Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1Pkqt7OpFngjF2T2lqOt93l343E.roa
File: 1Pkqt7OpFngjF2T2lqOt93l343E.roa (raw, json)
Hash identifier: ReoFmQ7r9c1eyMrN+Ne9VLjS9IQFfRy32YD7ORbaYXg=
Subject key identifier: D4:F9:2A:B7:B3:A9:16:78:23:17:64:F6:96:A3:AD:F7:79:77:E3:71
Certificate issuer: /CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Certificate serial: 018D13D7EE502A842301BD05F28D8B090443
Authority key identifier: F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1Pkqt7OpFngjF2T2lqOt93l343E.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 94.158.191.0/24 maxlen: 24
194.32.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ee:50:2a:84:23:01:bd:05:f2:8d:8b:09:04:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d4f92ab7b3a91678231764f696a3adf77977e371
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:85:ef:07:93:d3:74:83:a3:ae:bd:92:37:5b:
42:97:97:ea:6d:12:2b:4b:ba:b6:80:b5:0b:12:e6:
ab:05:fa:a8:69:0d:d5:f5:45:91:19:98:05:8c:83:
82:71:5e:b1:11:9d:dd:16:7e:94:58:9e:c3:86:eb:
b3:7d:f1:04:24:ca:6f:f8:c4:c4:cb:71:43:85:c9:
17:01:3f:96:a3:a5:c6:29:1f:d3:e8:25:da:0e:8d:
94:17:d7:56:63:06:49:bf:5a:de:98:37:be:07:71:
cf:f6:0d:61:d7:ee:a4:d1:4b:e1:f8:c5:e3:65:b4:
65:99:f3:c2:28:b8:25:8b:57:7b:13:b3:81:01:0e:
97:ce:81:e0:0c:d9:36:bc:c0:e3:4f:a9:fe:2b:fa:
6f:bd:5f:50:e6:8a:2f:57:4d:b9:90:98:19:52:e6:
4e:31:2b:b0:04:f4:98:b3:b4:54:10:ee:0b:3f:72:
68:b7:e3:a1:1f:2b:13:5a:f0:4e:f8:e6:95:44:10:
5d:af:19:b0:28:81:d7:d7:88:b3:4b:a4:da:f1:9e:
36:5a:a3:28:6c:ed:43:71:57:8c:a7:c4:53:ae:7e:
3f:97:7e:00:38:eb:a7:ed:4d:14:34:11:8c:8b:33:
bc:e2:e5:6f:85:08:83:53:d6:3c:5b:62:25:a4:ad:
6f:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:F9:2A:B7:B3:A9:16:78:23:17:64:F6:96:A3:AD:F7:79:77:E3:71
X509v3 Authority Key Identifier:
keyid:F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1Pkqt7OpFngjF2T2lqOt93l343E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.158.191.0/24
194.32.243.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:52:76:0f:89:2d:9f:a3:69:ce:a1:6b:da:b1:47:b1:61:15:
c9:36:4a:61:f1:3b:64:f1:6b:2b:26:6f:55:7c:d3:57:bb:34:
2c:a9:28:9e:41:50:56:f0:d0:0c:c1:a9:db:e0:9c:89:21:e8:
86:3a:24:38:bf:6c:b3:18:d7:5d:41:72:22:ef:17:d9:e2:4c:
61:21:66:a5:17:38:f9:a6:14:d7:cb:93:c6:20:6e:42:b7:6e:
0f:80:95:e9:a2:8e:34:f7:9b:5d:84:8f:7c:9b:60:93:05:a6:
81:a5:17:cd:41:87:fc:36:c9:17:c4:4c:e1:20:e6:f4:e7:35:
f7:b1:a4:e3:2d:77:e0:51:7f:9e:a5:f6:92:aa:57:eb:fa:f1:
57:58:82:69:78:35:86:91:ee:11:3f:d1:0c:b2:8d:95:14:f0:
f9:95:26:ff:64:a4:1d:d2:6a:83:6c:2e:60:e0:9e:ee:ec:fd:
55:f9:ce:81:d1:ca:b5:52:8e:f9:3d:c4:26:cb:d8:1d:04:9d:
22:40:ae:36:43:41:07:87:dc:33:f5:1f:39:08:3b:a5:b8:36:
aa:b0:6e:5f:32:e0:92:ca:49:10:e8:41:d2:81:6c:4d:b5:11:
ee:ad:82:90:13:5d:c4:43:09:a6:d6:6a:3b:50:f7:1b:ca:7a:
f5:e6:f6:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY0T1+5QKoQjAb0F8o2LCQRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2E1NDZiNjZlMjQ0OWNlNjI4NDMyZGQ4MGFkNmQ0ZDAw
Y2QwM2UwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGY5MmFiN2IzYTkxNjc4MjMxNzY0ZjY5NmEzYWRmNzc5NzdlMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4XvB5PTdIOjrr2SN1tCl5fqbRIr
S7q2gLULEuarBfqoaQ3V9UWRGZgFjIOCcV6xEZ3dFn6UWJ7DhuuzffEEJMpv+MTE
y3FDhckXAT+Wo6XGKR/T6CXaDo2UF9dWYwZJv1remDe+B3HP9g1h1+6k0Uvh+MXj
ZbRlmfPCKLgli1d7E7OBAQ6XzoHgDNk2vMDjT6n+K/pvvV9Q5oovV025kJgZUuZO
MSuwBPSYs7RUEO4LP3Jot+OhHysTWvBO+OaVRBBdrxmwKIHX14izS6Ta8Z42WqMo
bO1DcVeMp8RTrn4/l34AOOun7U0UNBGMizO84uVvhQiDU9Y8W2IlpK1vEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNT5KrezqRZ4Ixdk9pajrfd5d+NxMB8GA1UdIwQY
MBaAFPl6VGtm4kSc5ihDLdgK1tTQDNA+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YcFVhMmJpUkp6bUtFTXQyQXJXMU5BTTBENC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdl
LTBiMWI2NjQxYjhhMi8xLzFQa3F0N09wRm5nakYyVDJscU90OTNsMzQzRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdlLTBiMWI2NjQxYjhh
Mi8xLzEtWHBVYTJiaVJKem1LRU10MkFyVzFOQU0wRDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABenr8D
BADCIPMwDQYJKoZIhvcNAQELBQADggEBAItSdg+JLZ+jac6ha9qxR7FhFck2SmHx
O2Txaysmb1V801e7NCypKJ5BUFbw0AzBqdvgnIkh6IY6JDi/bLMY111BciLvF9ni
TGEhZqUXOPmmFNfLk8YgbkK3bg+AlemijjT3m12Ej3ybYJMFpoGlF81Bh/w2yRfE
TOEg5vTnNfexpOMtd+BRf56l9pKqV+v68VdYgml4NYaR7hE/0QyyjZUU8PmVJv9k
pB3SaoNsLmDgnu7s/VX5zoHRyrVSjvk9xCbL2B0EnSJArjZDQQeH3DP1HzkIO6W4
Nqqwbl8y4JLKSRDoQdKBbE21Ee6tgpATXcRDCabWajtQ9xvKevXm9m0=
-----END CERTIFICATE-----
Generated at Mon Feb 5 20:17:03 2024 by rpki-client on console-fra.rpki-client.org