Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mwsQp4mtazucFQ-fPfXZi1zfcfg.roa
File: mwsQp4mtazucFQ-fPfXZi1zfcfg.roa (raw, json)
Hash identifier: HCd/9/okOzpybqx7uJFWabW/aLM+DkqNtuDYp8b4kvo=
Subject key identifier: 9B:0B:10:A7:89:AD:6B:3B:9C:15:0F:9F:3D:F5:D9:8B:5C:DF:71:F8
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018F867001D17EBC619ACF15D821C239C4DA
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mwsQp4mtazucFQ-fPfXZi1zfcfg.roa
Signing time: Fri 17 May 2024 12:03:58 +0000
ROA not before: Fri 17 May 2024 12:03:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 185.128.43.0/24 maxlen: 24
2a11:b687::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:86:70:01:d1:7e:bc:61:9a:cf:15:d8:21:c2:39:c4:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: May 17 12:03:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9b0b10a789ad6b3b9c150f9f3df5d98b5cdf71f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:a3:50:89:1c:7d:c0:7e:49:e9:dc:fd:a2:30:
ea:ed:f7:46:5f:dc:dd:35:40:7f:70:a9:3c:35:23:
47:72:e2:76:87:18:55:f4:2d:3a:d5:e7:c4:9f:26:
8a:f1:4a:86:81:64:d1:14:35:cc:6d:22:64:64:1a:
80:e6:80:3e:57:aa:45:6e:db:7a:54:80:fc:dc:f1:
85:eb:02:15:8f:f9:d7:f0:b6:85:70:b0:94:f2:e7:
ee:2d:da:51:19:5b:a0:64:81:bc:1a:51:b3:a9:82:
ed:86:04:84:d2:00:35:d6:b6:0e:65:56:13:fa:d7:
ad:da:19:2a:68:5c:1a:6e:42:7a:35:e0:fd:a5:e7:
ba:b9:9f:7d:03:46:1a:90:0e:6c:a8:fd:4c:e6:7e:
17:85:34:ea:72:f4:72:01:2a:38:a9:ce:4d:99:1e:
cf:a0:5c:c4:7a:86:ce:5e:49:fc:b1:a8:b8:7d:5f:
8e:af:6b:f6:16:9b:65:c6:03:e3:31:85:58:20:78:
03:93:86:4a:23:60:48:d7:5d:d9:3e:aa:2e:1a:96:
5f:91:50:09:4f:ff:2f:ea:a2:c5:ec:ba:61:f4:63:
a6:0f:bb:e4:fa:9e:e4:71:ae:93:a9:18:d6:ef:ba:
a4:4c:ef:a7:bf:c1:75:5a:e1:95:00:e6:ea:54:31:
87:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:0B:10:A7:89:AD:6B:3B:9C:15:0F:9F:3D:F5:D9:8B:5C:DF:71:F8
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mwsQp4mtazucFQ-fPfXZi1zfcfg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.128.43.0/24
IPv6:
2a11:b687::/32
Signature Algorithm: sha256WithRSAEncryption
0f:8f:e7:d5:12:41:0f:3a:29:b2:f8:fb:25:c6:08:bf:5a:d2:
3a:18:34:f2:f4:00:e7:f2:14:47:cf:6a:1f:c1:8e:f0:20:c1:
fa:78:03:66:1f:89:9b:1d:47:36:9a:fa:1b:ba:30:c2:67:0c:
1f:fc:d9:dc:03:2f:ac:08:e8:a6:c8:95:a5:48:fc:73:d8:00:
0c:14:a2:07:c2:55:9f:56:2b:9e:ba:53:c3:51:d3:f1:6b:de:
9f:23:06:40:2e:b7:23:7a:73:f9:02:ea:5b:c2:a1:59:e5:8b:
26:24:ee:4d:e3:39:7b:a1:c3:ce:ea:16:d8:f6:fd:e7:6c:e9:
70:3e:b2:cb:93:c1:c0:ee:43:1f:36:92:9a:8d:14:e4:0b:a4:
28:e3:aa:df:41:38:99:51:b8:e5:17:c9:95:dc:9d:10:8f:93:
c8:34:4b:ca:10:d4:5e:3d:4c:ff:74:00:1b:c8:bd:2d:3e:65:
8e:d2:80:f7:bb:9c:3d:58:fd:68:ce:5f:d4:64:1f:72:e1:72:
bc:86:65:41:1a:8c:a8:97:35:93:4e:5b:24:d0:ff:a6:b4:a9:
dc:9c:6d:51:7c:87:01:46:28:3f:99:fa:23:e3:e9:4a:9c:ec:
ac:99:ab:49:f9:0f:0a:1b:2e:71:aa:fc:2a:43:7a:18:38:a8:
4e:00:a5:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+GcAHRfrxhms8V2CHCOcTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNTE3MTIwMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjBiMTBhNzg5YWQ2YjNiOWMxNTBmOWYzZGY1ZDk4YjVjZGY3MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqNQiRx9wH5J6dz9ojDq7fdGX9zd
NUB/cKk8NSNHcuJ2hxhV9C061efEnyaK8UqGgWTRFDXMbSJkZBqA5oA+V6pFbtt6
VID83PGF6wIVj/nX8LaFcLCU8ufuLdpRGVugZIG8GlGzqYLthgSE0gA11rYOZVYT
+tet2hkqaFwabkJ6NeD9pee6uZ99A0YakA5sqP1M5n4XhTTqcvRyASo4qc5NmR7P
oFzEeobOXkn8sai4fV+Or2v2FptlxgPjMYVYIHgDk4ZKI2BI113ZPqouGpZfkVAJ
T/8v6qLF7Lph9GOmD7vk+p7kca6TqRjW77qkTO+nv8F1WuGVAObqVDGH9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJsLEKeJrWs7nBUPnz312Ytc33H4MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbXdzUXA0bXRhenVjRlEtZlBmWFppMXpmY2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYArMA0E
AgACMAcDBQAqEbaHMA0GCSqGSIb3DQEBCwUAA4IBAQAPj+fVEkEPOimy+Pslxgi/
WtI6GDTy9ADn8hRHz2ofwY7wIMH6eANmH4mbHUc2mvobujDCZwwf/NncAy+sCOim
yJWlSPxz2AAMFKIHwlWfViueulPDUdPxa96fIwZALrcjenP5AupbwqFZ5YsmJO5N
4zl7ocPO6hbY9v3nbOlwPrLLk8HA7kMfNpKajRTkC6Qo46rfQTiZUbjlF8mV3J0Q
j5PINEvKENRePUz/dAAbyL0tPmWO0oD3u5w9WP1ozl/UZB9y4XK8hmVBGoyolzWT
Tlsk0P+mtKncnG1RfIcBRig/mfoj4+lKnOysmatJ+Q8KGy5xqvwqQ3oYOKhOAKVq
-----END CERTIFICATE-----
Generated at Mon Aug 19 10:52:58 2024 by rpki-client on console-fra.rpki-client.org