Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8EcX2JrhPlPdrKZ4oqyJavWcoRU.roa
File: 8EcX2JrhPlPdrKZ4oqyJavWcoRU.roa (raw, json)
Hash identifier: B/OyiPCOM7GLEGfkgYRDJ0wFYG2hMkn7633xdoS3tWY=
Subject key identifier: F0:47:17:D8:9A:E1:3E:53:DD:AC:A6:78:A2:AC:89:6A:F5:9C:A1:15
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 0182A632AD2F09F48FC50B4F815C7D0EFE62
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8EcX2JrhPlPdrKZ4oqyJavWcoRU.roa
Signing time: Tue 16 Aug 2022 10:28:35 +0000
ROA not before: Tue 16 Aug 2022 10:28:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60175
IP address blocks: 195.4.128.0/19 maxlen: 19
195.4.160.0/20 maxlen: 20
195.4.184.0/21 maxlen: 21
195.4.192.0/20 maxlen: 20
195.4.208.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:a6:32:ad:2f:09:f4:8f:c5:0b:4f:81:5c:7d:0e:fe:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Aug 16 10:28:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f04717d89ae13e53ddaca678a2ac896af59ca115
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:62:e3:1e:a2:6e:2c:30:86:ed:38:44:4c:6c:
d6:c0:18:ab:3e:f4:f5:4d:1a:06:32:8f:57:08:6c:
f4:61:41:7d:75:29:0f:d3:48:98:e3:06:ab:ba:d7:
61:ea:d9:ed:09:8f:b0:af:b5:b3:79:07:de:12:6f:
4b:d8:06:49:5a:9b:65:df:73:37:71:73:62:79:b1:
4b:9e:81:f4:d1:ab:0a:d5:41:2c:67:1a:63:0c:35:
63:1f:e0:d4:de:f3:f2:c3:a2:7a:4a:48:68:e9:ef:
76:20:75:f1:cd:5b:39:6c:37:1b:ef:77:fb:b7:cd:
7f:35:be:a3:ed:a6:e5:dd:c6:84:f5:14:59:87:f4:
1f:30:ca:16:24:89:32:45:5f:20:cb:5a:7c:8a:50:
21:c4:fa:70:3b:55:eb:8c:36:ca:67:f1:54:9c:49:
38:09:73:fe:be:7a:33:47:d8:40:92:ff:a4:1d:84:
a0:2e:c3:63:f4:a0:41:91:a2:80:a2:48:ca:8c:8a:
92:0e:41:eb:1b:aa:71:60:cb:70:2c:05:40:85:30:
28:11:b3:1a:b7:f3:24:e7:1f:be:ac:78:5b:19:7f:
70:ea:ad:7c:bd:52:86:31:1e:87:f3:80:b0:60:d7:
f4:42:2b:af:57:b9:3e:ae:65:84:b0:5a:c1:e1:35:
34:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:47:17:D8:9A:E1:3E:53:DD:AC:A6:78:A2:AC:89:6A:F5:9C:A1:15
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8EcX2JrhPlPdrKZ4oqyJavWcoRU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.4.128.0-195.4.175.255
195.4.184.0-195.4.215.255
Signature Algorithm: sha256WithRSAEncryption
94:23:02:3b:f5:5c:76:b1:f7:ab:13:ef:8d:38:60:2d:6d:75:
39:77:d4:b6:04:b2:40:11:4d:f2:84:6c:7b:a9:0c:5f:69:49:
97:86:32:da:5d:f9:e0:e9:83:86:af:a0:62:79:a4:4c:fa:f5:
e8:4f:3b:09:67:f9:97:c9:0a:9d:c9:ac:89:ec:96:8f:3d:8b:
f0:17:29:24:48:5a:ee:0a:8b:94:75:b5:99:d3:2a:9c:e8:26:
a3:7d:be:bf:28:3c:bc:06:52:f9:96:f8:31:f6:7a:95:b1:9d:
61:db:91:70:c0:91:1b:15:46:ab:ce:e2:3b:3a:20:f4:db:5b:
10:96:03:4b:29:36:df:07:15:96:f2:e4:af:88:29:15:ff:9e:
b7:d8:53:3b:37:ed:eb:6f:4e:a4:bc:e2:5d:08:98:6d:1d:de:
18:5b:a1:91:6b:41:3f:cf:b2:d7:57:b4:4f:be:98:37:1a:61:
94:62:fd:fa:c2:ef:53:c3:9b:1c:6d:f6:a1:b8:2e:43:3d:a7:
9e:06:db:b3:83:9e:57:51:26:35:f5:c2:1a:25:a5:cb:d9:18:
6e:7a:cd:bd:39:fd:f4:72:53:2c:dd:0f:7d:5b:3e:bc:09:d9:
d5:a4:9f:21:a6:75:77:06:39:34:e8:df:31:91:9e:81:d4:20:
8e:8e:8f:1d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYKmMq0vCfSPxQtPgVx9Dv5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjIwODE2MTAyODM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ3MTdkODlhZTEzZTUzZGRhY2E2NzhhMmFjODk2YWY1OWNhMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmLjHqJuLDCG7ThETGzWwBirPvT1
TRoGMo9XCGz0YUF9dSkP00iY4warutdh6tntCY+wr7WzeQfeEm9L2AZJWptl33M3
cXNiebFLnoH00asK1UEsZxpjDDVjH+DU3vPyw6J6Skho6e92IHXxzVs5bDcb73f7
t81/Nb6j7abl3caE9RRZh/QfMMoWJIkyRV8gy1p8ilAhxPpwO1XrjDbKZ/FUnEk4
CXP+vnozR9hAkv+kHYSgLsNj9KBBkaKAokjKjIqSDkHrG6pxYMtwLAVAhTAoEbMa
t/Mk5x++rHhbGX9w6q18vVKGMR6H84CwYNf0QiuvV7k+rmWEsFrB4TU00wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPBHF9ia4T5T3aymeKKsiWr1nKEVMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvOEVjWDJKcmhQbFBkcktaNG9xeUphdldjb1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAfDBIAD
BATDBKAwDAMEA8MEuAMEA8ME0DANBgkqhkiG9w0BAQsFAAOCAQEAlCMCO/VcdrH3
qxPvjThgLW11OXfUtgSyQBFN8oRse6kMX2lJl4Yy2l354OmDhq+gYnmkTPr16E87
CWf5l8kKncmsieyWjz2L8BcpJEha7gqLlHW1mdMqnOgmo32+vyg8vAZS+Zb4MfZ6
lbGdYduRcMCRGxVGq87iOzog9NtbEJYDSyk23wcVlvLkr4gpFf+et9hTOzft629O
pLziXQiYbR3eGFuhkWtBP8+y11e0T76YNxphlGL9+sLvU8ObHG32obguQz2nngbb
s4OeV1EmNfXCGiWly9kYbnrNvTn99HJTLN0PfVs+vAnZ1aSfIaZ1dwY5NOjfMZGe
gdQgjo6PHQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org