Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/mbI1nD2byZT7WLx7-H7HeEabTeY.roa
File: mbI1nD2byZT7WLx7-H7HeEabTeY.roa (raw, json)
Hash identifier: nHopbES3Qo4WbsjXbdlwCdAT4NYGwmgaVpstFjpO5IQ=
Subject key identifier: 99:B2:35:9C:3D:9B:C9:94:FB:58:BC:7B:F8:7E:C7:78:46:9B:4D:E6
Certificate issuer: /CN=d709c9021e40af92a208de35024ca70663d734e4
Certificate serial: 063FB89A
Authority key identifier: D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/mbI1nD2byZT7WLx7-H7HeEabTeY.roa
Signing time: Sat 01 Jan 2022 08:02:49 +0000
ROA not before: Sat 01 Jan 2022 08:02:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207817
IP address blocks: 194.6.247.0/24 maxlen: 24
194.5.235.0/24 maxlen: 24
194.5.252.0/24 maxlen: 24
194.6.234.0/24 maxlen: 24
2a0d:9900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 104839322 (0x63fb89a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d709c9021e40af92a208de35024ca70663d734e4
Validity
Not Before: Jan 1 08:02:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=99b2359c3d9bc994fb58bc7bf87ec778469b4de6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:c4:f9:fe:9c:e4:4f:6f:1a:97:a6:92:05:d5:
37:90:05:0c:be:05:06:2c:24:73:1d:00:c6:3d:df:
0f:49:30:2a:17:5c:b1:1c:24:2f:ee:ce:0b:80:bd:
dd:68:1a:02:64:b0:83:63:ef:79:cd:52:be:29:56:
24:ad:82:2f:6c:7c:39:d4:8f:8c:be:88:a9:ab:72:
2b:6e:ba:4a:56:34:50:52:c7:cd:63:12:55:69:bf:
f3:2c:29:43:9b:c0:52:d2:0e:a7:1d:67:e1:02:58:
af:f1:83:bf:df:7c:ce:b8:63:94:ce:12:cb:0b:af:
33:03:d2:60:7e:db:a7:a3:84:de:ae:22:51:6a:fa:
eb:64:22:4f:eb:7e:44:df:81:b8:03:6d:94:d1:ef:
67:e5:82:f7:fd:88:6e:91:de:dd:17:a5:70:9f:71:
dc:c2:e6:1f:fb:76:e1:1b:33:2d:be:2b:71:fc:83:
67:de:d3:fe:0d:b3:8a:dd:5a:38:d0:ad:22:a0:5f:
5c:06:60:d6:de:28:90:6a:f1:2f:83:1e:ae:a5:b5:
56:79:e9:fb:48:57:fc:ec:4f:fc:e9:7c:9b:d8:e2:
4b:18:4b:66:26:86:f4:ea:65:4f:99:55:52:a5:8a:
77:1f:ae:0e:44:e3:9d:c4:89:8a:fb:be:a3:95:43:
54:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:B2:35:9C:3D:9B:C9:94:FB:58:BC:7B:F8:7E:C7:78:46:9B:4D:E6
X509v3 Authority Key Identifier:
keyid:D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/mbI1nD2byZT7WLx7-H7HeEabTeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.5.235.0/24
194.5.252.0/24
194.6.234.0/24
194.6.247.0/24
IPv6:
2a0d:9900::/29
Signature Algorithm: sha256WithRSAEncryption
18:76:d0:81:33:1d:4c:fa:9d:39:33:c2:4a:e5:df:88:40:85:
33:7e:a3:68:bd:e0:84:2c:62:64:f4:05:e3:d2:e8:8b:d5:06:
