:
51:f5:7c:0b:d3:82:27:37:e7:12:13:a7:fb:37:97:
bb:eb:fe:b0:a2:10:8a:1a:55:bd:e9:d8:7b:81:65:
1e:b7:73:72:80:7d:a8:37:d2:a2:a3:b0:f7:ac:5d:
b4:02:64:9a:37:9a:b6:cd:25:38:da:12:67:d3:48:
9c:94:b1:72:81:ee:ef:91:6b:53:97:c6:48:af:e3:
b5:8e:bd:d5:0e:fd:3d:1d:53:29:cc:7b:cc:2a:86:
15:88:b8:be:0c:96:e5:19:79:3e:0b:d4:5b:ee:ef:
cb:85:48:c4:5d:1f:62:54:87:b2:d0:c4:cf:29:d3:
8c:9a:10:8f:05:c1:e1:bf:99:4b:15:22:22:b4:92:
a5:c3:97:2e:c2:8d:e0:a6:2c:f9:c8:8c:79:b5:73:
9c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:36:1B:52:15:19:29:E4:44:72:26:3A:EF:C0:CB:71:B3:8D:AF:A2
X509v3 Authority Key Identifier:
keyid:61:77:B5:B6:4B:E4:9E:81:99:95:FE:E7:F3:E3:62:1B:DC:A6:AE:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXe1tkvknoGZlf7n8-NiG9ymrow.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/7d9c11-e1ad-47b6-af09-1713fd3ef7a7/1/WDYbUhUZKeREciY678DLcbONr6I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/7d9c11-e1ad-47b6-af09-1713fd3ef7a7/1/YXe1tkvknoGZlf7n8-NiG9ymrow.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.91.144.0/20
217.64.240.0/20
Signature Algorithm: sha256WithRSAEncryption
79:b2:38:80:76:f9:fe:67:2a:c8:5f:47:26:e7:3d:0b:60:57:
97:95:05:38:0a:d0:32:7e:19:79:68:7a:2f:f5:c5:7f:a7:1e:
65:cd:19:1a:ab:ad:f2:a2:6a:0a:53:47:3d:50:93:9b:7f:15:
f4:83:a8:35:11:ed:c9:a1:36:06:aa:46:40:d9:42:e4:09:e0:
3c:c2:49:3c:9f:2c:f0:b9:f5:19:45:c9:c3:1b:90:86:f6:eb:
10:ef:2b:75:c6:9b:83:59:f4:7e:34:e8:46:63:c9:2f:c7:cd:
32:f1:be:13:3d:db:3b:a3:84:4b:a4:7f:0d:50:16:97:38:cf:
d6:b2:5c:11:2c:f6:33:66:18:31:40:c9:25:ea:56:a7:7c:17:
15:5b:c1:b6:86:ef:2f:28:52:2b:13:3d:2e:ee:0e:69:7c:00:
e7:9c:26:bd:62:ab:b1:be:cc:a8:1c:8a:9b:7b:f3:18:a6:e3:
03:b6:de:9c:09:95:57:a1:67:e2:a8:ba:e3:84:05:5d:ef:13:
2e:fd:6c:c0:12:f8:6b:87:9f:9c:06:55:12:7b:b8:e5:d8:cf:
4c:10:3a:55:0a:6e:b6:c2:02:79:df:af:6e:4d:06:bc:fc:6f:
a1:31:59:da:ac:8e:be:4d:a3:5f:ad:69:9a:c2:37:8c:45:3e:
d3:e1:4b:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDST4zVq4pmdUKXJqerlIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNzdiNWI2NGJlNDllODE5OTk1ZmVlN2YzZTM2MjFiZGNh
NmFlOGMwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM2MWI1MjE1MTkyOWU0NDQ3MjI2M2FlZmMwY2I3MWIzOGRhZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmizmJGJqiAz8SCq/6m0ctyf7ZCUo
S6HEx1okHFJ71DW+G/QD43egG8o0cK41JWBK3U3AqXtkhHKt9B8cMYeZjCU90WYJ
8m+R+qCRpH6v4xPT8X6LvYkKV7cxO0zJ4MPBiilFIHP+N/xR9XwL04InN+cSE6f7
N5e76/6wohCKGlW96dh7gWUet3NygH2oN9Kio7D3rF20AmSaN5q2zSU42hJn00ic
lLFyge7vkWtTl8ZIr+O1jr3VDv09HVMpzHvMKoYViLi+DJblGXk+C9Rb7u/LhUjE
XR9iVIey0MTPKdOMmhCPBcHhv5lLFSIitJKlw5cuwo3gpiz5yIx5tXOcdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFg2G1IVGSnkRHImOu/Ay3Gzja+iMB8GA1UdIwQY
MBaAFGF3tbZL5J6BmZX+5/PjYhvcpq6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVhlMXRrdmtub0dabGY3bjgtTmlHOXltcm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC83ZDljMTEtZTFhZC00N2I2LWFmMDkt
MTcxM2ZkM2VmN2E3LzEvV0RZYlVoVVpLZVJFY2lZNjc4RExjYk9OcjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC83ZDljMTEtZTFhZC00N2I2LWFmMDktMTcxM2ZkM2VmN2E3
LzEvWVhlMXRrdmtub0dabGY3bjgtTmlHOXltcm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUFuQAwQE
2UDwMA0GCSqGSIb3DQEBCwUAA4IBAQB5sjiAdvn+ZyrIX0cm5z0LYFeXlQU4CtAy
fhl5aHov9cV/px5lzRkaq63yomoKU0c9UJObfxX0g6g1Ee3JoTYGqkZA2ULkCeA8
wkk8nyzwufUZRcnDG5CG9usQ7yt1xpuDWfR+NOhGY8kvx80y8b4TPds7o4RLpH8N
UBaXOM/WslwRLPYzZhgxQMkl6lanfBcVW8G2hu8vKFIrEz0u7g5pfADnnCa9Yqux
vsyoHIqbe/MYpuMDtt6cCZVXoWfiqLrjhAVd7xMu/WzAEvhrh5+cBlUSe7jl2M9M
EDpVCm62wgJ5369uTQa8/G+hMVnarI6+TaNfrWmawjeMRT7T4Uu8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:46 2024 by rpki-client on console-fra.rpki-client.org