Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/5a2514-efec-499a-b00e-b726c1cac110/1/9vHbECnan7mcF8qmEncb5c5xqJk.roa
File: 9vHbECnan7mcF8qmEncb5c5xqJk.roa (raw, json)
Hash identifier: 24/XgjY0LYVlZ2bgawEMABStVO87fAXcpEREIW13JaU=
Subject key identifier: F6:F1:DB:10:29:DA:9F:B9:9C:17:CA:A6:12:77:1B:E5:CE:71:A8:99
Certificate issuer: /CN=3ba7f6c0b9e40a55e29cf36237c78998fcb1eaea
Certificate serial: 01870E504BB5E870F45DCA9A44F76E4C356B
Authority key identifier: 3B:A7:F6:C0:B9:E4:0A:55:E2:9C:F3:62:37:C7:89:98:FC:B1:EA:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O6f2wLnkClXinPNiN8eJmPyx6uo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/5a2514-efec-499a-b00e-b726c1cac110/1/9vHbECnan7mcF8qmEncb5c5xqJk.roa
Signing time: Thu 23 Mar 2023 11:52:35 +0000
ROA not before: Thu 23 Mar 2023 11:52:35 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205374
IP address blocks: 185.219.84.0/24 maxlen: 24
185.219.86.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:0e:50:4b:b5:e8:70:f4:5d:ca:9a:44:f7:6e:4c:35:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ba7f6c0b9e40a55e29cf36237c78998fcb1eaea
Validity
Not Before: Mar 23 11:52:35 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f6f1db1029da9fb99c17caa612771be5ce71a899
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:ac:1b:60:7d:55:56:af:22:3a:1f:13:4a:33:
ec:57:1d:ce:41:7a:c4:ec:08:23:bb:66:24:d7:25:
55:4f:f1:bb:09:ac:e1:ea:b2:36:ae:04:83:46:00:
ec:ac:2e:67:e8:c2:a3:2d:4c:dc:c8:bb:36:71:33:
54:5a:19:6e:c8:4e:24:c9:3e:92:b7:d0:87:84:99:
ba:d6:3b:16:2c:ca:ce:95:ce:42:3b:0a:4a:d0:91:
85:91:15:1e:28:6f:f5:d6:eb:b3:e5:3d:b0:2f:a9:
49:b8:42:ce:0b:3e:fd:bb:f3:7d:5f:75:fb:9f:37:
3b:0d:c2:53:fb:83:08:0c:cf:63:66:bb:8e:4f:bb:
04:9b:4b:d8:f3:e1:42:e3:a5:db:f9:51:d4:91:e4:
96:1a:b2:2d:cf:d5:98:ea:8c:89:47:48:fd:f9:ea:
f3:ab:dc:09:1a:83:fc:5f:05:22:97:dd:46:2f:da:
7a:5c:b5:47:7b:1f:f4:1d:40:14:6f:f9:8a:4b:3c:
7e:5b:01:01:18:45:c6:44:d3:67:60:3e:20:f9:df:
10:ff:b4:e2:ff:eb:a1:52:10:7c:50:1e:f8:8e:f7:
22:f6:92:ae:43:35:8d:4f:e6:ab:05:47:b5:21:9e:
c1:e1:81:4c:5d:f7:4a:97:0e:b4:f1:41:e8:2a:2a:
e1:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:F1:DB:10:29:DA:9F:B9:9C:17:CA:A6:12:77:1B:E5:CE:71:A8:99
X509v3 Authority Key Identifier:
keyid:3B:A7:F6:C0:B9:E4:0A:55:E2:9C:F3:62:37:C7:89:98:FC:B1:EA:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6f2wLnkClXinPNiN8eJmPyx6uo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/5a2514-efec-499a-b00e-b726c1cac110/1/9vHbECnan7mcF8qmEncb5c5xqJk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/5a2514-efec-499a-b00e-b726c1cac110/1/O6f2wLnkClXinPNiN8eJmPyx6uo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.219.84.0/24
