Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Kr7pI7yA_1dR-OLieqToVB930lQ.roa
File: Kr7pI7yA_1dR-OLieqToVB930lQ.roa (raw, json)
Hash identifier: eVI2lag8LHqcMc2T+FjxXPZXiB86qBQIOLIDDEBV/30=
Subject key identifier: 2A:BE:E9:23:BC:80:FF:57:51:F8:E2:E2:7A:A4:E8:54:1F:77:D2:54
Certificate issuer: /CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Certificate serial: 018CC56EE482A92A48ADCFFF0E827E546F29
Authority key identifier: 4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Kr7pI7yA_1dR-OLieqToVB930lQ.roa
Signing time: Mon 01 Jan 2024 14:30:28 +0000
ROA not before: Mon 01 Jan 2024 14:30:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48960
IP address blocks: 95.173.192.0/21 maxlen: 21
95.173.195.0/24 maxlen: 24
95.173.198.0/24 maxlen: 24
95.173.194.0/24 maxlen: 24
95.173.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:e4:82:a9:2a:48:ad:cf:ff:0e:82:7e:54:6f:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Validity
Not Before: Jan 1 14:30:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2abee923bc80ff5751f8e2e27aa4e8541f77d254
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:4c:c0:24:48:00:e8:fb:0f:12:cb:fc:c5:8a:
83:bf:a5:95:3a:21:9b:27:a3:ce:e1:f1:67:bd:8c:
c9:02:57:f6:cc:52:e9:18:b6:fa:7f:1a:65:d4:e0:
8d:d4:6b:e2:81:64:1e:0a:5a:f2:32:11:c9:6f:02:
1e:6c:0c:46:26:97:8f:55:6f:e4:77:8e:bb:b9:39:
05:0b:01:4b:d0:da:70:f8:fc:23:33:0d:bf:d4:35:
1e:44:47:48:f9:6e:b0:86:63:fd:b5:8e:c7:9f:ae:
d9:2b:57:ae:4e:da:77:55:f8:b7:42:7a:53:7b:73:
3d:bf:16:f3:dc:45:30:46:50:a4:3d:78:7b:05:41:
50:cf:df:73:ae:34:89:bc:05:ff:14:86:e4:a3:6b:
d9:42:cb:6f:d0:27:d0:c6:85:28:3f:55:ec:e9:fe:
d5:1a:47:47:ec:c0:f0:b9:20:b1:ce:e3:5b:dc:e3:
78:b2:d3:97:62:94:3e:3a:39:45:d0:73:d9:fc:2b:
a4:d1:32:28:32:47:d8:57:2d:4d:89:54:66:ae:17:
12:96:36:42:3d:fa:05:b9:c7:20:0d:67:a9:83:83:
3f:6e:f7:40:15:cb:90:74:73:ac:99:7f:27:3f:43:
ba:5c:da:a5:ec:9a:29:54:c1:2f:85:3f:e0:9d:c6:
65:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:BE:E9:23:BC:80:FF:57:51:F8:E2:E2:7A:A4:E8:54:1F:77:D2:54
X509v3 Authority Key Identifier:
keyid:4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Kr7pI7yA_1dR-OLieqToVB930lQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.173.192.0/21
Signature Algorithm: sha256WithRSAEncryption
9e:13:e2:9b:c1:2c:61:cb:82:2e:af:41:28:78:04:6f:17:9e:
09:d5:20:29:fa:80:ab:61:85:ff:8f:0a:55:2a:97:b8:a1:58:
c8:79:18:e8:5d:01:e8:71:37:62:b0:0b:91:d3:87:df:ab:47:
79:9f:f6:f7:28:0f:d6:f4:13:ba:6e:d9:fa:7b:f5:ed:37:fb:
4b:5c:65:ff:bb:df:b2:f1:b9:5f:e0:6a:4e:77:d6:87:77:ff:
46:33:20:95:e1:93:f6:12:e4:0a:be:e4:17:d1:28:ac:b3:58:
2e:b7:a5:a4:25:db:2d:30:89:53:14:44:19:3a:79:2d:77:5d:
c6:81:77:1c:c7:97:b5:59:1b:01:4b:5c:68:b8:ae:fd:7d:c4:
73:0f:1e:07:5a:c9:55:99:44:18:25:fa:62:21:36:8a:01:23:
ae:88:e9:aa:6b:fd:74:a0:6a:6a:68:0d:4c:94:65:46:e7:f8:
66:c8:c5:29:cf:2b:2b:ac:d9:fe:48:d2:91:9c:18:04:1b:08:
03:3e:32:29:de:47:7e:20:d2:23:b8:2f:6e:d3:c6:bf:ad:1a:
44:e3:14:d1:f7:d6:02:a3:c0:8f:e1:89:b3:75:2a:d4:1b:70:
9e:c7:ae:c4:a0:ea:0e:74:32:50:06:4c:a1:16:3f:f5:df:1c:
0a:93:2d:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuSCqSpIrc//DoJ+VG8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWVjZmVjOWY1NGU0ZWMzOWMyMDA1ZWY0ZTYzZTcwYjUx
ZmFlZDQwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWJlZTkyM2JjODBmZjU3NTFmOGUyZTI3YWE0ZTg1NDFmNzdkMjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEzAJEgA6PsPEsv8xYqDv6WVOiGb
J6PO4fFnvYzJAlf2zFLpGLb6fxpl1OCN1GvigWQeClryMhHJbwIebAxGJpePVW/k
d467uTkFCwFL0Npw+PwjMw2/1DUeREdI+W6whmP9tY7Hn67ZK1euTtp3Vfi3QnpT
e3M9vxbz3EUwRlCkPXh7BUFQz99zrjSJvAX/FIbko2vZQstv0CfQxoUoP1Xs6f7V
GkdH7MDwuSCxzuNb3ON4stOXYpQ+OjlF0HPZ/Cuk0TIoMkfYVy1NiVRmrhcSljZC
PfoFuccgDWepg4M/bvdAFcuQdHOsmX8nP0O6XNql7JopVMEvhT/gncZlAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq+6SO8gP9XUfji4nqk6FQfd9JUMB8GA1UdIwQY
MBaAFE5ez+yfVOTsOcIAXvTmPnC1H67UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYt
ZWNhZDNiNzE0OTM4LzEvS3I3cEk3eUFfMWRSLU9MaWVxVG9WQjkzMGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYtZWNhZDNiNzE0OTM4
LzEvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX63AMA0G
CSqGSIb3DQEBCwUAA4IBAQCeE+KbwSxhy4Iur0EoeARvF54J1SAp+oCrYYX/jwpV
Kpe4oVjIeRjoXQHocTdisAuR04ffq0d5n/b3KA/W9BO6btn6e/XtN/tLXGX/u9+y
8blf4GpOd9aHd/9GMyCV4ZP2EuQKvuQX0Siss1gut6WkJdstMIlTFEQZOnktd13G
gXccx5e1WRsBS1xouK79fcRzDx4HWslVmUQYJfpiITaKASOuiOmqa/10oGpqaA1M
lGVG5/hmyMUpzysrrNn+SNKRnBgEGwgDPjIp3kd+INIjuC9u08a/rRpE4xTR99YC
o8CP4YmzdSrUG3Cex67EoOoOdDJQBkyhFj/13xwKky09
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:31 2024 by rpki-client on console-ams.rpki-client.org