24:aa:5c:a5:ce:35:39:fe:e1:f6:af:10:8a:c3:a5:c2:c7:9e:
5d:4b:63:80:ed:db:18:b4:87:a5:6d:f5:0f:d8:19:4d:30:1d:
d2:67:80:3c:f1:9e:ef:a9:aa:dc:98:e2:22:68:72:b3:df:72:
c9:b4:a0:10:97:7b:8e:c5:3a:a3:6b:a4:e7:26:69:38:5b:8d:
2f:59:ab:c3:a5:2f:0d:fd:a0:83:64:2a:3b:a3:46:76:ae:2c:
85:c8:ab:a0:69:88:a4:2a:f9:c6:0b:06:e0:40:21:20:0b:e4:
40:0b:24:49:6e:9e:db:8d:26:7f:bf:00:27:b0:b2:f0:43:d9:
7d:27:57:9d:60:d1:dd:1b:70:d3:c1:09:35:ad:87:d6:9a:1a:
cf:d6:be:1f:34:ca:6f:2f:64:b5:7a:dc:83:3d:93:cb:46:fd:
96:d4:3c:73:60:40:d4:45:79:f3:da:81:5f:ec:db:2b:4d:fd:
c5:96:0b:7b:f4:89:04:3d:61:da:ef:3e:96:ea:90:61:fa:a3:
78:2b:a8:9f:c3:61:97:c5:5e:51:45:02:f6:c9:fb:e9:f6:45:
d4:e6:51:21
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEBj+4mjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzA5YzkwMjFlNDBhZjkyYTIwOGRlMzUwMjRjYTcwNjYzZDczNGU0MB4XDTIyMDEw
MTA4MDI0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTliMjM1OWMzZDli
Yzk5NGZiNThiYzdiZjg3ZWM3Nzg0NjliNGRlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANHE+f6c5E9vGpemkgXVN5AFDL4FBiwkcx0Axj3fD0kwKhdc
sRwkL+7OC4C93WgaAmSwg2Pvec1SvilWJK2CL2x8OdSPjL6IqatyK266SlY0UFLH
zWMSVWm/8ywpQ5vAUtIOpx1n4QJYr/GDv998zrhjlM4SywuvMwPSYH7bp6OE3q4i
UWr662QiT+t+RN+BuANtlNHvZ+WC9/2IbpHe3RelcJ9x3MLmH/t24RszLb4rcfyD
Z97T/g2zit1aONCtIqBfXAZg1t4okGrxL4MerqW1Vnnp+0hX/OxP/Ol8m9jiSxhL
ZiaG9OplT5lVUqWKdx+uDkTjncSJivu+o5VDVHUCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBSZsjWcPZvJlPtYvHv4fsd4RptN5jAfBgNVHSMEGDAWgBTXCckCHkCvkqII
3jUCTKcGY9c05DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzF3bkpBaDVBcjVLaUNONDFBa3luQm1QWE5PUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjYvZjczY2RiLTgyNzMtNGY0My05ZjYxLThhYTdjNGNiNzE5Zi8x
L21iSTFuRDJieVpUN1dMeDctSDdIZUVhYlRlWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYv
ZjczY2RiLTgyNzMtNGY0My05ZjYxLThhYTdjNGNiNzE5Zi8xLzF3bkpBaDVBcjVL
aUNONDFBa3luQm1QWE5PUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAMIF6wMEAMIF/AMEAMIG6gMEAMIG
9zANBAIAAjAHAwUDKg2ZADANBgkqhkiG9w0BAQsFAAOCAQEAGHbQgTMdTPqdOTPC
SuXfiECFM36jaL3ghCxiZPQF49Loi9UGJKpcpc41Of7h9q8QisOlwseeXUtjgO3b
GLSHpW31D9gZTTAd0meAPPGe76mq3JjiImhys99yybSgEJd7jsU6o2uk5yZpOFuN
L1mrw6UvDf2gg2QqO6NGdq4shciroGmIpCr5xgsG4EAhIAvkQAskSW6e240mf78A
J7Cy8EPZfSdXnWDR3Rtw08EJNa2H1poaz9a+HzTKby9ktXrcgz2Ty0b9ltQ8c2BA
1EV589qBX+zbK039xZYLe/SJBD1h2u8+luqQYfqjeCuon8Nhl8VeUUUC9sn76fZF
1OZRIQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:36 2023 by rpki-client on console-fra.rpki-client.org