Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/5954db-9cd5-4357-a211-7993972840b6/1/wuJ-eVIYefpgks7sNz6UxGr_1q0.roa
File: wuJ-eVIYefpgks7sNz6UxGr_1q0.roa (raw, json)
Hash identifier: IFUDqPgRML5Hehz2uZ1xj9nF6Q8X/veiS9/Rk03njkU=
Subject key identifier: C2:E2:7E:79:52:18:79:FA:60:92:CE:EC:37:3E:94:C4:6A:FF:D6:AD
Certificate issuer: /CN=eca2e95c397944c3ce6d3f4371488b739e42e42e
Certificate serial: 01856E66757CC7D82D1916B648C22170ED2F
Authority key identifier: EC:A2:E9:5C:39:79:44:C3:CE:6D:3F:43:71:48:8B:73:9E:42:E4:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7KLpXDl5RMPObT9DcUiLc55C5C4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/5954db-9cd5-4357-a211-7993972840b6/1/wuJ-eVIYefpgks7sNz6UxGr_1q0.roa
Signing time: Sun 01 Jan 2023 17:34:46 +0000
ROA not before: Sun 01 Jan 2023 17:34:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210760
IP address blocks: 188.95.68.0/24 maxlen: 24
2a11:14c0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:66:75:7c:c7:d8:2d:19:16:b6:48:c2:21:70:ed:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eca2e95c397944c3ce6d3f4371488b739e42e42e
Validity
Not Before: Jan 1 17:34:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2e27e79521879fa6092ceec373e94c46affd6ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:9a:b6:f3:e3:84:13:70:0d:32:12:78:c6:82:
c0:4f:4b:64:df:5b:6b:14:84:65:25:0f:3c:03:9e:
b6:6e:5c:0b:73:a6:3b:94:f4:d4:ad:76:65:a8:0d:
48:bd:f0:6a:1b:4d:c0:a7:e8:4e:10:ef:f4:e7:3e:
76:55:cb:ac:96:e4:17:f3:91:d5:ae:35:33:74:94:
b9:1d:ce:e2:86:95:74:da:37:0c:3c:df:8d:0e:3a:
a6:55:19:86:83:1a:06:52:9b:5e:81:40:39:21:27:
16:e8:38:e8:76:1f:72:5a:4a:f7:0c:89:b2:d2:6b:
10:12:d9:ca:ef:76:3a:58:eb:2e:d4:97:a0:50:1f:
13:50:9c:d8:96:b7:56:21:fa:fe:41:b9:f5:c9:71:
60:8b:01:0a:a1:88:97:2b:fc:f0:31:21:ea:96:fa:
41:ed:e2:c1:a0:f8:31:1e:ac:30:d0:05:31:c3:17:
bb:d3:b4:9a:2c:c0:91:d3:cf:ed:56:d3:eb:81:8e:
5f:02:ae:87:48:ad:39:2e:63:e1:71:67:67:f1:ca:
14:61:0c:98:9a:17:fc:3a:7f:e1:97:b4:d2:28:a7:
9d:ee:31:d2:10:45:91:4d:2e:95:c7:26:db:b5:22:
87:5f:d6:b2:d2:f8:86:b7:28:68:0a:75:ff:a8:3d:
9e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:E2:7E:79:52:18:79:FA:60:92:CE:EC:37:3E:94:C4:6A:FF:D6:AD
X509v3 Authority Key Identifier:
keyid:EC:A2:E9:5C:39:79:44:C3:CE:6D:3F:43:71:48:8B:73:9E:42:E4:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7KLpXDl5RMPObT9DcUiLc55C5C4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/5954db-9cd5-4357-a211-7993972840b6/1/wuJ-eVIYefpgks7sNz6UxGr_1q0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/5954db-9cd5-4357-a211-7993972840b6/1/7KLpXDl5RMPObT9DcUiLc55C5C4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.95.68.0/24
