Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/833795-4df3-4850-bd99-8e8bac4cf18b/1/asr6RqTof9a7eZiuxafx2FVW4wk.roa
File: asr6RqTof9a7eZiuxafx2FVW4wk.roa (raw, json)
Hash identifier: tfWVwRf6y8hqsLUz0qkyoX0zNRHD7/Qs/cNVPJOMTkg=
Subject key identifier: 6A:CA:FA:46:A4:E8:7F:D6:BB:79:98:AE:C5:A7:F1:D8:55:56:E3:09
Certificate issuer: /CN=514ab6d16a0b176fd40655e17fbde652bc21d453
Certificate serial: 01856FF9802AF841914FE759378A190BDE7E
Authority key identifier: 51:4A:B6:D1:6A:0B:17:6F:D4:06:55:E1:7F:BD:E6:52:BC:21:D4:53
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UUq20WoLF2_UBlXhf73mUrwh1FM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/833795-4df3-4850-bd99-8e8bac4cf18b/1/asr6RqTof9a7eZiuxafx2FVW4wk.roa
Signing time: Mon 02 Jan 2023 00:55:00 +0000
ROA not before: Mon 02 Jan 2023 00:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8652
IP address blocks: 195.248.83.0/24 maxlen: 24
195.85.228.0/24 maxlen: 24
195.43.140.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f9:80:2a:f8:41:91:4f:e7:59:37:8a:19:0b:de:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=514ab6d16a0b176fd40655e17fbde652bc21d453
Validity
Not Before: Jan 2 00:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6acafa46a4e87fd6bb7998aec5a7f1d85556e309
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:15:fa:5b:bc:e7:a5:f6:07:f9:d0:e3:41:df:
7e:76:e4:7a:1d:f2:ac:21:a2:b5:4d:61:9c:8e:82:
10:03:b8:74:68:49:d8:4f:6d:e6:8d:6f:65:84:33:
25:e4:30:51:6d:73:95:3c:a0:74:fb:aa:3c:3f:63:
b1:ea:f5:8b:29:66:fe:1c:95:b6:fc:4a:86:6c:1e:
5f:b6:cc:36:18:e7:ef:74:8b:66:cb:ce:32:50:97:
c2:72:2b:f8:1f:86:5d:3b:b7:56:bb:78:f3:dd:d9:
7f:ee:c2:e7:74:df:7c:95:d9:67:56:32:91:c9:9b:
64:f0:6a:88:59:59:ec:12:e4:cc:af:24:5d:de:4b:
90:42:5d:97:2b:aa:18:19:32:b7:62:f1:2a:e7:7d:
5a:e2:e1:1d:af:0f:ed:17:4b:39:cc:c9:b7:8c:0b:
db:81:dd:7a:50:70:f6:1d:a9:fe:6b:ce:26:fc:74:
11:c6:68:06:8e:4b:cd:34:14:a4:57:d1:39:a7:43:
c0:73:22:34:b6:07:0b:ec:53:7a:d5:56:60:de:b8:
ab:a1:9a:d3:d7:34:68:40:c7:d3:71:84:a5:ca:b8:
23:64:78:ec:2f:db:3c:23:36:76:a4:cf:ce:50:fb:
da:c1:f0:e9:7a:2b:f3:96:66:c0:29:da:d5:6d:f1:
76:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:CA:FA:46:A4:E8:7F:D6:BB:79:98:AE:C5:A7:F1:D8:55:56:E3:09
X509v3 Authority Key Identifier:
keyid:51:4A:B6:D1:6A:0B:17:6F:D4:06:55:E1:7F:BD:E6:52:BC:21:D4:53
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UUq20WoLF2_UBlXhf73mUrwh1FM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/833795-4df3-4850-bd99-8e8bac4cf18b/1/asr6RqTof9a7eZiuxafx2FVW4wk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/833795-4df3-4850-bd99-8e8bac4cf18b/1/UUq20WoLF2_UBlXhf73mUrwh1FM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.43.140.0/24
