Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/I5Nz0b3wKQqvPYlrV7PdhbgQhs0.roa
File: I5Nz0b3wKQqvPYlrV7PdhbgQhs0.roa (raw, json)
Hash identifier: RoRmravSXX/3xf9f3fh888xpvyx4kkXldF8unYXJ8vA=
Subject key identifier: 23:93:73:D1:BD:F0:29:0A:AF:3D:89:6B:57:B3:DD:85:B8:10:86:CD
Certificate issuer: /CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
Certificate serial: 01856D2F29231EA88091F97B824BFE6F6488
Authority key identifier: E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/I5Nz0b3wKQqvPYlrV7PdhbgQhs0.roa
Signing time: Sun 01 Jan 2023 11:54:45 +0000
ROA not before: Sun 01 Jan 2023 11:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202194
IP address blocks: 185.50.188.0/22 maxlen: 22
185.109.240.0/23 maxlen: 23
2a04:c000::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:29:23:1e:a8:80:91:f9:7b:82:4b:fe:6f:64:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
Validity
Not Before: Jan 1 11:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=239373d1bdf0290aaf3d896b57b3dd85b81086cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:73:c3:94:9a:3b:68:fd:d4:cc:69:f2:e3:91:
4e:6e:36:05:c6:63:97:cb:c9:b4:ef:a2:f6:93:42:
d0:84:da:37:8a:a7:03:e5:6d:e6:ee:ff:5e:a5:46:
06:bc:27:b9:5c:bc:c1:5e:77:0c:8f:11:20:2b:83:
9a:9d:51:e6:06:51:8e:0d:33:48:d0:a9:ba:1a:ea:
5b:a6:b0:37:c1:c9:a3:c0:6d:33:c6:b9:84:bf:a5:
12:24:17:24:8b:aa:e9:ce:66:61:a8:9f:a8:1d:af:
8e:1e:83:30:f9:97:87:f3:f1:dc:23:8d:51:67:ec:
a3:66:33:4a:b6:c1:6e:30:f8:6a:5a:c5:d5:1f:39:
31:f7:88:20:7f:0c:07:1d:ad:9c:e2:6b:34:f0:e0:
fa:9c:7f:d7:54:52:65:f2:af:55:ff:af:2d:8b:eb:
b2:b5:5c:3f:94:16:21:07:82:05:9d:13:c0:81:a7:
0e:4a:36:82:e9:d2:e0:0c:d9:99:08:e3:d9:df:91:
ab:af:78:29:76:da:52:94:c0:ce:96:ec:9f:a3:ed:
1b:7c:03:31:e6:b2:e5:11:8e:29:d5:a4:04:51:13:
77:9d:c1:a1:c9:96:31:bd:5f:18:b8:fe:4f:7e:c9:
4f:c5:2c:5b:34:f2:31:6d:61:01:31:0d:30:91:fd:
4e:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:93:73:D1:BD:F0:29:0A:AF:3D:89:6B:57:B3:DD:85:B8:10:86:CD
X509v3 Authority Key Identifier:
keyid:E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/I5Nz0b3wKQqvPYlrV7PdhbgQhs0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.50.188.0/22
185.109.240.0/23
IPv6:
2a04:c000::/29
Signature Algorithm: sha256WithRSAEncryption
78:9b:d7:90:1e:74:91:72:35:eb:b3:21:50:df:24:f8:da:ff:
e6:d9:d9:38:7e:b8:cb:b2:b4:60:70:02:72:23:8b:af:82:2d:
48:9c:20:d6:ec:21:46:c8:c9:7d:74:63:b8:5b:29:21:1a:17:
f4:c4:59:c4:3f:96:a8:75:51:7f:d4:c2:1e:07:21:c6:66:d8:
53:3c:21:ef:5b:c4:83:f6:55:10:0a:42:b2:eb:bc:38:c4:b3:
95:a4:9f:57:cd:94:39:5f:37:66:53:dd:9c:e8:2e:cf:89:02:
e5:9c:c4:83:14:2b:fb:80:0e:bb:2b:bd:51:2e:94:15:dc:69:
08:d0:93:b7:05:0e:e2:20:49:bb:e5:27:f6:d9:f2:78:89:71:
87:64:66:fd:22:e9:d0:f0:51:67:94:ef:c3:48:d3:a2:4e:2b:
1e:31:ba:52:df:85:82:e6:e3:2d:0c:e2:4b:1a:39:4a:06:3f:
aa:a3:07:59:78:f9:99:d5:66:ac:71:d0:5d:d8:97:63:40:ce:
aa:f7:02:fa:f7:4e:bc:59:ae:dc:4a:46:89:e3:1a:70:a0:7d:
13:35:a8:2f:c2:76:f6:45:a4:56:9d:cc:90:12:8d:f7:97:bf:
d5:26:7b:46:a4:09:bd:63:91:ba:f7:1c:be:9e:0a:c9:f3:ec:
2c:68:a4:83
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtLykjHqiAkfl7gkv+b2SIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NzUyMWU3YjZiMzhhYmZiODhiZjcxZTliYzVhMDJiMmVj
Y2QzYjMwHhcNMjMwMTAxMTE1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzkzNzNkMWJkZjAyOTBhYWYzZDg5NmI1N2IzZGQ4NWI4MTA4NmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33PDlJo7aP3UzGny45FObjYFxmOX
y8m076L2k0LQhNo3iqcD5W3m7v9epUYGvCe5XLzBXncMjxEgK4OanVHmBlGODTNI
0Km6GupbprA3wcmjwG0zxrmEv6USJBcki6rpzmZhqJ+oHa+OHoMw+ZeH8/HcI41R
Z+yjZjNKtsFuMPhqWsXVHzkx94ggfwwHHa2c4ms08OD6nH/XVFJl8q9V/68ti+uy
tVw/lBYhB4IFnRPAgacOSjaC6dLgDNmZCOPZ35Grr3gpdtpSlMDOluyfo+0bfAMx
5rLlEY4p1aQEURN3ncGhyZYxvV8YuP5PfslPxSxbNPIxbWEBMQ0wkf1OdQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCOTc9G98CkKrz2Ja1ez3YW4EIbNMB8GA1UdIwQY
MBaAFOR1Iee2s4q/uIv3HpvFoCsuzNOzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYt
ODM2MWE4MzAzNTIyLzEvSTVOejBiM3dLUXF2UFlsclY3UGRoYmdRaHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYtODM2MWE4MzAzNTIy
LzEvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuTK8AwQB
uW3wMA0EAgACMAcDBQMqBMAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4m9eQHnSRcjXr
syFQ3yT42v/m2dk4frjLsrRgcAJyI4uvgi1InCDW7CFGyMl9dGO4WykhGhf0xFnE
P5aodVF/1MIeByHGZthTPCHvW8SD9lUQCkKy67w4xLOVpJ9XzZQ5XzdmU92c6C7P
iQLlnMSDFCv7gA67K71RLpQV3GkI0JO3BQ7iIEm75Sf22fJ4iXGHZGb9IunQ8FFn
lO/DSNOiTiseMbpS34WC5uMtDOJLGjlKBj+qowdZePmZ1WascdBd2JdjQM6q9wL6
9068Wa7cSkaJ4xpwoH0TNagvwnb2RaRWncyQEo33l7/VJntGpAm9Y5G69xy+ngrJ
8+wsaKSD
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:31:01 2025 by rpki-client