Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KTFQ8uRq8CWXnDe8Tde9SaYjkqE.roa
File: KTFQ8uRq8CWXnDe8Tde9SaYjkqE.roa (raw, json)
Hash identifier: Pa5nkS4zmEMmZXrJ60e0VdggMO2/hQMHL8dZRCOWUDg=
Subject key identifier: 29:31:50:F2:E4:6A:F0:25:97:9C:37:BC:4D:D7:BD:49:A6:23:92:A1
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 018572FA5517E7442DEC47F3BC64045A715C
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KTFQ8uRq8CWXnDe8Tde9SaYjkqE.roa
Signing time: Mon 02 Jan 2023 14:54:46 +0000
ROA not before: Mon 02 Jan 2023 14:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8239
IP address blocks: 84.18.0.0/19 maxlen: 24
212.59.192.0/19 maxlen: 24
195.5.64.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:55:17:e7:44:2d:ec:47:f3:bc:64:04:5a:71:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 2 14:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=293150f2e46af025979c37bc4dd7bd49a62392a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ee:95:35:8b:43:7b:ba:b8:6c:fa:1b:ca:8d:
cd:69:af:a5:ef:0b:c8:a5:7e:e1:a6:86:a0:de:f0:
df:14:e0:91:bc:cb:b9:9e:0b:e9:14:64:9d:44:d3:
30:7b:ce:c6:db:2f:c8:af:cb:4b:ab:45:04:a5:d4:
6f:0b:eb:ce:81:70:ab:c9:be:24:17:7a:52:93:d7:
ea:73:14:05:27:56:5f:7a:09:c0:b8:e0:21:98:8e:
54:72:9c:68:ea:ff:3b:9b:a1:6a:4e:0d:0f:e3:bd:
79:cc:ac:9d:87:94:5c:be:59:f4:57:85:dc:34:5e:
10:3f:82:42:01:6c:12:10:42:70:3b:1f:f5:d8:7c:
b8:a4:95:1f:2b:7d:cd:d5:7e:d1:7d:8b:14:7c:02:
af:fd:c9:fc:ff:3f:bf:cd:bc:43:6e:14:66:a4:d1:
82:20:aa:6f:97:0d:4e:40:fd:cc:f8:76:98:fc:5c:
0a:9e:60:5c:f6:c6:55:4d:78:f0:d9:79:6b:9b:29:
5d:33:24:90:89:a5:35:0a:cb:42:1a:43:40:f5:ce:
bb:60:44:89:ab:82:80:c6:98:d8:50:35:ff:d7:35:
85:30:53:65:1d:a6:7d:06:1a:47:59:08:5a:8f:38:
e1:81:02:b8:8f:dc:32:57:c9:06:a3:d9:f0:e4:68:
55:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:31:50:F2:E4:6A:F0:25:97:9C:37:BC:4D:D7:BD:49:A6:23:92:A1
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/KTFQ8uRq8CWXnDe8Tde9SaYjkqE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.0.0/19
195.5.64.0/19
212.59.192.0/19
Signature Algorithm: sha256WithRSAEncryption
89:fc:4a:ff:69:11:29:bc:3d:a3:a7:4e:c5:9f:53:75:d6:d5:
16:b7:f2:4e:8a:d1:90:f0:0d:3c:47:38:c4:55:a7:c0:f4:65:
b6:7c:d7:6b:a7:8f:a4:8c:15:12:a9:aa:3b:81:f9:19:b3:50:
eb:79:08:34:5b:f3:b8:c0:62:73:1c:61:07:08:21:38:69:7a:
71:d8:4f:df:af:c1:d7:ae:94:ea:9b:b8:29:3a:96:7a:34:c4:
3e:80:33:58:52:c9:c6:45:b7:6b:3a:8c:a9:ab:c4:42:e5:0c:
b6:ac:4c:57:da:3e:fe:83:59:6f:64:e5:19:43:d6:e1:f4:52:
3e:12:4e:10:c3:ed:7b:20:c5:9b:e0:79:84:80:cd:20:38:9a:
a4:b1:3c:3d:cf:a9:49:a1:d1:1b:fa:b9:c3:6e:c1:32:07:20:
71:01:94:aa:44:c4:67:b3:01:57:35:ad:56:3d:09:52:e9:2b:
db:3b:5c:52:73:c5:7e:e3:67:68:35:1a:da:55:f5:14:a9:84:
d0:cc:20:da:88:b3:3b:37:15:a9:74:3c:16:d2:ac:96:b6:d1:
ef:76:f0:36:76:c9:73:5a:81:ad:6b:cf:72:56:7b:92:a9:a3:
ee:7b:7f:d8:20:83:b1:fe:7e:d1:95:2c:99:5c:61:f0:78:77:
b2:50:86:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVy+lUX50Qt7EfzvGQEWnFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTAyMTQ1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTMxNTBmMmU0NmFmMDI1OTc5YzM3YmM0ZGQ3YmQ0OWE2MjM5MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu6VNYtDe7q4bPobyo3Naa+l7wvI
pX7hpoag3vDfFOCRvMu5ngvpFGSdRNMwe87G2y/Ir8tLq0UEpdRvC+vOgXCryb4k
F3pSk9fqcxQFJ1ZfegnAuOAhmI5Ucpxo6v87m6FqTg0P4715zKydh5Rcvln0V4Xc
NF4QP4JCAWwSEEJwOx/12Hy4pJUfK33N1X7RfYsUfAKv/cn8/z+/zbxDbhRmpNGC
IKpvlw1OQP3M+HaY/FwKnmBc9sZVTXjw2XlrmyldMySQiaU1CstCGkNA9c67YESJ
q4KAxpjYUDX/1zWFMFNlHaZ9BhpHWQhajzjhgQK4j9wyV8kGo9nw5GhVqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCkxUPLkavAll5w3vE3XvUmmI5KhMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvS1RGUTh1UnE4Q1dYbkRlOFRkZTlTYVlqa3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFVBIAAwQF
wwVAAwQF1DvAMA0GCSqGSIb3DQEBCwUAA4IBAQCJ/Er/aREpvD2jp07Fn1N11tUW
t/JOitGQ8A08RzjEVafA9GW2fNdrp4+kjBUSqao7gfkZs1DreQg0W/O4wGJzHGEH
CCE4aXpx2E/fr8HXrpTqm7gpOpZ6NMQ+gDNYUsnGRbdrOoypq8RC5Qy2rExX2j7+
g1lvZOUZQ9bh9FI+Ek4Qw+17IMWb4HmEgM0gOJqksTw9z6lJodEb+rnDbsEyByBx
AZSqRMRnswFXNa1WPQlS6SvbO1xSc8V+42doNRraVfUUqYTQzCDaiLM7NxWpdDwW
0qyWttHvdvA2dslzWoGta89yVnuSqaPue3/YIIOx/n7RlSyZXGHweHeyUIZk
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:33 2023 by rpki-client on console-ams.rpki-client.org