195.85.228.0/24
195.248.83.0/24
Signature Algorithm: sha256WithRSAEncryption
e8:c1:d2:bc:73:4f:82:29:9d:44:17:18:01:3e:c5:0a:01:37:
2e:0c:79:9e:76:34:28:2d:f8:0a:71:f3:dd:9d:04:3e:b4:50:
c3:2f:fa:47:b9:74:94:3c:08:e9:a5:1c:45:91:12:20:6f:48:
db:d5:7e:08:13:10:69:b4:9d:73:7a:c6:bd:b4:dc:a0:55:48:
fa:a6:c6:32:2b:fd:c1:c1:49:32:75:2a:30:a4:73:f4:db:75:
56:ee:f0:71:db:3a:aa:d6:5c:2d:ed:04:de:42:a3:6a:a7:54:
5a:df:4b:dd:a7:7e:33:c2:2e:ea:a9:79:65:fb:24:7e:d4:b8:
1f:7b:61:66:e2:ea:29:fd:7e:d8:4f:bb:aa:18:86:1c:64:eb:
61:80:41:91:7c:69:b8:79:91:2d:f6:8d:56:94:cd:27:b6:f1:
d7:b6:4c:8c:87:64:eb:15:fe:8d:a5:24:63:4b:02:b7:d7:d8:
ea:2a:4d:11:03:aa:7b:9f:28:61:3f:db:ac:c4:7b:f7:01:a7:
21:29:ec:4f:31:9a:cc:ea:09:2c:49:4f:2d:01:05:3f:56:3e:
99:c4:e4:e1:46:97:73:d9:40:17:c7:8d:c2:b0:c9:0b:20:f8:
a6:f5:83:87:32:a9:21:48:bf:a4:b4:ea:3f:f5:b5:da:e5:a1:
6e:77:c1:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVv+YAq+EGRT+dZN4oZC95+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNGFiNmQxNmEwYjE3NmZkNDA2NTVlMTdmYmRlNjUyYmMy
MWQ0NTMwHhcNMjMwMTAyMDA1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWNhZmE0NmE0ZTg3ZmQ2YmI3OTk4YWVjNWE3ZjFkODU1NTZlMzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihX6W7znpfYH+dDjQd9+duR6HfKs
IaK1TWGcjoIQA7h0aEnYT23mjW9lhDMl5DBRbXOVPKB0+6o8P2Ox6vWLKWb+HJW2
/EqGbB5ftsw2GOfvdItmy84yUJfCciv4H4ZdO7dWu3jz3dl/7sLndN98ldlnVjKR
yZtk8GqIWVnsEuTMryRd3kuQQl2XK6oYGTK3YvEq531a4uEdrw/tF0s5zMm3jAvb
gd16UHD2Han+a84m/HQRxmgGjkvNNBSkV9E5p0PAcyI0tgcL7FN61VZg3riroZrT
1zRoQMfTcYSlyrgjZHjsL9s8IzZ2pM/OUPvawfDpeivzlmbAKdrVbfF25QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGrK+kak6H/Wu3mYrsWn8dhVVuMJMB8GA1UdIwQY
MBaAFFFKttFqCxdv1AZV4X+95lK8IdRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVVxMjBXb0xGMl9VQmxYaGY3M21VcndoMUZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84MzM3OTUtNGRmMy00ODUwLWJkOTkt
OGU4YmFjNGNmMThiLzEvYXNyNlJxVG9mOWE3ZVppdXhhZngyRlZXNHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84MzM3OTUtNGRmMy00ODUwLWJkOTktOGU4YmFjNGNmMThi
LzEvVVVxMjBXb0xGMl9VQmxYaGY3M21VcndoMUZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwyuMAwQA
w1XkAwQAw/hTMA0GCSqGSIb3DQEBCwUAA4IBAQDowdK8c0+CKZ1EFxgBPsUKATcu
DHmedjQoLfgKcfPdnQQ+tFDDL/pHuXSUPAjppRxFkRIgb0jb1X4IExBptJ1zesa9
tNygVUj6psYyK/3BwUkydSowpHP023VW7vBx2zqq1lwt7QTeQqNqp1Ra30vdp34z
wi7qqXll+yR+1Lgfe2Fm4uop/X7YT7uqGIYcZOthgEGRfGm4eZEt9o1WlM0ntvHX
tkyMh2TrFf6NpSRjSwK319jqKk0RA6p7nyhhP9usxHv3AachKexPMZrM6gksSU8t
AQU/Vj6ZxOThRpdz2UAXx43CsMkLIPim9YOHMqkhSL+ktOo/9bXa5aFud8Es
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:56 2024 by rpki-client on console-ams.rpki-client.org