Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/xfSCS8gWOik-77dNzZNYih-r7jY.roa
File: xfSCS8gWOik-77dNzZNYih-r7jY.roa (raw, json)
Hash identifier: 86XQC+5H4B08EHTLagpv06p9H0qdAegXfORVJ6Fz8Og=
Subject key identifier: C5:F4:82:4B:C8:16:3A:29:3E:EF:B7:4D:CD:93:58:8A:1F:AB:EE:36
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 0185CBBA057FCA3AD7ABA4BD11C0C85A8CDD
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/xfSCS8gWOik-77dNzZNYih-r7jY.roa
Signing time: Thu 19 Jan 2023 20:30:44 +0000
ROA not before: Thu 19 Jan 2023 20:30:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8239
IP address blocks: 84.18.0.0/19 maxlen: 24
213.192.196.0/24 maxlen: 24
212.59.192.0/19 maxlen: 24
195.5.64.0/19 maxlen: 24
2001:ac0:c800::/44 maxlen: 44
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:cb:ba:05:7f:ca:3a:d7:ab:a4:bd:11:c0:c8:5a:8c:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 19 20:30:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5f4824bc8163a293eefb74dcd93588a1fabee36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:97:91:19:f7:81:b7:e1:0f:b2:59:e4:5b:19:
14:3d:62:f7:23:8f:50:72:4c:0c:fc:53:b5:8a:47:
b1:d7:bf:35:cd:76:8f:ed:79:38:4c:64:ee:54:25:
99:6f:fb:eb:f4:00:c8:aa:01:27:3a:fa:c1:0d:58:
d4:6b:e4:fa:8a:39:14:cf:67:86:a4:5b:b4:2e:6f:
3b:72:d9:46:10:c1:42:7b:a5:23:90:62:19:a0:5d:
89:36:a0:cd:c4:e1:ec:46:21:5d:1c:82:c0:8b:e6:
60:d2:be:64:df:01:4c:25:b6:55:9d:7f:d8:6c:ff:
43:d9:92:7a:41:ac:3c:5d:55:fa:0d:48:a8:8e:57:
66:6d:ca:3f:9e:2d:21:e3:24:2a:1a:a5:d2:d7:89:
e6:eb:ba:59:c8:52:29:be:9f:09:40:d2:e0:62:c7:
96:48:d0:b5:e9:7e:cc:71:4d:77:7a:a6:09:94:6b:
1a:8b:69:d5:27:df:40:ce:27:65:7b:f9:da:aa:60:
44:d9:88:32:83:2a:a5:fc:ed:f3:25:38:ed:76:75:
95:d7:61:fa:f6:cf:81:a4:ad:bd:db:c2:b9:8a:c9:
9b:56:e5:cc:b4:28:70:01:a5:69:55:39:ba:9a:eb:
c3:73:19:58:f4:d0:00:60:7d:c9:cb:37:45:7f:86:
ca:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:F4:82:4B:C8:16:3A:29:3E:EF:B7:4D:CD:93:58:8A:1F:AB:EE:36
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/xfSCS8gWOik-77dNzZNYih-r7jY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.0.0/19
195.5.64.0/19
212.59.192.0/19
213.192.196.0/24
IPv6:
2001:ac0:c800::/44
Signature Algorithm: sha256WithRSAEncryption
27:10:47:5e:03:0b:73:40:90:18:df:c6:62:35:34:3d:70:4e:
e1:06:d2:91:bd:ba:07:92:14:92:c4:69:18:99:ec:87:0e:7a:
d9:b1:e2:de:eb:09:fa:44:06:2d:a5:ca:df:d1:22:35:be:f8:
94:9d:bf:38:87:1c:34:28:0c:63:de:2b:5a:1f:f3:fa:5b:c5:
1e:c0:d0:8b:e9:67:90:2b:22:96:35:52:31:68:c7:5e:9c:c0:
0d:a2:7a:41:fa:e1:a4:f6:25:a5:da:8f:79:2f:a0:50:d0:a2:
c0:01:68:83:ad:ed:cb:f7:1f:4b:aa:53:48:25:af:d9:eb:70:
39:2b:c8:8d:1d:1a:07:7f:b4:8b:95:a5:6d:04:95:4b:3a:a1:
f0:ca:1c:b8:11:6a:66:c9:d0:70:d2:06:73:e9:e7:a0:27:39:
ba:4f:35:6a:12:3f:8b:59:80:df:f0:c3:eb:44:91:9d:0f:21:
67:08:ab:98:bf:0d:e2:97:e4:4b:4d:85:b1:c0:b4:9f:7c:6d:
58:e4:da:77:0b:66:4c:e3:c8:2e:26:68:5b:ed:36:25:69:c1:
fa:83:9b:fd:fa:5d:84:b3:8d:29:5f:0e:11:45:6d:87:5d:87:
51:fe:fa:90:f8:fe:a9:dd:4f:d6:99:9b:f1:32:74:49:0f:21:
e1:b2:80:ac
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYXLugV/yjrXq6S9EcDIWozdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTE5MjAzMDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWY0ODI0YmM4MTYzYTI5M2VlZmI3NGRjZDkzNTg4YTFmYWJlZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2peRGfeBt+EPslnkWxkUPWL3I49Q
ckwM/FO1ikex1781zXaP7Xk4TGTuVCWZb/vr9ADIqgEnOvrBDVjUa+T6ijkUz2eG
pFu0Lm87ctlGEMFCe6UjkGIZoF2JNqDNxOHsRiFdHILAi+Zg0r5k3wFMJbZVnX/Y
bP9D2ZJ6Qaw8XVX6DUiojldmbco/ni0h4yQqGqXS14nm67pZyFIpvp8JQNLgYseW
SNC16X7McU13eqYJlGsai2nVJ99Azidle/naqmBE2Ygygyql/O3zJTjtdnWV12H6
9s+BpK2928K5ismbVuXMtChwAaVpVTm6muvDcxlY9NAAYH3JyzdFf4bK8QIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMX0gkvIFjopPu+3Tc2TWIofq+42MB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEveGZTQ1M4Z1dPaWstNzdkTnpaTllpaC1yN2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQFVBIAAwQF
wwVAAwQF1DvAAwQA1cDEMA8EAgACMAkDBwQgAQrAyAAwDQYJKoZIhvcNAQELBQAD
ggEBACcQR14DC3NAkBjfxmI1ND1wTuEG0pG9ugeSFJLEaRiZ7IcOetmx4t7rCfpE
Bi2lyt/RIjW++JSdvziHHDQoDGPeK1of8/pbxR7A0IvpZ5ArIpY1UjFox16cwA2i
ekH64aT2JaXaj3kvoFDQosABaIOt7cv3H0uqU0glr9nrcDkryI0dGgd/tIuVpW0E
lUs6ofDKHLgRambJ0HDSBnPp56AnObpPNWoSP4tZgN/ww+tEkZ0PIWcIq5i/DeKX
5EtNhbHAtJ98bVjk2ncLZkzjyC4maFvtNiVpwfqDm/36XYSzjSlfDhFFbYddh1H+
+pD4/qndT9aZm/EydEkPIeGygKw=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:43 2023 by rpki-client on console-fra.rpki-client.org