Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b172e9-1c5a-415c-8028-1280f2e783d4/1/POkuIDu8ZD0fuxooi5l1JPPRjyE.roa
File: POkuIDu8ZD0fuxooi5l1JPPRjyE.roa (raw, json)
Hash identifier: vjEbljAPtpP5NsQvRGx5OU8cV4fS7gT2kM1Xx8OALLo=
Subject key identifier: 3C:E9:2E:20:3B:BC:64:3D:1F:BB:1A:28:8B:99:75:24:F3:D1:8F:21
Certificate issuer: /CN=9b831ee94c37b9b1159c7d7732936181ab541d80
Certificate serial: 019103EA7C732FFDE180FC4907D9EEE744D5
Authority key identifier: 9B:83:1E:E9:4C:37:B9:B1:15:9C:7D:77:32:93:61:81:AB:54:1D:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m4Me6Uw3ubEVnH13MpNhgatUHYA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/b172e9-1c5a-415c-8028-1280f2e783d4/1/POkuIDu8ZD0fuxooi5l1JPPRjyE.roa
Signing time: Tue 30 Jul 2024 13:53:04 +0000
ROA not before: Tue 30 Jul 2024 13:53:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204704
IP address blocks: 185.206.88.0/24 maxlen: 24
185.206.89.0/24 maxlen: 24
185.206.90.0/24 maxlen: 24
185.206.91.0/24 maxlen: 24
2a0c:d880::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:03:ea:7c:73:2f:fd:e1:80:fc:49:07:d9:ee:e7:44:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9b831ee94c37b9b1159c7d7732936181ab541d80
Validity
Not Before: Jul 30 13:53:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ce92e203bbc643d1fbb1a288b997524f3d18f21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:7b:ad:f8:40:64:fe:4a:38:08:cd:f3:b4:af:
7b:f4:0a:c5:3a:1d:8c:52:9d:ff:47:d0:30:14:e7:
af:c3:12:37:04:45:ac:5c:00:c7:60:0a:44:91:64:
10:bc:87:65:46:96:5d:66:28:b0:e0:74:5e:78:41:
81:be:1c:a0:d3:51:13:99:a5:c3:dd:8a:4a:ec:44:
a3:1c:c6:38:f4:6b:83:69:3d:af:d8:5c:37:fb:dd:
96:a8:0e:1d:22:85:af:40:49:7e:4d:9e:f7:86:28:
86:12:59:96:24:01:d2:63:56:a3:36:ee:32:34:85:
01:24:dc:b2:8e:db:e9:c4:94:2c:ea:d9:9f:2b:a8:
50:5c:4a:f5:b4:63:64:cf:51:05:79:44:3f:c1:d0:
7f:b0:22:9a:4c:ef:82:83:7c:6f:f7:8b:9b:d3:4b:
62:25:0d:b5:de:32:b6:59:ae:b6:0d:49:18:c2:55:
02:ab:18:cc:be:97:64:45:a4:a1:63:f2:31:85:01:
4e:e2:a6:d9:d3:0e:80:b8:7f:87:c8:75:bc:1b:1e:
a8:59:c5:ca:23:3b:e6:85:1c:cc:7f:ca:ed:32:d8:
73:70:46:31:f6:95:5e:c8:2e:10:7e:36:2a:9a:7f:
46:df:34:6d:09:f5:30:54:87:59:1b:71:8d:14:d1:
42:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:E9:2E:20:3B:BC:64:3D:1F:BB:1A:28:8B:99:75:24:F3:D1:8F:21
X509v3 Authority Key Identifier:
keyid:9B:83:1E:E9:4C:37:B9:B1:15:9C:7D:77:32:93:61:81:AB:54:1D:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4Me6Uw3ubEVnH13MpNhgatUHYA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b172e9-1c5a-415c-8028-1280f2e783d4/1/POkuIDu8ZD0fuxooi5l1JPPRjyE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b172e9-1c5a-415c-8028-1280f2e783d4/1/m4Me6Uw3ubEVnH13MpNhgatUHYA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.206.88.0/22
