Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/1-QuR06zsHL8CKdAuHscG9H92TE4.roa
File: 1-QuR06zsHL8CKdAuHscG9H92TE4.roa (raw, json)
Hash identifier: Ef2B3SAQ2IXU8df00B0qOLOI/JqzTN6j1TvP7EnAAgk=
Subject key identifier: F9:0B:91:D3:AC:EC:1C:BF:02:29:D0:2E:1E:C7:06:F4:7F:76:4C:4E
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 01856DD425D1DB46A08EDCC3D7875F95FD40
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/1-QuR06zsHL8CKdAuHscG9H92TE4.roa
Signing time: Sun 01 Jan 2023 14:54:57 +0000
ROA not before: Sun 01 Jan 2023 14:54:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60175
IP address blocks: 195.4.128.0/19 maxlen: 19
195.4.160.0/20 maxlen: 20
195.4.184.0/21 maxlen: 21
195.4.192.0/20 maxlen: 20
195.4.208.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:25:d1:db:46:a0:8e:dc:c3:d7:87:5f:95:fd:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Jan 1 14:54:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f90b91d3acec1cbf0229d02e1ec706f47f764c4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:ba:f0:87:e6:26:0f:b1:26:3b:22:68:b0:1b:
71:04:98:d5:9f:94:c0:71:6e:34:09:39:24:1d:32:
a2:36:8a:cf:b1:b2:17:f0:b6:49:8e:bb:5e:b7:27:
8e:15:f4:c2:8c:97:64:a3:a0:cc:77:35:c3:67:88:
2c:cd:ef:4f:91:ab:1f:90:9e:c4:18:7b:95:c9:6a:
53:1b:b7:a3:3c:d8:62:45:8f:b3:ed:32:4f:f8:c3:
40:db:97:4e:5a:0d:b5:f6:a2:93:b5:a9:b3:d8:c9:
f7:bf:e9:9b:12:84:b0:51:7d:4d:ed:c5:80:95:5c:
a4:ba:49:1f:6b:9f:c0:23:84:8a:cd:fe:0a:80:97:
c9:27:d2:fa:73:e6:a4:cd:f6:3f:02:f9:d9:d9:da:
fa:f2:bd:08:24:0c:78:d1:68:c0:d2:07:eb:65:66:
bb:01:c3:2b:ed:a5:be:de:7e:7f:00:8b:5c:e5:88:
c6:ff:c1:39:2b:fb:c1:80:9e:25:4c:0d:e6:b9:4f:
7b:2c:b0:f3:8b:89:52:bd:07:71:6e:ef:77:b7:5b:
87:c5:c0:51:4a:84:c8:3a:dd:e8:21:0c:71:5e:5d:
78:22:5b:53:be:6d:20:07:d6:93:a4:b5:39:df:84:
17:9a:86:6b:bd:4d:da:df:5d:b3:50:e0:af:56:38:
05:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:0B:91:D3:AC:EC:1C:BF:02:29:D0:2E:1E:C7:06:F4:7F:76:4C:4E
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/1-QuR06zsHL8CKdAuHscG9H92TE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.4.128.0-195.4.175.255
195.4.184.0-195.4.215.255
Signature Algorithm: sha256WithRSAEncryption
0c:df:84:3f:14:c8:f1:42:1b:4e:b6:ea:14:a7:03:67:a0:70:
ce:a8:bc:c3:93:df:45:cf:a0:41:20:f6:5d:df:e4:40:c5:46:
be:2c:a4:1f:df:d9:17:0c:32:b2:cf:a4:0c:86:03:e7:f2:54:
9f:b5:a5:f4:4d:37:a4:01:cd:0f:94:f3:2d:4c:f7:f4:57:e4:
66:32:5a:85:05:d8:89:1c:ef:26:68:ce:7b:36:d3:b2:60:ee:
8e:cb:18:2e:b5:c6:16:ce:95:03:39:77:12:e1:38:e3:0c:0f:
fa:88:3a:d2:97:bc:53:58:28:57:37:9e:9c:9d:f3:25:1d:cc:
51:8c:dd:34:61:d5:e3:e5:35:2c:4b:a6:15:58:91:64:03:0f:
14:7b:ed:ab:1a:6c:be:09:6b:73:09:14:57:bf:21:de:f9:50:
99:e6:f8:86:05:22:3b:81:bd:54:37:3c:a6:f5:81:c9:66:1f:
7f:2c:03:3b:fa:6f:a2:33:10:bd:83:dd:e0:bc:77:88:62:fa:
74:32:02:ee:97:b8:f8:66:0d:8f:09:51:2b:a0:3e:bd:71:57:
65:a5:b6:1d:c7:fd:8e:3c:49:69:c4:1c:0a:0c:ca:a6:c9:0f:
3d:5c:b2:59:5e:29:4b:ca:fb:1c:8c:8e:b2:27:8b:8f:66:26:
66:0d:36:2f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVt1CXR20agjtzD14dflf1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMTAxMTQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBiOTFkM2FjZWMxY2JmMDIyOWQwMmUxZWM3MDZmNDdmNzY0YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbrwh+YmD7EmOyJosBtxBJjVn5TA
cW40CTkkHTKiNorPsbIX8LZJjrtetyeOFfTCjJdko6DMdzXDZ4gsze9PkasfkJ7E
GHuVyWpTG7ejPNhiRY+z7TJP+MNA25dOWg219qKTtamz2Mn3v+mbEoSwUX1N7cWA
lVykukkfa5/AI4SKzf4KgJfJJ9L6c+akzfY/AvnZ2dr68r0IJAx40WjA0gfrZWa7
AcMr7aW+3n5/AItc5YjG/8E5K/vBgJ4lTA3muU97LLDzi4lSvQdxbu93t1uHxcBR
SoTIOt3oIQxxXl14IltTvm0gB9aTpLU534QXmoZrvU3a312zUOCvVjgFcQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFPkLkdOs7By/AinQLh7HBvR/dkxOMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvMS1RdVIwNnpzSEw4Q0tkQXVIc2NHOUg5MlRFNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzli
MC8xL3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA1BggrBgEFBQcBBwEB/wQmMCQwIgQCAAEwHDAMAwQHwwSA
AwQEwwSgMAwDBAPDBLgDBAPDBNAwDQYJKoZIhvcNAQELBQADggEBAAzfhD8UyPFC
G0626hSnA2egcM6ovMOT30XPoEEg9l3f5EDFRr4spB/f2RcMMrLPpAyGA+fyVJ+1
pfRNN6QBzQ+U8y1M9/RX5GYyWoUF2Ikc7yZozns207Jg7o7LGC61xhbOlQM5dxLh
OOMMD/qIOtKXvFNYKFc3npyd8yUdzFGM3TRh1ePlNSxLphVYkWQDDxR77asabL4J
a3MJFFe/Id75UJnm+IYFIjuBvVQ3PKb1gclmH38sAzv6b6IzEL2D3eC8d4hi+nQy
Au6XuPhmDY8JUSugPr1xV2Wlth3H/Y48SWnEHAoMyqbJDz1cslleKUvK+xyMjrIn
i49mJmYNNi8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org