Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/RqMQKcMiJwjYVeMKwj2e-sfleuw.roa
File: RqMQKcMiJwjYVeMKwj2e-sfleuw.roa (raw, json)
Hash identifier: GyEWS7W/Rr+eYxmYG98+pFqB7QO8gBFYuLv/G4dn8KM=
Subject key identifier: 46:A3:10:29:C3:22:27:08:D8:55:E3:0A:C2:3D:9E:FA:C7:E5:7A:EC
Certificate issuer: /CN=bfabf5a474afe7212331670e831e119da38f284f
Certificate serial: 018CC79360B5E2A1A7EC576F750D685013A3
Authority key identifier: BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/RqMQKcMiJwjYVeMKwj2e-sfleuw.roa
Signing time: Tue 02 Jan 2024 00:29:33 +0000
ROA not before: Tue 02 Jan 2024 00:29:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204478
IP address blocks: 185.108.244.0/22 maxlen: 22
185.70.68.0/22 maxlen: 22
185.41.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:93:60:b5:e2:a1:a7:ec:57:6f:75:0d:68:50:13:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfabf5a474afe7212331670e831e119da38f284f
Validity
Not Before: Jan 2 00:29:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=46a31029c3222708d855e30ac23d9efac7e57aec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:bd:4b:4d:6c:e1:5e:f8:4d:f7:5a:4b:43:33:
11:61:f1:47:e9:4c:79:a2:92:c0:41:45:17:81:50:
08:f1:73:bd:2d:40:d6:d1:b6:fb:0b:13:06:45:10:
44:86:4b:dc:81:94:99:3f:b7:5a:5e:d3:5b:ee:f0:
07:ab:25:b7:de:87:24:5f:a9:82:55:cf:88:de:13:
ef:98:a1:c1:ee:20:c3:67:8b:51:86:26:cb:cd:e9:
c8:d5:ff:76:51:7b:0e:41:ba:0f:9e:35:41:23:73:
9b:ad:0b:6e:5e:df:3c:23:09:fd:e5:ee:3c:35:17:
11:09:b2:08:1a:01:6c:1d:d6:a7:0d:27:5c:42:9c:
d8:49:77:50:04:a4:92:ae:37:61:fa:ce:6d:84:b0:
87:b7:e9:06:ff:ee:2d:5a:ed:ce:e2:a3:70:9b:d0:
4e:02:2b:ac:79:4e:ea:d7:44:c1:1b:f7:b8:c0:b4:
ac:7e:8c:16:8e:19:fe:19:ca:e0:67:7a:ba:c1:fe:
c8:d4:b6:66:44:ac:1f:02:85:c4:96:9e:b7:76:c6:
7d:0b:b0:9a:09:7e:78:2d:d1:a8:dc:c3:da:ca:4e:
c2:2f:65:d2:b3:04:e2:ea:55:e2:87:07:79:7e:a0:
6a:d3:0a:80:00:4d:6c:19:25:72:e4:82:6b:3f:34:
c8:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:A3:10:29:C3:22:27:08:D8:55:E3:0A:C2:3D:9E:FA:C7:E5:7A:EC
X509v3 Authority Key Identifier:
keyid:BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/RqMQKcMiJwjYVeMKwj2e-sfleuw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/v6v1pHSv5yEjMWcOgx4RnaOPKE8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.41.76.0/22
185.70.68.0/22
185.108.244.0/22
Signature Algorithm: sha256WithRSAEncryption
bb:85:35:a0:c7:c6:64:cd:70:21:20:10:eb:ec:04:2f:43:6a:
8a:7c:7c:ee:c5:1f:ac:e4:72:9d:36:e5:c2:8b:f7:e1:89:e4:
c0:85:c9:89:f7:53:9d:61:88:2e:f2:bd:2b:dd:a4:b3:4f:c5:
84:3b:a2:94:f6:1e:d4:bd:bb:af:5f:b4:d2:d1:b8:7c:d1:95:
f3:f4:19:0a:15:2a:a1:3f:69:ee:2b:fd:65:19:1c:1d:49:74:
0c:13:03:fc:c2:e0:4d:1d:b2:df:01:b1:d0:49:b5:7d:c0:d5:
b1:1d:d4:0f:e2:90:01:05:95:bc:38:1c:43:95:7b:be:c8:26:
08:40:7d:51:45:4e:dd:ac:d8:67:3f:0e:8c:17:b9:f9:55:c4:
5e:78:ad:4d:9c:e4:dc:bd:d7:a3:62:5d:c5:e8:6e:e1:2c:c1:
ef:89:c0:ae:a2:09:cf:51:40:bc:95:72:39:fb:31:fb:d7:fc:
c4:11:1b:c1:79:b7:69:84:e2:5c:4d:99:89:0b:45:4e:7b:9a:
26:09:b4:02:00:6a:c3:c9:37:38:e5:3d:1d:29:2a:4e:46:02:
2c:1c:e1:7b:16:5f:a2:2d:c3:51:73:50:f7:a3:f7:b2:b9:7c:
4a:8f:a8:4c:6a:46:a7:45:32:9a:f8:e4:db:1b:b8:ca:c5:28:
80:c8:ad:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHk2C14qGn7FdvdQ1oUBOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWJmNWE0NzRhZmU3MjEyMzMxNjcwZTgzMWUxMTlkYTM4
ZjI4NGYwHhcNMjQwMTAyMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmEzMTAyOWMzMjIyNzA4ZDg1NWUzMGFjMjNkOWVmYWM3ZTU3YWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA071LTWzhXvhN91pLQzMRYfFH6Ux5
opLAQUUXgVAI8XO9LUDW0bb7CxMGRRBEhkvcgZSZP7daXtNb7vAHqyW33ockX6mC
Vc+I3hPvmKHB7iDDZ4tRhibLzenI1f92UXsOQboPnjVBI3ObrQtuXt88Iwn95e48
NRcRCbIIGgFsHdanDSdcQpzYSXdQBKSSrjdh+s5thLCHt+kG/+4tWu3O4qNwm9BO
AiuseU7q10TBG/e4wLSsfowWjhn+GcrgZ3q6wf7I1LZmRKwfAoXElp63dsZ9C7Ca
CX54LdGo3MPayk7CL2XSswTi6lXihwd5fqBq0wqAAE1sGSVy5IJrPzTI4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEajECnDIicI2FXjCsI9nvrH5XrsMB8GA1UdIwQY
MBaAFL+r9aR0r+chIzFnDoMeEZ2jjyhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWIt
ZmViYmM0YTNiNDViLzEvUnFNUUtjTWlKd2pZVmVNS3dqMmUtc2ZsZXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWItZmViYmM0YTNiNDVi
LzEvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuSlMAwQC
uUZEAwQCuWz0MA0GCSqGSIb3DQEBCwUAA4IBAQC7hTWgx8ZkzXAhIBDr7AQvQ2qK
fHzuxR+s5HKdNuXCi/fhieTAhcmJ91OdYYgu8r0r3aSzT8WEO6KU9h7UvbuvX7TS
0bh80ZXz9BkKFSqhP2nuK/1lGRwdSXQMEwP8wuBNHbLfAbHQSbV9wNWxHdQP4pAB
BZW8OBxDlXu+yCYIQH1RRU7drNhnPw6MF7n5VcReeK1NnOTcvdejYl3F6G7hLMHv
icCuognPUUC8lXI5+zH71/zEERvBebdphOJcTZmJC0VOe5omCbQCAGrDyTc45T0d
KSpORgIsHOF7Fl+iLcNRc1D3o/eyuXxKj6hMakanRTKa+OTbG7jKxSiAyK2I
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org