Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/KuI-mqZR9mgYjBTd4KuaCW5BmVg.roa
File: KuI-mqZR9mgYjBTd4KuaCW5BmVg.roa (raw, json)
Hash identifier: bHXrvSwco3VxyRDu4TMhtUNw093k9lKZPRajurRvFyo=
Subject key identifier: 2A:E2:3E:9A:A6:51:F6:68:18:8C:14:DD:E0:AB:9A:09:6E:41:99:58
Certificate issuer: /CN=83286fa6da7d252e7828f84923f55919142b007f
Certificate serial: 01856F5477E007F08DD3E1F926C48B25359E
Authority key identifier: 83:28:6F:A6:DA:7D:25:2E:78:28:F8:49:23:F5:59:19:14:2B:00:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gyhvptp9JS54KPhJI_VZGRQrAH8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/KuI-mqZR9mgYjBTd4KuaCW5BmVg.roa
Signing time: Sun 01 Jan 2023 21:54:44 +0000
ROA not before: Sun 01 Jan 2023 21:54:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205112
IP address blocks: 185.65.240.0/24 maxlen: 24
185.65.242.0/24 maxlen: 24
2a05:400::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:54:77:e0:07:f0:8d:d3:e1:f9:26:c4:8b:25:35:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=83286fa6da7d252e7828f84923f55919142b007f
Validity
Not Before: Jan 1 21:54:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ae23e9aa651f668188c14dde0ab9a096e419958
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:64:ea:50:32:8d:c5:44:38:0a:24:fe:ec:08:
c4:03:0d:32:3c:95:c4:88:23:dd:ed:0f:d1:37:9d:
71:77:4f:4f:9f:f1:a6:d8:ba:1d:d4:44:25:cd:e4:
bc:2a:36:7e:b6:21:9a:74:5c:77:64:85:ad:00:4d:
ea:36:93:3b:70:23:43:59:de:65:77:b1:ce:63:86:
a0:22:ef:6b:23:d0:70:89:fc:38:84:dc:12:8f:36:
ac:60:84:79:7d:c8:2f:49:68:0c:f8:2e:31:8b:dc:
96:8e:34:12:03:93:e0:e0:a6:e1:12:91:a1:22:c6:
fa:74:e5:fe:9f:0b:61:6a:01:cb:d9:78:34:a9:7c:
72:ba:bd:72:02:97:be:36:1f:6e:b2:15:75:7c:7f:
48:0e:55:b9:50:c7:4b:e8:a9:3d:32:b4:88:65:9d:
75:9d:c7:20:8c:f8:5d:b4:09:ff:84:6e:21:14:0e:
b4:90:ea:f5:36:08:db:c1:7d:37:18:e7:2a:78:70:
63:48:8d:37:a3:d9:41:2d:e1:59:62:4b:a1:c0:34:
a8:a6:e0:38:3f:cf:c9:14:64:4a:9e:d9:ca:1b:ed:
f0:68:17:44:72:72:1f:17:c5:57:31:27:79:b6:af:
db:a4:35:67:2c:6f:6b:df:8e:62:f0:2f:cf:70:85:
e3:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:E2:3E:9A:A6:51:F6:68:18:8C:14:DD:E0:AB:9A:09:6E:41:99:58
X509v3 Authority Key Identifier:
keyid:83:28:6F:A6:DA:7D:25:2E:78:28:F8:49:23:F5:59:19:14:2B:00:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gyhvptp9JS54KPhJI_VZGRQrAH8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/KuI-mqZR9mgYjBTd4KuaCW5BmVg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/gyhvptp9JS54KPhJI_VZGRQrAH8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.240.0/24
185.65.242.0/24
IPv6:
2a05:400::/29
