Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/y0qMHCbiaMs1YFbWKbYlbVdQlgc.roa
File: y0qMHCbiaMs1YFbWKbYlbVdQlgc.roa (raw, json)
Hash identifier: lM2pukdOhr+QSZge7JD2/VPvzRyT4mu7BnOmFKnJcsw=
Subject key identifier: CB:4A:8C:1C:26:E2:68:CB:35:60:56:D6:29:B6:25:6D:57:50:96:07
Certificate issuer: /CN=d709c9021e40af92a208de35024ca70663d734e4
Certificate serial: 01879E0652E56469352A560D3223DD366ECF
Authority key identifier: D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/y0qMHCbiaMs1YFbWKbYlbVdQlgc.roa
Signing time: Thu 20 Apr 2023 09:37:07 +0000
ROA not before: Thu 20 Apr 2023 09:37:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207817
IP address blocks: 194.5.252.0/24 maxlen: 24
2a0d:9900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9e:06:52:e5:64:69:35:2a:56:0d:32:23:dd:36:6e:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d709c9021e40af92a208de35024ca70663d734e4
Validity
Not Before: Apr 20 09:37:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cb4a8c1c26e268cb356056d629b6256d57509607
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:95:7b:3f:e7:7a:c1:08:50:9f:e2:bb:54:ff:
cf:b9:31:b4:c6:da:bd:57:63:dc:db:55:f9:42:c6:
0e:8f:c6:f6:96:b0:3c:2f:02:cc:2a:38:1a:73:ee:
ed:d4:00:bf:7f:1f:a8:dc:f7:f3:eb:94:7c:8e:eb:
ac:a9:43:d7:1f:06:bb:e8:af:f4:b2:a1:7e:8e:52:
04:b9:24:6a:bb:f7:24:52:87:30:98:01:ca:c7:b0:
a1:6f:cb:36:5d:8a:b7:0f:04:59:2a:d3:da:59:31:
39:3a:39:db:48:16:66:fa:d3:ea:bb:c8:f3:c8:60:
84:ca:82:c6:7c:8d:0d:66:e3:c9:89:6d:b0:6c:34:
dc:96:34:57:63:f3:73:0f:1c:58:a4:39:32:26:d8:
ae:6b:0e:03:1d:96:e9:e5:06:a6:55:70:1f:a7:57:
dc:91:4c:6a:7a:dc:33:e4:b5:56:3b:64:b3:dc:51:
15:3c:ca:c4:ec:88:22:eb:0b:c3:ab:d8:29:cc:1c:
73:76:33:3e:fc:52:e4:e0:e6:3b:7b:aa:5e:11:83:
f6:4f:d8:5d:2b:02:14:2b:68:12:8d:a8:d0:07:a8:
f8:b6:d0:54:e6:c9:c5:3b:82:e2:34:5b:e7:b2:53:
27:a2:ea:2d:88:03:a1:8b:80:44:79:bf:e0:b8:9b:
6c:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:4A:8C:1C:26:E2:68:CB:35:60:56:D6:29:B6:25:6D:57:50:96:07
X509v3 Authority Key Identifier:
keyid:D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/y0qMHCbiaMs1YFbWKbYlbVdQlgc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.5.252.0/24
IPv6:
2a0d:9900::/29
Signature Algorithm: sha256WithRSAEncryption
93:22:57:1b:af:1c:e6:9f:85:30:45:8f:d2:92:29:1a:71:11:
8e:93:d8:bb:4e:05:b3:cb:e1:f3:12:3e:ac:6d:ce:eb:e9:87:
b9:96:f5:a8:be:e5:f9:45:27:7f:98:cd:8a:e2:a2:f4:8a:6a:
33:6b:06:89:da:f4:d2:b1:ce:e9:28:21:50:9d:df:cd:d0:c7:
27:68:71:97:28:74:12:70:0b:83:23:c6:a2:5a:c3:40:aa:24:
2b:c5:dc:7f:f6:c3:1f:96:f3:dc:5a:16:46:72:47:a6:3c:93:
97:b4:85:db:99:56:93:7d:3c:e4:b6:98:a7:bd:f4:33:59:01:
f2:9d:30:3c:fc:7b:8e:a5:17:23:16:7e:95:f7:3c:bc:36:58:
13:1a:03:b0:3d:d0:65:5a:43:2f:56:d1:3f:39:bb:4a:3c:3c:
f6:65:47:6c:4e:5b:d3:04:55:8d:0c:43:60:99:41:f6:70:d8:
1c:9f:a8:88:93:0a:28:97:e1:63:e3:ee:05:86:c2:53:57:86:
75:23:fb:69:dc:f9:22:50:c1:9e:be:0f:f5:45:13:26:91:93:
90:71:e4:cf:db:84:4e:db:c2:65:f0:5a:5f:1e:19:99:bf:e8:
c7:e1:e4:8f:1b:33:8a:e2:dd:64:e9:ab:1c:44:ec:f9:fd:81:
ae:c1:16:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYeeBlLlZGk1KlYNMiPdNm7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDljOTAyMWU0MGFmOTJhMjA4ZGUzNTAyNGNhNzA2NjNk
NzM0ZTQwHhcNMjMwNDIwMDkzNzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRhOGMxYzI2ZTI2OGNiMzU2MDU2ZDYyOWI2MjU2ZDU3NTA5NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZV7P+d6wQhQn+K7VP/PuTG0xtq9
V2Pc21X5QsYOj8b2lrA8LwLMKjgac+7t1AC/fx+o3Pfz65R8juusqUPXHwa76K/0
sqF+jlIEuSRqu/ckUocwmAHKx7Chb8s2XYq3DwRZKtPaWTE5OjnbSBZm+tPqu8jz
yGCEyoLGfI0NZuPJiW2wbDTcljRXY/NzDxxYpDkyJtiuaw4DHZbp5QamVXAfp1fc
kUxqetwz5LVWO2Sz3FEVPMrE7Igi6wvDq9gpzBxzdjM+/FLk4OY7e6peEYP2T9hd
KwIUK2gSjajQB6j4ttBU5snFO4LiNFvnslMnouotiAOhi4BEeb/guJtsZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtKjBwm4mjLNWBW1im2JW1XUJYHMB8GA1UdIwQY
MBaAFNcJyQIeQK+SogjeNQJMpwZj1zTkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEt
OGFhN2M0Y2I3MTlmLzEveTBxTUhDYmlhTXMxWUZiV0tiWWxiVmRRbGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEtOGFhN2M0Y2I3MTlm
LzEvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgX8MA0E
AgACMAcDBQMqDZkAMA0GCSqGSIb3DQEBCwUAA4IBAQCTIlcbrxzmn4UwRY/Skika
cRGOk9i7TgWzy+HzEj6sbc7r6Ye5lvWovuX5RSd/mM2K4qL0imozawaJ2vTSsc7p
KCFQnd/N0McnaHGXKHQScAuDI8aiWsNAqiQrxdx/9sMflvPcWhZGckemPJOXtIXb
mVaTfTzktpinvfQzWQHynTA8/HuOpRcjFn6V9zy8NlgTGgOwPdBlWkMvVtE/ObtK
PDz2ZUdsTlvTBFWNDENgmUH2cNgcn6iIkwool+Fj4+4FhsJTV4Z1I/tp3PkiUMGe
vg/1RRMmkZOQceTP24RO28Jl8FpfHhmZv+jH4eSPGzOK4t1k6ascROz5/YGuwRZQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:02 2024 by rpki-client on console-fra.rpki-client.org