Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/UtuJ3KSBu5UaMTBi46C23JYkeVo.roa
File: UtuJ3KSBu5UaMTBi46C23JYkeVo.roa (raw, json)
Hash identifier: F327XpdhRnoe0/vCA6pa+Z572ssTikjnNQM4FvpK4Ow=
Subject key identifier: 52:DB:89:DC:A4:81:BB:95:1A:31:30:62:E3:A0:B6:DC:96:24:79:5A
Certificate issuer: /CN=4092c47db8a21931154605d576c3b7341d06b4b4
Certificate serial: 01857230EB4E08F36D5923E79A28F567967F
Authority key identifier: 40:92:C4:7D:B8:A2:19:31:15:46:05:D5:76:C3:B7:34:1D:06:B4:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/UtuJ3KSBu5UaMTBi46C23JYkeVo.roa
Signing time: Mon 02 Jan 2023 11:14:46 +0000
ROA not before: Mon 02 Jan 2023 11:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206238
IP address blocks: 185.93.175.0/24 maxlen: 24
185.238.128.0/22 maxlen: 24
2a10:3780::/29 maxlen: 29
2a10:3780:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:30:eb:4e:08:f3:6d:59:23:e7:9a:28:f5:67:96:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4092c47db8a21931154605d576c3b7341d06b4b4
Validity
Not Before: Jan 2 11:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=52db89dca481bb951a313062e3a0b6dc9624795a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:cf:81:68:85:20:10:56:9e:a7:a7:03:97:9e:
7e:f7:3f:a9:1e:57:59:2e:24:f5:ef:c9:0c:1a:b5:
91:08:c6:4a:30:f3:2f:0a:2c:b9:71:e2:7b:8c:ee:
26:3d:35:4c:41:ec:7f:72:e4:1d:74:22:2f:70:25:
b2:03:29:0a:08:87:91:fa:b1:0f:b8:c0:f7:de:cd:
d7:8c:6a:01:bd:00:7f:e6:a7:93:22:11:9a:c5:2c:
f1:e2:69:c4:cc:41:58:ee:27:5a:cd:49:51:c1:81:
b8:34:04:df:b7:1d:78:41:16:07:0e:f0:ee:82:fb:
1b:9a:72:54:b9:a4:12:f3:3f:f1:0b:d4:3b:e6:56:
77:97:66:00:2c:84:96:12:b5:9d:4c:ac:54:46:57:
19:b6:ce:26:89:b6:b0:af:c5:c2:14:13:ca:c5:d1:
f8:d5:cb:d1:bf:00:6d:ab:26:de:c3:82:27:3b:b9:
2b:bd:90:68:08:10:23:ba:8f:9a:4d:34:a5:72:34:
d3:3b:4d:dc:e3:5a:46:6e:3e:4b:15:b2:48:9f:a4:
1d:53:17:c2:1b:1d:d8:02:a2:09:ed:d4:20:07:ab:
8a:fe:10:87:9f:73:b4:85:97:24:72:8a:0b:73:e7:
a7:71:f1:59:48:41:79:63:cf:5f:bd:77:a2:47:b7:
89:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:DB:89:DC:A4:81:BB:95:1A:31:30:62:E3:A0:B6:DC:96:24:79:5A
X509v3 Authority Key Identifier:
keyid:40:92:C4:7D:B8:A2:19:31:15:46:05:D5:76:C3:B7:34:1D:06:B4:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/UtuJ3KSBu5UaMTBi46C23JYkeVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b228d9-7ff3-4c40-95a6-8a36a6facd50/1/QJLEfbiiGTEVRgXVdsO3NB0GtLQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.93.175.0/24
185.238.128.0/22
IPv6:
2a10:3780::/29
Signature Algorithm: sha256WithRSAEncryption