IPv6:
2a0c:d880::/32
Signature Algorithm: sha256WithRSAEncryption
33:2e:fc:cb:a3:c1:6c:fd:74:c5:d9:b5:ea:f4:1d:58:d2:6c:
8c:09:f6:e4:70:0c:d1:b4:49:be:69:a8:a8:73:ae:44:05:33:
a6:59:f6:70:ab:79:3b:3e:0e:de:83:e0:8c:d4:77:d5:3f:06:
1d:05:db:73:19:30:fe:1f:bb:8f:84:d6:6d:88:6f:ac:8b:3a:
3b:47:ad:f9:a9:45:c4:a1:f9:0a:6c:a8:b3:f4:cd:57:3e:78:
d3:f4:00:0f:d3:bf:a3:c0:a0:e5:aa:a1:1f:9e:c2:8a:43:dc:
15:84:f3:08:12:70:88:27:94:20:7a:a2:9c:51:31:62:24:e5:
ba:54:a0:78:9a:5f:bb:a1:5a:a6:df:cf:ba:92:62:20:22:94:
72:7e:45:35:1d:11:7f:10:67:26:e9:b7:2a:0a:df:c6:be:5a:
36:8a:b5:bc:7e:e2:a4:c6:49:05:5f:20:3f:a5:cc:3f:c7:62:
d6:5f:b2:fe:4b:f2:9a:3c:b8:a3:bc:20:68:06:2b:31:5f:2b:
9a:3c:bf:a8:52:a0:98:c1:26:b1:16:88:5e:e0:ef:5f:3d:fd:
a3:e8:30:7c:bc:b6:7b:48:e9:e5:6a:42:48:82:f5:1a:17:57:
b0:1a:f3:2a:1e:f7:89:32:64:92:1d:7e:14:30:84:40:2b:a6:
74:bd:0d:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZED6nxzL/3hgPxJB9nu50TVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODMxZWU5NGMzN2I5YjExNTljN2Q3NzMyOTM2MTgxYWI1
NDFkODAwHhcNMjQwNzMwMTM1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2U5MmUyMDNiYmM2NDNkMWZiYjFhMjg4Yjk5NzUyNGYzZDE4ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynut+EBk/ko4CM3ztK979ArFOh2M
Up3/R9AwFOevwxI3BEWsXADHYApEkWQQvIdlRpZdZiiw4HReeEGBvhyg01ETmaXD
3YpK7ESjHMY49GuDaT2v2Fw3+92WqA4dIoWvQEl+TZ73hiiGElmWJAHSY1ajNu4y
NIUBJNyyjtvpxJQs6tmfK6hQXEr1tGNkz1EFeUQ/wdB/sCKaTO+Cg3xv94ub00ti
JQ213jK2Wa62DUkYwlUCqxjMvpdkRaShY/IxhQFO4qbZ0w6AuH+HyHW8Gx6oWcXK
IzvmhRzMf8rtMthzcEYx9pVeyC4QfjYqmn9G3zRtCfUwVIdZG3GNFNFC5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDzpLiA7vGQ9H7saKIuZdSTz0Y8hMB8GA1UdIwQY
MBaAFJuDHulMN7mxFZx9dzKTYYGrVB2AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRNZTZVdzN1YkVWbkgxM01wTmhnYXRVSFlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iMTcyZTktMWM1YS00MTVjLTgwMjgt
MTI4MGYyZTc4M2Q0LzEvUE9rdUlEdThaRDBmdXhvb2k1bDFKUFBSanlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iMTcyZTktMWM1YS00MTVjLTgwMjgtMTI4MGYyZTc4M2Q0
LzEvbTRNZTZVdzN1YkVWbkgxM01wTmhnYXRVSFlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc5YMA0E
AgACMAcDBQAqDNiAMA0GCSqGSIb3DQEBCwUAA4IBAQAzLvzLo8Fs/XTF2bXq9B1Y
0myMCfbkcAzRtEm+aaioc65EBTOmWfZwq3k7Pg7eg+CM1HfVPwYdBdtzGTD+H7uP
hNZtiG+sizo7R635qUXEofkKbKiz9M1XPnjT9AAP07+jwKDlqqEfnsKKQ9wVhPMI
EnCIJ5QgeqKcUTFiJOW6VKB4ml+7oVqm38+6kmIgIpRyfkU1HRF/EGcm6bcqCt/G
vlo2irW8fuKkxkkFXyA/pcw/x2LWX7L+S/KaPLijvCBoBisxXyuaPL+oUqCYwSax
Fohe4O9fPf2j6DB8vLZ7SOnlakJIgvUaF1ewGvMqHveJMmSSHX4UMIRAK6Z0vQ1v
-----END CERTIFICATE-----
Generated at Tue Sep 24 12:04:18 2024 by rpki-client on console-ams.rpki-client.org