185.219.86.0/24
Signature Algorithm: sha256WithRSAEncryption
93:56:69:66:7c:44:6a:0a:e8:e5:29:6c:ff:82:b8:83:95:9e:
c3:f2:55:e9:aa:70:15:78:ac:26:c8:91:92:d7:3f:83:1f:10:
f3:00:b1:3a:57:bb:dd:54:af:8d:81:a6:2b:99:ba:59:2c:0b:
f3:85:ac:f6:ea:24:d7:c1:22:63:62:5a:f3:83:87:fa:e5:d9:
e5:62:4c:c1:1c:96:4d:87:9f:4a:f1:ae:01:af:65:cf:25:91:
d9:23:29:e8:15:6e:60:9d:73:f3:a7:f5:c6:92:de:a4:e7:4d:
06:fd:2d:ba:80:5c:41:03:6c:6a:66:fa:fb:75:9c:83:ed:62:
91:0e:2a:6a:56:20:73:e4:e5:ee:59:e0:9a:e7:c0:ba:93:13:
92:13:eb:2f:8f:fb:b5:7e:4e:93:d8:6d:04:ad:14:04:57:6e:
7b:62:3f:8d:c0:ea:90:b3:01:f5:dd:0d:6f:f8:80:7d:0a:df:
c9:4e:0f:5a:54:9a:68:b8:0a:20:1e:17:0a:20:f0:81:0b:97:
99:df:70:8e:7d:01:47:fb:3f:7f:8d:4b:83:fb:1b:37:36:8f:
54:61:59:31:65:6c:ef:a4:3a:e4:58:72:e7:04:21:b0:06:22:
d6:fc:86:4d:0a:28:41:fd:84:a6:ca:74:a3:3b:ca:75:63:ad:
16:1c:4f:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYcOUEu16HD0XcqaRPduTDVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTdmNmMwYjllNDBhNTVlMjljZjM2MjM3Yzc4OTk4ZmNi
MWVhZWEwHhcNMjMwMzIzMTE1MjM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmYxZGIxMDI5ZGE5ZmI5OWMxN2NhYTYxMjc3MWJlNWNlNzFhODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qwbYH1VVq8iOh8TSjPsVx3OQXrE
7Agju2Yk1yVVT/G7Cazh6rI2rgSDRgDsrC5n6MKjLUzcyLs2cTNUWhluyE4kyT6S
t9CHhJm61jsWLMrOlc5COwpK0JGFkRUeKG/11uuz5T2wL6lJuELOCz79u/N9X3X7
nzc7DcJT+4MIDM9jZruOT7sEm0vY8+FC46Xb+VHUkeSWGrItz9WY6oyJR0j9+erz
q9wJGoP8XwUil91GL9p6XLVHex/0HUAUb/mKSzx+WwEBGEXGRNNnYD4g+d8Q/7Ti
/+uhUhB8UB74jvci9pKuQzWNT+arBUe1IZ7B4YFMXfdKlw608UHoKirhRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbx2xAp2p+5nBfKphJ3G+XOcaiZMB8GA1UdIwQY
MBaAFDun9sC55ApV4pzzYjfHiZj8serqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZmMndMbmtDbFhpblBOaU44ZUptUHl4NnVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS81YTI1MTQtZWZlYy00OTlhLWIwMGUt
YjcyNmMxY2FjMTEwLzEvOXZIYkVDbmFuN21jRjhxbUVuY2I1YzV4cUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS81YTI1MTQtZWZlYy00OTlhLWIwMGUtYjcyNmMxY2FjMTEw
LzEvTzZmMndMbmtDbFhpblBOaU44ZUptUHl4NnVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudtUAwQA
udtWMA0GCSqGSIb3DQEBCwUAA4IBAQCTVmlmfERqCujlKWz/griDlZ7D8lXpqnAV
eKwmyJGS1z+DHxDzALE6V7vdVK+NgaYrmbpZLAvzhaz26iTXwSJjYlrzg4f65dnl
YkzBHJZNh59K8a4Br2XPJZHZIynoFW5gnXPzp/XGkt6k500G/S26gFxBA2xqZvr7
dZyD7WKRDipqViBz5OXuWeCa58C6kxOSE+svj/u1fk6T2G0ErRQEV257Yj+NwOqQ
swH13Q1v+IB9Ct/JTg9aVJpouAogHhcKIPCBC5eZ33COfQFH+z9/jUuD+xs3No9U
YVkxZWzvpDrkWHLnBCGwBiLW/IZNCihB/YSmynSjO8p1Y60WHE+n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:36 2024 by rpki-client on console-ams.rpki-client.org