Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Ros4-zSbtwpSXHTTprp8GcWwSyM.roa
File: Ros4-zSbtwpSXHTTprp8GcWwSyM.roa (raw, json)
Hash identifier: NGDNdtdhzzM6VlOv13jxtJn32C6kiYcn0TdSC+aVj/g=
Subject key identifier: 46:8B:38:FB:34:9B:B7:0A:52:5C:74:D3:A6:BA:7C:19:C5:B0:4B:23
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 019110919FDB091D1D86CED6FA95C275DD9B
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Ros4-zSbtwpSXHTTprp8GcWwSyM.roa
Signing time: Fri 02 Aug 2024 00:51:04 +0000
ROA not before: Fri 02 Aug 2024 00:51:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3320
IP address blocks: 5.35.192.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
89.39.172.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:10:91:9f:db:09:1d:1d:86:ce:d6:fa:95:c2:75:dd:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Aug 2 00:51:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=468b38fb349bb70a525c74d3a6ba7c19c5b04b23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:83:63:e6:94:01:4d:07:b9:4b:46:ec:08:45:
36:4b:28:94:5a:31:60:93:16:e5:f8:12:57:9d:3d:
3b:d5:a3:67:8a:76:c9:9d:0e:2d:bf:0b:d2:cd:3c:
01:ce:4a:59:f3:4b:ab:50:b0:9e:a7:b1:d1:ec:b4:
d6:b7:11:0e:0f:e3:32:49:7b:49:70:eb:72:e8:c1:
89:0b:c7:b5:6e:17:07:6d:80:7f:9d:10:11:a7:59:
df:af:71:c8:84:c4:b9:fa:d0:fd:91:ab:3c:d7:03:
bd:f2:b3:15:30:37:ad:a9:8b:b7:b5:64:30:c5:d9:
59:af:49:b5:dd:15:85:dd:3d:c8:e4:20:13:84:5b:
1d:fe:5e:d4:37:11:59:8e:f7:b8:e0:6a:0f:c8:22:
08:19:2e:35:38:ad:12:8f:61:33:58:b7:3b:2e:6f:
77:2e:6a:04:fd:9c:d5:e6:3f:7d:7c:51:70:62:dd:
cf:10:c2:99:57:79:60:c7:b8:5d:15:4d:83:7d:45:
de:46:74:d6:fb:21:e0:d0:0b:c6:e7:0b:6f:bd:0a:
13:e2:49:66:12:e6:46:48:d5:8b:8e:7d:fc:e3:37:
2f:82:ac:78:78:24:2e:08:4e:73:61:7a:30:21:d6:
62:5a:d6:0e:06:69:4c:56:77:d9:16:d0:ed:0d:b7:
22:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:8B:38:FB:34:9B:B7:0A:52:5C:74:D3:A6:BA:7C:19:C5:B0:4B:23
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Ros4-zSbtwpSXHTTprp8GcWwSyM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
85.204.160.0/22
89.39.172.0/23
Signature Algorithm: sha256WithRSAEncryption
01:a3:6f:f1:74:f9:1e:66:5a:19:64:78:71:10:5a:00:3a:82:
d1:ce:2f:65:4e:64:8d:dc:7a:19:67:b2:88:1e:da:71:fd:b9:
1c:66:05:b2:35:00:ce:87:34:cf:8a:1f:48:37:93:3c:0f:10:
3a:11:c7:54:df:03:4c:dd:55:5e:2d:15:eb:f4:ae:c7:90:df:
78:45:77:0f:55:cd:21:4d:55:44:c6:44:48:6c:a6:7e:44:15:
5e:bb:cf:69:e1:17:ae:a9:c4:cc:89:cc:11:ca:1b:89:b0:2f:
37:56:80:70:25:3a:fe:a7:cc:71:83:f1:81:63:e0:b8:36:cd:
e2:76:99:23:4b:2c:ff:dd:c1:36:68:d3:a4:18:20:65:b2:8d:
ef:d2:a7:0c:b4:16:eb:7c:ca:53:dc:9d:2b:2c:fe:4a:5f:db:
b7:d8:4b:f7:99:32:80:a9:09:c6:2c:2d:c3:84:3c:c1:58:f7:
8a:04:73:88:0f:99:64:af:ae:ab:c7:50:99:03:ab:de:35:2e:
96:52:97:67:73:f1:d0:dd:f9:e2:a9:6d:b2:3b:f6:76:d9:40:
b6:2f:65:47:ed:6b:4c:36:6c:9e:93:84:c4:1c:7e:10:fc:be:
f5:22:64:b1:45:dd:41:1a:8e:3b:ab:6f:23:58:d5:2a:cd:59:
81:1c:75:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEQkZ/bCR0dhs7W+pXCdd2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwODAyMDA1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhiMzhmYjM0OWJiNzBhNTI1Yzc0ZDNhNmJhN2MxOWM1YjA0YjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2INj5pQBTQe5S0bsCEU2SyiUWjFg
kxbl+BJXnT071aNninbJnQ4tvwvSzTwBzkpZ80urULCep7HR7LTWtxEOD+MySXtJ
cOty6MGJC8e1bhcHbYB/nRARp1nfr3HIhMS5+tD9kas81wO98rMVMDetqYu3tWQw
xdlZr0m13RWF3T3I5CAThFsd/l7UNxFZjve44GoPyCIIGS41OK0Sj2EzWLc7Lm93
LmoE/ZzV5j99fFFwYt3PEMKZV3lgx7hdFU2DfUXeRnTW+yHg0AvG5wtvvQoT4klm
EuZGSNWLjn384zcvgqx4eCQuCE5zYXowIdZiWtYOBmlMVnfZFtDtDbcipwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEaLOPs0m7cKUlx006a6fBnFsEsjMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvUm9zNC16U2J0d3BTWEhUVHBycDhHY1d3U3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBSPAAwQC
VcygAwQBWSesMA0GCSqGSIb3DQEBCwUAA4IBAQABo2/xdPkeZloZZHhxEFoAOoLR
zi9lTmSN3HoZZ7KIHtpx/bkcZgWyNQDOhzTPih9IN5M8DxA6EcdU3wNM3VVeLRXr
9K7HkN94RXcPVc0hTVVExkRIbKZ+RBVeu89p4ReuqcTMicwRyhuJsC83VoBwJTr+
p8xxg/GBY+C4Ns3idpkjSyz/3cE2aNOkGCBlso3v0qcMtBbrfMpT3J0rLP5KX9u3
2Ev3mTKAqQnGLC3DhDzBWPeKBHOID5lkr66rx1CZA6veNS6WUpdnc/HQ3fniqW2y
O/Z22UC2L2VH7WtMNmyek4TEHH4Q/L71ImSxRd1BGo47q28jWNUqzVmBHHXI
-----END CERTIFICATE-----
Generated at Fri Aug 2 12:40:41 2024 by rpki-client on console-ams.rpki-client.org