c3:0a:89:e4:1f:fd:ee:68:63:f3:e4:b2:fe:22:88:19:bc:ad:
f3:be:5f:ea:d3:ca:3d:5c:18:c5:c3:a8:79:75:d7:1c:50:39:
9f:ef:f6:93:d6:25:12:1a:90:bd:7c:f2:68:65:60:e2:50:6d:
29:04:56:04:42:33:a6:75:bb:69:05:a4:a4:70:09:d6:5b:18:
85:63:64:cf:00:05:96:68:13:17:03:93:df:f4:9e:05:66:ab:
29:4b:37:95:1a:c4:b7:f0:de:d5:3a:82:43:e9:06:b8:ed:e8:
f5:b6:26:c9:1d:63:41:84:a2:5a:55:b3:de:0e:14:2a:c1:ab:
33:13:a4:9e:15:0d:22:d3:d4:58:5f:8e:67:71:71:34:5d:c6:
ae:55:d3:04:09:11:e2:ed:cc:de:d1:1c:e1:7e:11:51:89:f1:
a5:a5:d8:ae:cc:fd:93:5d:d8:12:52:af:a4:42:03:6f:18:30:
ab:dd:de:9e:4f:72:d8:76:f4:c6:38:fc:9b:8d:8c:9d:f5:13:
89:d3:9c:59:cb:d2:6b:ac:8b:9e:c9:4e:33:04:ed:2e:11:94:
07:5a:c7:b9:3c:05:59:f1:16:5e:86:cb:e8:85:9b:a3:98:3d:
43:77:d3:28:44:96:f8:28:f4:4f:dc:2d:9c:b7:1a:42:0c:bf:
76:00:fd:04
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVyMOtOCPNtWSPnmij1Z5Z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOTJjNDdkYjhhMjE5MzExNTQ2MDVkNTc2YzNiNzM0MWQw
NmI0YjQwHhcNMjMwMTAyMTExNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmRiODlkY2E0ODFiYjk1MWEzMTMwNjJlM2EwYjZkYzk2MjQ3OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM+BaIUgEFaep6cDl55+9z+pHldZ
LiT178kMGrWRCMZKMPMvCiy5ceJ7jO4mPTVMQex/cuQddCIvcCWyAykKCIeR+rEP
uMD33s3XjGoBvQB/5qeTIhGaxSzx4mnEzEFY7idazUlRwYG4NATftx14QRYHDvDu
gvsbmnJUuaQS8z/xC9Q75lZ3l2YALISWErWdTKxURlcZts4mibawr8XCFBPKxdH4
1cvRvwBtqybew4InO7krvZBoCBAjuo+aTTSlcjTTO03c41pGbj5LFbJIn6QdUxfC
Gx3YAqIJ7dQgB6uK/hCHn3O0hZckcooLc+encfFZSEF5Y89fvXeiR7eJRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFLbidykgbuVGjEwYuOgttyWJHlaMB8GA1UdIwQY
MBaAFECSxH24ohkxFUYF1XbDtzQdBrS0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUpMRWZiaWlHVEVWUmdYVmRzTzNOQjBHdExRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iMjI4ZDktN2ZmMy00YzQwLTk1YTYt
OGEzNmE2ZmFjZDUwLzEvVXR1SjNLU0J1NVVhTVRCaTQ2QzIzSllrZVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iMjI4ZDktN2ZmMy00YzQwLTk1YTYtOGEzNmE2ZmFjZDUw
LzEvUUpMRWZiaWlHVEVWUmdYVmRzTzNOQjBHdExRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuV2vAwQC
ue6AMA0EAgACMAcDBQMqEDeAMA0GCSqGSIb3DQEBCwUAA4IBAQDDConkH/3uaGPz
5LL+IogZvK3zvl/q08o9XBjFw6h5ddccUDmf7/aT1iUSGpC9fPJoZWDiUG0pBFYE
QjOmdbtpBaSkcAnWWxiFY2TPAAWWaBMXA5Pf9J4FZqspSzeVGsS38N7VOoJD6Qa4
7ej1tibJHWNBhKJaVbPeDhQqwaszE6SeFQ0i09RYX45ncXE0XcauVdMECRHi7cze
0RzhfhFRifGlpdiuzP2TXdgSUq+kQgNvGDCr3d6eT3LYdvTGOPybjYyd9ROJ05xZ
y9JrrIueyU4zBO0uEZQHWse5PAVZ8RZehsvohZujmD1Dd9MoRJb4KPRP3C2ctxpC
DL92AP0E
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:00 2024 by rpki-client on console-ams.rpki-client.org