Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/5bfa91-b9cf-4460-b124-a647a4aedea7/1/7YLUkqRWXjPJmMkCxQmWLNw10Yc.roa
File: 7YLUkqRWXjPJmMkCxQmWLNw10Yc.roa (raw, json)
Hash identifier: 3V6ifWS0TKlqrCvlmF7ELtE4Ac0/emxSiGh7A/qEIjY=
Subject key identifier: ED:82:D4:92:A4:56:5E:33:C9:98:C9:02:C5:09:96:2C:DC:35:D1:87
Certificate issuer: /CN=871d9b1821c0a9d1622bdddf9ec0c918e92a437e
Certificate serial: 01856C0101E65E266FA3C76C51C1BCE5F84C
Authority key identifier: 87:1D:9B:18:21:C0:A9:D1:62:2B:DD:DF:9E:C0:C9:18:E9:2A:43:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hx2bGCHAqdFiK93fnsDJGOkqQ34.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/5bfa91-b9cf-4460-b124-a647a4aedea7/1/7YLUkqRWXjPJmMkCxQmWLNw10Yc.roa
Signing time: Sun 01 Jan 2023 06:24:43 +0000
ROA not before: Sun 01 Jan 2023 06:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204119
IP address blocks: 193.151.4.0/22 maxlen: 22
193.22.164.0/24 maxlen: 24
193.238.104.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:01:01:e6:5e:26:6f:a3:c7:6c:51:c1:bc:e5:f8:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=871d9b1821c0a9d1622bdddf9ec0c918e92a437e
Validity
Not Before: Jan 1 06:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ed82d492a4565e33c998c902c509962cdc35d187
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fb:1a:69:68:31:b8:9d:82:14:ef:78:0c:3b:
75:df:e4:30:50:72:a2:62:aa:e4:52:f6:1f:d3:33:
6d:fe:71:49:d0:68:71:1e:cc:5c:86:ba:83:91:46:
2d:ea:e5:17:bc:fb:1f:45:be:1a:53:31:14:f3:5e:
23:ee:12:5e:93:82:73:b4:d8:72:25:5b:c7:82:eb:
90:f3:e6:ee:af:91:7c:5c:ea:19:a7:48:f3:93:7e:
3a:ee:21:32:9c:e8:b0:43:b6:7c:0d:dd:1d:3e:cc:
9c:ec:9a:86:55:24:80:73:fa:b4:82:1c:69:21:37:
e3:46:ad:8e:ee:66:11:ca:47:fb:9a:81:ab:47:cc:
64:a3:7d:54:05:6a:45:62:d2:5f:71:87:cb:4f:82:
bb:bc:7d:4f:bb:2d:c9:6b:e9:6e:28:6e:bb:76:2e:
fc:c2:a5:e1:6e:51:54:e7:ee:9a:8a:4a:56:71:10:
57:53:17:de:84:09:97:88:c4:da:bd:44:bb:1e:62:
a2:28:40:72:08:26:6e:82:4a:a3:b1:2a:7d:9b:7e:
17:41:f1:e0:2a:f1:26:c8:65:15:3a:ed:41:f1:d6:
cb:54:28:90:92:93:92:dd:7e:2e:10:dc:4f:0b:6f:
fb:32:15:51:2f:7d:42:10:fc:40:97:5d:e1:2e:67:
ac:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:82:D4:92:A4:56:5E:33:C9:98:C9:02:C5:09:96:2C:DC:35:D1:87
X509v3 Authority Key Identifier:
keyid:87:1D:9B:18:21:C0:A9:D1:62:2B:DD:DF:9E:C0:C9:18:E9:2A:43:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hx2bGCHAqdFiK93fnsDJGOkqQ34.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5bfa91-b9cf-4460-b124-a647a4aedea7/1/7YLUkqRWXjPJmMkCxQmWLNw10Yc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5bfa91-b9cf-4460-b124-a647a4aedea7/1/hx2bGCHAqdFiK93fnsDJGOkqQ34.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.22.164.0/24