IPv6:
2a11:14c0::/29
Signature Algorithm: sha256WithRSAEncryption
9f:2a:f8:ce:b6:0f:1d:6e:22:80:7c:27:9f:cc:6e:f1:ad:d4:
2e:88:e7:f5:45:f5:fc:d5:af:38:f8:68:b4:c6:32:e0:be:90:
22:d7:5e:b3:08:ef:c0:24:fd:2e:13:54:d4:cc:a7:d4:fd:b2:
20:72:2a:82:8f:76:49:67:9b:c5:b4:c2:d4:9c:76:aa:49:97:
fc:b2:38:17:53:89:2b:3e:66:0c:db:9d:3a:17:e3:36:85:cc:
dd:68:aa:05:e7:19:41:d9:4a:ba:99:fd:12:4d:74:3c:41:93:
27:bf:fe:8a:d7:b2:1f:7c:eb:15:17:fe:0d:bd:48:e8:28:92:
cd:be:57:88:5a:4d:b2:02:4f:91:22:7b:11:48:5f:f7:bc:63:
4a:a8:c8:4a:e3:db:ea:db:c3:e9:51:f3:1c:8a:53:63:18:d4:
47:1b:b3:15:c4:d5:f8:b6:d5:15:ac:9b:40:58:e6:3e:e8:be:
66:1d:16:c9:31:fb:d1:61:1d:6e:94:ca:91:f6:c7:2c:7e:56:
fb:98:e4:0e:1e:20:9b:16:90:bb:46:7f:61:be:e8:bb:b5:e7:
49:35:93:e1:26:36:96:8c:56:c6:da:7b:30:76:0f:18:1d:e6:
46:fc:20:52:88:98:70:8b:3f:23:df:8e:3d:96:34:8e:8e:b0:
3d:11:b4:7f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuZnV8x9gtGRa2SMIhcO0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYTJlOTVjMzk3OTQ0YzNjZTZkM2Y0MzcxNDg4YjczOWU0
MmU0MmUwHhcNMjMwMTAxMTczNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmUyN2U3OTUyMTg3OWZhNjA5MmNlZWMzNzNlOTRjNDZhZmZkNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJq28+OEE3ANMhJ4xoLAT0tk31tr
FIRlJQ88A562blwLc6Y7lPTUrXZlqA1IvfBqG03Ap+hOEO/05z52VcusluQX85HV
rjUzdJS5Hc7ihpV02jcMPN+NDjqmVRmGgxoGUptegUA5IScW6Djodh9yWkr3DImy
0msQEtnK73Y6WOsu1JegUB8TUJzYlrdWIfr+Qbn1yXFgiwEKoYiXK/zwMSHqlvpB
7eLBoPgxHqww0AUxwxe707SaLMCR08/tVtPrgY5fAq6HSK05LmPhcWdn8coUYQyY
mhf8On/hl7TSKKed7jHSEEWRTS6VxybbtSKHX9ay0viGtyhoCnX/qD2eRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMLifnlSGHn6YJLO7Dc+lMRq/9atMB8GA1UdIwQY
MBaAFOyi6Vw5eUTDzm0/Q3FIi3OeQuQuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0tMcFhEbDVSTVBPYlQ5RGNVaUxjNTVDNUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OTU0ZGItOWNkNS00MzU3LWEyMTEt
Nzk5Mzk3Mjg0MGI2LzEvd3VKLWVWSVllZnBna3M3c056NlV4R3JfMXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OTU0ZGItOWNkNS00MzU3LWEyMTEtNzk5Mzk3Mjg0MGI2
LzEvN0tMcFhEbDVSTVBPYlQ5RGNVaUxjNTVDNUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvF9EMA0E
AgACMAcDBQMqERTAMA0GCSqGSIb3DQEBCwUAA4IBAQCfKvjOtg8dbiKAfCefzG7x
rdQuiOf1RfX81a84+Gi0xjLgvpAi116zCO/AJP0uE1TUzKfU/bIgciqCj3ZJZ5vF
tMLUnHaqSZf8sjgXU4krPmYM2506F+M2hczdaKoF5xlB2Uq6mf0STXQ8QZMnv/6K
17IffOsVF/4NvUjoKJLNvleIWk2yAk+RInsRSF/3vGNKqMhK49vq28PpUfMcilNj
GNRHG7MVxNX4ttUVrJtAWOY+6L5mHRbJMfvRYR1ulMqR9scsflb7mOQOHiCbFpC7
Rn9hvui7tedJNZPhJjaWjFbG2nswdg8YHeZG/CBSiJhwiz8j3449ljSOjrA9EbR/
-----END CERTIFICATE-----
Generated at Thu Nov 30 11:39:48 2023 by rpki-client on console-fra.rpki-client.org