Signature Algorithm: sha256WithRSAEncryption
2c:c3:a1:53:77:61:a2:16:20:53:1d:85:30:95:30:75:4b:5a:
65:3d:18:50:13:92:74:21:b8:01:b7:20:4e:93:14:f7:22:4e:
da:7c:4d:f1:c7:4b:86:20:4f:05:2b:f8:f5:1b:96:a8:e0:a6:
c7:21:d2:ee:12:5a:be:a8:fe:27:68:ff:77:2e:9f:e2:84:ca:
02:b4:a3:23:ba:75:0b:c4:36:0f:2b:1f:e2:3d:ae:06:bf:25:
c6:9e:f8:b5:a6:3f:8b:94:14:a3:8f:cd:ce:f7:81:c2:9f:3c:
49:5d:7c:c8:b6:06:8c:25:ca:8e:d0:16:b6:a9:90:b9:57:09:
44:8c:c5:f5:e0:fb:f8:56:2d:8b:57:62:a6:fc:ac:f8:51:f2:
25:c9:2e:12:cf:a0:10:7e:6f:f9:5a:f7:fe:0d:0c:c2:00:31:
8e:b5:12:5a:2b:fb:ab:e9:b8:35:79:69:4e:a3:3e:67:60:03:
dd:5a:e0:b5:2b:02:9c:ff:67:8b:55:69:30:4a:02:23:3c:db:
b9:55:33:30:96:32:84:3f:c5:b8:dd:3f:b7:ca:2c:9a:86:94:
99:f5:03:fa:5a:28:68:de:4d:bb:65:78:a0:f6:e9:eb:60:c6:
40:8b:37:79:19:44:a2:93:5d:15:fe:52:8b:da:90:c5:7a:68:
74:f9:24:8d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvVHfgB/CN0+H5JsSLJTWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMjg2ZmE2ZGE3ZDI1MmU3ODI4Zjg0OTIzZjU1OTE5MTQy
YjAwN2YwHhcNMjMwMTAxMjE1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWUyM2U5YWE2NTFmNjY4MTg4YzE0ZGRlMGFiOWEwOTZlNDE5OTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWTqUDKNxUQ4CiT+7AjEAw0yPJXE
iCPd7Q/RN51xd09Pn/Gm2Lod1EQlzeS8KjZ+tiGadFx3ZIWtAE3qNpM7cCNDWd5l
d7HOY4agIu9rI9Bwifw4hNwSjzasYIR5fcgvSWgM+C4xi9yWjjQSA5Pg4KbhEpGh
Isb6dOX+nwthagHL2Xg0qXxyur1yApe+Nh9ushV1fH9IDlW5UMdL6Kk9MrSIZZ11
nccgjPhdtAn/hG4hFA60kOr1NgjbwX03GOcqeHBjSI03o9lBLeFZYkuhwDSopuA4
P8/JFGRKntnKG+3waBdEcnIfF8VXMSd5tq/bpDVnLG9r345i8C/PcIXjVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCriPpqmUfZoGIwU3eCrmgluQZlYMB8GA1UdIwQY
MBaAFIMob6bafSUueCj4SSP1WRkUKwB/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3lodnB0cDlKUzU0S1BoSklfVlpHUlFyQUg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lYzU4M2QtMWFiYS00Nzk4LTg4MTct
ZDZjOWM2ZTg2OTIzLzEvS3VJLW1xWlI5bWdZakJUZDRLdWFDVzVCbVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lYzU4M2QtMWFiYS00Nzk4LTg4MTctZDZjOWM2ZTg2OTIz
LzEvZ3lodnB0cDlKUzU0S1BoSklfVlpHUlFyQUg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUHwAwQA
uUHyMA0EAgACMAcDBQMqBQQAMA0GCSqGSIb3DQEBCwUAA4IBAQAsw6FTd2GiFiBT
HYUwlTB1S1plPRhQE5J0IbgBtyBOkxT3Ik7afE3xx0uGIE8FK/j1G5ao4KbHIdLu
Elq+qP4naP93Lp/ihMoCtKMjunULxDYPKx/iPa4GvyXGnvi1pj+LlBSjj83O94HC
nzxJXXzItgaMJcqO0Ba2qZC5VwlEjMX14Pv4Vi2LV2Km/Kz4UfIlyS4Sz6AQfm/5
Wvf+DQzCADGOtRJaK/ur6bg1eWlOoz5nYAPdWuC1KwKc/2eLVWkwSgIjPNu5VTMw
ljKEP8W43T+3yiyahpSZ9QP6Wiho3k27ZXig9unrYMZAizd5GUSik10V/lKL2pDF
emh0+SSN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:56 2024 by rpki-client on console-fra.rpki-client.org