Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/feV5oJAREAJLj0c2A7wru4R9JSs.roa
File: feV5oJAREAJLj0c2A7wru4R9JSs.roa (raw, json)
Hash identifier: 2UeUarvPDlNiXklN29QZ4VL6fSyI/PMM3H7F0Fqdh0c=
Subject key identifier: 7D:E5:79:A0:90:11:10:02:4B:8F:47:36:03:BC:2B:BB:84:7D:25:2B
Certificate issuer: /CN=d709c9021e40af92a208de35024ca70663d734e4
Certificate serial: 018CC8DF6A4A73D4FCA8CDA0C79EE87E0F2B
Authority key identifier: D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/feV5oJAREAJLj0c2A7wru4R9JSs.roa
Signing time: Tue 02 Jan 2024 06:32:14 +0000
ROA not before: Tue 02 Jan 2024 06:32:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207817
IP address blocks: 194.5.252.0/24 maxlen: 24
2a0d:9900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:6a:4a:73:d4:fc:a8:cd:a0:c7:9e:e8:7e:0f:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d709c9021e40af92a208de35024ca70663d734e4
Validity
Not Before: Jan 2 06:32:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7de579a0901110024b8f473603bc2bbb847d252b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d3:63:53:c3:e3:97:33:94:a8:c0:63:b6:a7:
37:f8:43:03:ad:57:b0:1e:54:59:ba:1e:82:e3:00:
c2:32:50:ac:bb:ef:72:ce:2d:e5:e0:67:9f:80:a4:
67:c8:9e:29:72:2c:84:4a:93:36:cc:ca:23:66:86:
5f:5a:0a:de:3f:af:39:ec:79:6f:04:1f:76:4f:ba:
f3:61:a7:fa:ab:8b:15:94:89:08:01:9c:5b:7b:a5:
f5:5b:10:65:f3:f7:75:49:73:ae:e0:2e:9e:41:b1:
69:d9:30:41:0a:63:15:fc:42:ea:7b:f7:e3:c6:15:
16:d0:09:00:2b:bc:f1:af:e6:88:be:80:7d:94:2d:
2e:f9:51:c4:6c:c2:5b:f2:14:54:36:f2:7a:2a:d7:
3f:1a:93:6a:9d:8d:40:18:f9:6a:bb:4b:21:5a:df:
76:16:6f:b9:64:a4:97:44:ba:a2:33:56:73:ca:2c:
87:07:ca:d2:78:a8:3e:6e:e4:82:eb:ae:09:b6:e8:
97:9d:17:8e:7c:a8:64:63:6f:f8:42:db:93:5a:32:
6e:cc:01:5c:ff:57:34:f1:f4:bb:e9:44:41:61:99:
82:17:4e:e1:a4:68:26:49:53:7f:32:19:ed:7c:e3:
d7:b0:78:9a:5e:f3:14:6a:be:6b:28:79:2f:e1:35:
da:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:E5:79:A0:90:11:10:02:4B:8F:47:36:03:BC:2B:BB:84:7D:25:2B
X509v3 Authority Key Identifier:
keyid:D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/feV5oJAREAJLj0c2A7wru4R9JSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.5.252.0/24
IPv6:
2a0d:9900::/29
Signature Algorithm: sha256WithRSAEncryption
87:f5:dc:ab:ea:93:b1:5c:2b:74:1b:49:9f:81:56:b2:96:5f:
43:c5:cf:0d:e0:fe:a9:bb:44:cf:ae:f4:29:b4:07:63:38:d0:
aa:5a:1d:02:1b:2e:4b:f3:42:ea:6b:de:4f:ff:4b:9c:27:a0:
fa:01:8b:80:f0:32:4a:84:56:44:33:cb:1a:4f:74:86:aa:cc:
cd:6c:88:e4:19:de:3e:15:56:23:d0:22:9a:97:66:12:0c:d3:
50:19:a5:b1:4c:27:e9:2e:01:f7:35:8e:52:b2:70:86:5c:95:
83:70:cf:92:58:f5:7d:92:4d:3b:8e:96:ea:6b:98:fa:cd:97:
d9:5f:eb:81:46:cf:4a:fb:3e:2f:ca:26:78:d0:01:1a:a5:ba:
1c:cd:39:62:9d:c5:ea:6c:3e:fd:83:eb:75:d8:76:c5:f2:6d:
b6:1f:b2:85:fc:fa:b8:b3:61:5c:84:cf:9c:98:19:31:a9:2f:
1e:4d:59:a4:02:c4:4f:41:27:c1:f2:3f:c9:cb:36:c5:1b:13:
10:ca:b5:3e:bf:10:40:c6:ef:86:70:b4:a6:5f:22:cb:43:07:
30:c9:dc:68:3a:af:04:ea:65:b5:75:57:38:2f:04:53:1f:aa:
75:80:80:71:bf:c9:d9:14:8a:96:3b:34:cf:54:ff:29:82:d5:
f3:e6:d3:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI32pKc9T8qM2gx57ofg8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDljOTAyMWU0MGFmOTJhMjA4ZGUzNTAyNGNhNzA2NjNk
NzM0ZTQwHhcNMjQwMTAyMDYzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGU1NzlhMDkwMTExMDAyNGI4ZjQ3MzYwM2JjMmJiYjg0N2QyNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNNjU8PjlzOUqMBjtqc3+EMDrVew
HlRZuh6C4wDCMlCsu+9yzi3l4GefgKRnyJ4pciyESpM2zMojZoZfWgreP6857Hlv
BB92T7rzYaf6q4sVlIkIAZxbe6X1WxBl8/d1SXOu4C6eQbFp2TBBCmMV/ELqe/fj
xhUW0AkAK7zxr+aIvoB9lC0u+VHEbMJb8hRUNvJ6Ktc/GpNqnY1AGPlqu0shWt92
Fm+5ZKSXRLqiM1ZzyiyHB8rSeKg+buSC664JtuiXnReOfKhkY2/4QtuTWjJuzAFc
/1c08fS76URBYZmCF07hpGgmSVN/MhntfOPXsHiaXvMUar5rKHkv4TXa5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH3leaCQERACS49HNgO8K7uEfSUrMB8GA1UdIwQY
MBaAFNcJyQIeQK+SogjeNQJMpwZj1zTkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEt
OGFhN2M0Y2I3MTlmLzEvZmVWNW9KQVJFQUpMajBjMkE3d3J1NFI5SlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEtOGFhN2M0Y2I3MTlm
LzEvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgX8MA0E
AgACMAcDBQMqDZkAMA0GCSqGSIb3DQEBCwUAA4IBAQCH9dyr6pOxXCt0G0mfgVay
ll9Dxc8N4P6pu0TPrvQptAdjONCqWh0CGy5L80Lqa95P/0ucJ6D6AYuA8DJKhFZE
M8saT3SGqszNbIjkGd4+FVYj0CKal2YSDNNQGaWxTCfpLgH3NY5SsnCGXJWDcM+S
WPV9kk07jpbqa5j6zZfZX+uBRs9K+z4vyiZ40AEapboczTlincXqbD79g+t12HbF
8m22H7KF/Pq4s2FchM+cmBkxqS8eTVmkAsRPQSfB8j/JyzbFGxMQyrU+vxBAxu+G
cLSmXyLLQwcwydxoOq8E6mW1dVc4LwRTH6p1gIBxv8nZFIqWOzTPVP8pgtXz5tPw
-----END CERTIFICATE-----
Generated at Fri Jan 19 12:37:57 2024 by rpki-client on console-fra.rpki-client.org