Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/uaQgX_2FqLypF9vAsKjAMauX61s.roa
File: uaQgX_2FqLypF9vAsKjAMauX61s.roa (raw, json)
Hash identifier: rEdIAS5sJoTrkLn21J/A1v1bplGMLyaN8xBr7co0uAk=
Subject key identifier: B9:A4:20:5F:FD:85:A8:BC:A9:17:DB:C0:B0:A8:C0:31:AB:97:EB:5B
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0188FF8CC8D70B4C1E3C31887B329FDEFB0E
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/uaQgX_2FqLypF9vAsKjAMauX61s.roa
Signing time: Wed 28 Jun 2023 01:09:56 +0000
ROA not before: Wed 28 Jun 2023 01:09:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211936
IP address blocks: 85.204.148.0/22 maxlen: 24
85.204.160.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ff:8c:c8:d7:0b:4c:1e:3c:31:88:7b:32:9f:de:fb:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jun 28 01:09:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b9a4205ffd85a8bca917dbc0b0a8c031ab97eb5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:41:90:20:89:fb:51:b4:f8:25:e4:9e:7b:6d:
da:f9:83:aa:d8:74:ff:10:ff:39:f6:4d:95:b7:e6:
0e:a6:15:fc:cb:b8:f4:bc:30:ab:0b:6d:bc:0e:95:
cd:bb:cc:0e:9a:0f:c9:bb:69:d0:29:7b:ab:f3:53:
c0:f1:68:5a:89:2d:a2:d1:68:0f:5f:c8:dd:a5:e5:
f9:66:2b:57:da:f1:64:5a:f4:35:ee:97:2c:b3:b0:
3f:0e:71:6d:99:e8:1f:23:e6:65:94:15:59:85:3d:
8e:ea:5f:eb:45:d6:0c:f9:11:9b:18:e0:b8:39:1f:
49:08:e7:e9:08:48:60:7b:c9:68:ff:f6:98:87:15:
3e:87:8f:ee:c4:b2:7b:ac:ae:b8:90:21:59:97:7a:
2c:d3:68:10:a3:86:9f:12:cc:c5:74:86:85:da:85:
38:e3:76:eb:42:e5:ec:a7:49:f3:12:ee:be:40:37:
67:22:c8:33:e7:f7:c3:51:04:6c:d7:02:dd:00:6e:
11:c4:06:8c:30:e4:43:5c:75:66:c9:08:52:6c:df:
0a:5a:ac:f3:41:40:01:10:1c:b1:fa:97:3e:8e:0c:
92:45:06:87:39:b8:91:67:66:5c:ae:36:78:87:73:
10:d9:ea:99:7d:91:d6:2a:03:25:02:04:c4:c7:93:
50:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:A4:20:5F:FD:85:A8:BC:A9:17:DB:C0:B0:A8:C0:31:AB:97:EB:5B
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/uaQgX_2FqLypF9vAsKjAMauX61s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.148.0/22
85.204.160.0/22
Signature Algorithm: sha256WithRSAEncryption
18:b9:55:db:fd:60:37:04:66:6e:cc:bc:c2:26:b7:2d:c5:a2:
f8:7e:34:0e:78:3b:08:b3:59:d5:25:05:ec:97:6a:63:d5:62:
cc:ac:fa:9b:2b:c4:6a:72:ae:cd:d2:e7:40:d8:49:7e:8f:52:
e2:9b:41:b9:e2:bc:3a:0f:d0:8a:ed:02:f5:c6:92:9f:87:17:
37:56:97:a5:a0:d0:77:e5:8b:07:b3:dd:7a:7a:fd:37:35:6d:
24:ff:28:a8:10:3a:b4:bf:e2:27:09:9f:e6:a2:c4:69:1e:c6:
8d:9a:e0:21:83:49:6a:0c:ac:eb:96:2b:0d:a9:a6:a1:27:fd:
a4:67:87:2a:e0:6a:f7:6d:77:e7:81:bb:78:14:88:36:b7:8a:
e2:05:8e:69:1d:82:61:ea:66:b5:44:b0:db:66:1f:58:f9:cc:
6b:eb:5e:6e:0b:14:51:b0:d2:02:64:a9:0e:be:27:db:55:1b:
33:03:c6:6e:57:62:6f:95:24:88:8c:d5:01:f7:1d:51:ae:09:
cd:83:2c:3b:27:71:bb:67:d1:80:92:6c:4b:dc:41:9b:b1:7c:
96:39:13:b0:f9:03:c3:ca:ab:86:d4:2e:5a:b1:7f:fe:79:1c:
ad:44:f4:83:23:a5:0a:75:56:74:0e:71:21:49:20:ce:09:b3:
6a:af:12:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYj/jMjXC0wePDGIezKf3vsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNjI4MDEwOTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWE0MjA1ZmZkODVhOGJjYTkxN2RiYzBiMGE4YzAzMWFiOTdlYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7kGQIIn7UbT4JeSee23a+YOq2HT/
EP859k2Vt+YOphX8y7j0vDCrC228DpXNu8wOmg/Ju2nQKXur81PA8WhaiS2i0WgP
X8jdpeX5ZitX2vFkWvQ17pcss7A/DnFtmegfI+ZllBVZhT2O6l/rRdYM+RGbGOC4
OR9JCOfpCEhge8lo//aYhxU+h4/uxLJ7rK64kCFZl3os02gQo4afEszFdIaF2oU4
43brQuXsp0nzEu6+QDdnIsgz5/fDUQRs1wLdAG4RxAaMMORDXHVmyQhSbN8KWqzz
QUABEByx+pc+jgySRQaHObiRZ2ZcrjZ4h3MQ2eqZfZHWKgMlAgTEx5NQXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLmkIF/9hai8qRfbwLCowDGrl+tbMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvdWFRZ1hfMkZxTHlwRjl2QXNLakFNYXVYNjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVcyUAwQC
VcygMA0GCSqGSIb3DQEBCwUAA4IBAQAYuVXb/WA3BGZuzLzCJrctxaL4fjQOeDsI
s1nVJQXsl2pj1WLMrPqbK8Rqcq7N0udA2El+j1Lim0G54rw6D9CK7QL1xpKfhxc3
VpeloNB35YsHs916ev03NW0k/yioEDq0v+InCZ/mosRpHsaNmuAhg0lqDKzrlisN
qaahJ/2kZ4cq4Gr3bXfngbt4FIg2t4riBY5pHYJh6ma1RLDbZh9Y+cxr615uCxRR
sNICZKkOvifbVRszA8ZuV2JvlSSIjNUB9x1RrgnNgyw7J3G7Z9GAkmxL3EGbsXyW
OROw+QPDyquG1C5asX/+eRytRPSDI6UKdVZ0DnEhSSDOCbNqrxLK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org