193.151.4.0/22
193.238.104.0/22
Signature Algorithm: sha256WithRSAEncryption
3d:28:69:95:79:a7:5e:fd:d8:e2:6d:04:e8:1e:64:fe:1b:d6:
6d:bf:12:de:9b:d1:5b:fc:a6:b7:61:03:98:e7:fe:6e:24:68:
a4:6e:3c:47:ed:3a:92:68:5f:c3:67:4b:8e:67:bc:44:c7:a5:
e9:d0:0b:b6:b0:06:56:34:f5:d5:3f:33:84:d4:1b:69:db:10:
05:9a:88:95:10:63:91:1d:52:10:58:67:9d:d8:5a:a7:5b:eb:
b1:f8:e9:0b:84:cd:b6:7a:44:96:1f:b4:5e:b5:37:82:8a:b6:
ec:c6:8c:19:4a:e6:80:76:ab:db:ef:f1:f7:3d:71:0f:3d:ba:
bc:a6:fa:bc:ae:3e:dd:12:16:c0:40:b7:9c:0a:a7:01:7f:5b:
39:f8:02:ce:06:15:c2:b2:79:19:df:06:82:dd:1a:53:20:d3:
56:f2:f0:44:b1:64:47:9c:18:3c:90:97:ef:c2:6f:5e:db:03:
22:30:42:d5:d5:b6:ba:2f:7b:47:31:42:e3:f4:be:21:c2:87:
89:f3:52:9b:5d:19:72:1d:b3:2e:dc:b1:9f:50:01:5a:f0:66:
a1:3e:55:d7:a9:0d:2e:8e:6d:f1:71:bc:65:da:23:57:c5:6a:
d4:cb:17:4a:52:bd:ed:ad:31:e4:e9:c1:63:14:09:0f:71:e2:
e6:17:e9:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVsAQHmXiZvo8dsUcG85fhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MWQ5YjE4MjFjMGE5ZDE2MjJiZGRkZjllYzBjOTE4ZTky
YTQzN2UwHhcNMjMwMTAxMDYyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDgyZDQ5MmE0NTY1ZTMzYzk5OGM5MDJjNTA5OTYyY2RjMzVkMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfsaaWgxuJ2CFO94DDt13+QwUHKi
YqrkUvYf0zNt/nFJ0GhxHsxchrqDkUYt6uUXvPsfRb4aUzEU814j7hJek4JztNhy
JVvHguuQ8+bur5F8XOoZp0jzk3467iEynOiwQ7Z8Dd0dPsyc7JqGVSSAc/q0ghxp
ITfjRq2O7mYRykf7moGrR8xko31UBWpFYtJfcYfLT4K7vH1Puy3Ja+luKG67di78
wqXhblFU5+6aikpWcRBXUxfehAmXiMTavUS7HmKiKEByCCZugkqjsSp9m34XQfHg
KvEmyGUVOu1B8dbLVCiQkpOS3X4uENxPC2/7MhVRL31CEPxAl13hLmesAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO2C1JKkVl4zyZjJAsUJlizcNdGHMB8GA1UdIwQY
MBaAFIcdmxghwKnRYivd357AyRjpKkN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHgyYkdDSEFxZEZpSzkzZm5zREpHT2txUTM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy81YmZhOTEtYjljZi00NDYwLWIxMjQt
YTY0N2E0YWVkZWE3LzEvN1lMVWtxUldYalBKbU1rQ3hRbVdMTncxMFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy81YmZhOTEtYjljZi00NDYwLWIxMjQtYTY0N2E0YWVkZWE3
LzEvaHgyYkdDSEFxZEZpSzkzZm5zREpHT2txUTM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwRakAwQC
wZcEAwQCwe5oMA0GCSqGSIb3DQEBCwUAA4IBAQA9KGmVeade/djibQToHmT+G9Zt
vxLem9Fb/Ka3YQOY5/5uJGikbjxH7TqSaF/DZ0uOZ7xEx6Xp0Au2sAZWNPXVPzOE
1Btp2xAFmoiVEGORHVIQWGed2FqnW+ux+OkLhM22ekSWH7RetTeCirbsxowZSuaA
dqvb7/H3PXEPPbq8pvq8rj7dEhbAQLecCqcBf1s5+ALOBhXCsnkZ3waC3RpTINNW
8vBEsWRHnBg8kJfvwm9e2wMiMELV1ba6L3tHMULj9L4hwoeJ81KbXRlyHbMu3LGf
UAFa8GahPlXXqQ0ujm3xcbxl2iNXxWrUyxdKUr3trTHk6cFjFAkPceLmF+lp
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:13 2023 by rpki-client on console.sobornost.net